Reputation: 132
Consume an OAuth-secured REST webservice using Spring oauth2
I want to consume a REST webservice from a server which protects his resources using oauth2.
I use Spring boot (JHipster).
To do this i have in SecurityConfiguration class this :
@Value("${oauth.resource:http://sercverUsingOAuth2}")
private String baseUrl;
@Value("${oauth.authorize:http://sercverUsingOAuth2/rest/oauth/token}")
private String authorizeUrl;
@Value("${oauth.token:http://sercverUsingOAuth2/rest/oauth/token}")
private String tokenUrl;
@Bean
public OAuth2RestOperations oauth2RestTemplate() {
AccessTokenRequest atr = new DefaultAccessTokenRequest();
return new OAuth2RestTemplate(resource(),
new DefaultOAuth2ClientContext(atr));
}
@Bean
protected OAuth2ProtectedResourceDetails resource() {
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
resource.setAccessTokenUri(tokenUrl);
resource.setUserAuthorizationUri(authorizeUrl);
resource.setClientId("client_id");
resource.setClientSecret("client_secret");
resource.setGrantType("grant_type");
return resource;
}
This class (SecurityConfiguration) is annoted using :
@Configuration
@EnableWebSecurity
@EnableOAuth2Client
And this is my controller (Spring MVC) :
@RestController
@RequestMapping("/consume")
public class MyContrtoller {
@Inject
private OAuth2RestOperations oauth2RestTemplate;
@RequestMapping(value = "/oauth2", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
public List<DataModel> getProducts() {
ResponseEntity<MyModel> forEntity = oauth2RestTemplate
.getForEntity("http://sercverUsingOAuth2/rest/resourceToConsume",
MyModel.class);
return forEntity.getBody().getData();
}
}
However when i want to consume my webservice (http://myHost/consume/oauth2) i get this Exception :
org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException:
Unable to obtain a new access token for resource 'null'. The provider manager
is not configured to support it.
I have googled and i found this :
But it doesn't help me.
Thanks.
Upvotes: 6
Views: 13885
Answers (1)
Reputation: 3880
You are using the same URL for the authorization url and the token url. That was my first clue, then I saw your comments.
Even though you are changing the grant type, you are still using "AuthorizationCodeResourceDetails" when you should be using "ClientCredentialsResourceDetails" instead. This type of ResourceDetails is meant to be used for the case you are explaining.
ClientCredentialsResourceDetails resource = new ClientCredentialsResourceDetails();
resource.setAccessTokenUri(TOKEN_URL);
resource.setClientId(CLIENT_ID);
resource.setClientSecret(CLIENT_SECRET);
resource.setClientAuthenticationScheme(AuthenticationScheme.form); //This line isn't always needed
return resource;
Upvotes: 5
Related Questions
- Spring RESTful web service auth
- Spring Boot: Calling an OAuth2 protected REST service
- Spring. Implementation Oauth.2.0 for REST API
- Spring boot Client to invoke REST API secured by OAuth2
- Spring Boot Secured Rest API
- Jhipster get user oauth
- Java Spring (Maven) REST API using OAuth2
- Getting oauth2 to work with spring-boot and rest
- OAuth2 with Spring MVC rest APIs
- Spring Boot Rest service with oAuth2 Security credentials from database