Reputation: 1867
Issue in securing Spring REST service With OAuth2 in Spring Boot
I have been trying to secure my spring rest webs service by implementing OAuth2 in my application. I have been following this tutorial for implementing it.
I have implemented it similarly but for some reason when I hit /oauth/token URL with the postman, it does not return me token.
Here are my main code for files:
1.AuthorizacionServerConfiguration.java
@Configuration
@EnableAuthorizationServer
public class AuthorizacionServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Autowired
private TokenStore tokenStore;
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("User")
.authorizedGrantTypes(new String[] { "password" }).authorities(new String[] { "ROLE_CLIENT", "ROLE_TRUSTED_CLIENT", "USER" }).accessTokenValiditySeconds(120)
.scopes(new String[] { "read" }).autoApprove(true)
.secret(passwordEncoder().encode("12345"));
}
public PasswordEncoder passwordEncoder() {
return (PasswordEncoder)new BCryptPasswordEncoder();
}
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authenticationManager(this.authenticationManager)
.tokenStore(this.tokenStore);
}
@Bean
public TokenStore tokenStore() {
return (TokenStore)new InMemoryTokenStore();
}
}
2.ResourceServerConfiguration.java
@EnableResourceServer
@RestController
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@SuppressWarnings("rawtypes")
public void configure(HttpSecurity http) throws Exception {
((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl)http.authorizeRequests()
.antMatchers(new String[] { "/api/v1/**","/oauth/token", "/oauth/authorize **"
})).permitAll();
}
}
3.WebSecurityConfiguration.java
@EnableWebSecurity
class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Bean
@Override
public UserDetailsService userDetailsService() {
UserDetails user = User.builder().username("user1").password(passwordEncoder().encode("pass1")).roles(new String[] { "USER" }).build();
return (UserDetailsService)new InMemoryUserDetailsManager(new UserDetails[] { user });
}
@Bean
public PasswordEncoder passwordEncoder() {
return (PasswordEncoder)new BCryptPasswordEncoder();
}
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
when I am trying to hit it with the postman. I get an unauthorized request message instead of an OAuth token. Please see the following screenshots:
Upvotes: 0
Views: 197
Answers (1)
Reputation: 5893
I've copied this line-for-line with what you have into a new project and everything is working as expected, with exactly what you have here. My suggestion would be to check your dependencies. I have it working with spring boot, spring-boot-starter-oauth2-client, spring-boot-starter-oauth2-resource-server, spring-boot-starter-security, and spring-boot-starter-web all at version 2.3.5.RELEASE.
Upvotes: 2
Related Questions
- Spring Boot 2.0.0 + OAuth2
- OAuth2 With Spring Boot Unauthorized (401) Response
- Spring. Implementation Oauth.2.0 for REST API
- Spring boot Client to invoke REST API secured by OAuth2
- Spring Security OAuth2 get Access Denied on REST Service
- Spring Boot + REST API + OAuth2 - How do I solve Full authentication required error
- Authorization Server
- Getting oauth2 to work with spring-boot and rest
- Configuring OAuth 2 in Java Spring Boot
- OAuth2 with Spring MVC rest APIs