geraktOfRivia
Reputation: 345
Why springboot always return 401 when I try to use the resfresh token?
I'm trying to figurate out why always I get a 401 status when I tray to use the refresh token in my springboot API.
This is the request in postman:
But the auth endpoind works without problems
And I don't have any idea why it is going on.
This is my security set up for the endpoinds.
package com.bolsadeideas.apirest.auth;
import java.util.Arrays;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
// configuracion centralizada de la seguridad de las rutas
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers(HttpMethod.GET, "/api/clientes", "/api/clientes/page/**", "/api/uploads/img/**", "/images/**","/oauth/**").permitAll()
.antMatchers(HttpMethod.POST, "/oauth/**").permitAll()
.antMatchers(HttpMethod.GET, "/api/clientes/{id}").hasAnyRole("USER", "ADMIN")
.antMatchers(HttpMethod.POST, "/api/clientes/upload").hasAnyRole("USER", "ADMIN")
.antMatchers(HttpMethod.POST, "/api/clientes").hasRole("ADMIN")
.antMatchers("/api/clientes/**").hasRole("ADMIN")
.anyRequest().authenticated()
.and().cors().configurationSource(corsConfigurationSource());
}
// PASO 1 crear en bean (metodo inyectable) de la configuracion del cors
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration config = new CorsConfiguration();
config.setAllowedOrigins(Arrays.asList("http://localhost:4200"));
config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
config.setAllowCredentials(true);
config.setAllowedHeaders(Arrays.asList("Content-Type", "Authorization"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", config);
return source;
}
// PASO 2 registra esta configuracion y la pasa a los interceptores del spring security
@Bean
public FilterRegistrationBean<CorsFilter> corsFilter(){
FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<CorsFilter>(new CorsFilter(corsConfigurationSource()));
bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
return bean;
}
}
As you can see I've added the route .antMatchers(HttpMethod.POST, "/oauth/**").permitAll() but it still doesn't work.
This is the whole project ( is a edu ´project)
Upvotes: 0
Views: 933
Answers (1)
Gerardo Guevara
Reputation: 303
You forget to use the store, so your are not storing the refresh token and thats tha why you are not able to get it and in postman don't forget to add Authentication basic.
Upvotes: 1
Related Questions
- Refresh token is not returned in oauth/token response of spring
- OAuth2-SpringBoot - Refresh token
- Refresh OAuth Token in Spring boot OAuth2RestOperations
- refresh token is null using Spring Security OAuth2
- No AuthenticationProvider found on refresh token - Spring OAuth2 java config
- Spring Boot OAuth doesn't return a refresh token for clients
- Spring Boot Oauth2 Refresh Token - IllegalStateException
- Refresh token not present in response
- Spring OAuth2 asking for password when sending refresh token
- Spring OAuth2 not giving refresh token