Reputation: 129
Oauth2 security configuration antmatchers request filtering not working as expected
I am working on a simple spring boot project along with spring security oauth2 to use google authentication for a specified endpoint which is /google/login.
With following security configurations everything is working perfectly.
@Configuration
public class SecurityConfigure extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http
.requestMatchers().antMatchers("/**")
.and()
.authorizeRequests().antMatchers("/ldap/login").permitAll()
.anyRequest().fullyAuthenticated()
.and()
.oauth2Login();
}
}
But I need to specify only /google/login endpoint to authenticate with oauth2. Therefore I specified it like this.
@Configuration
public class SecurityConfigure extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http
.requestMatchers().antMatchers("/google/**")
.and()
.authorizeRequests().antMatchers("/ldap/**").permitAll()
.anyRequest().fullyAuthenticated()
.and()
.oauth2Login();
}
}
with this security configuration http://localhost:8080/google/login endpoint call redirects to another endpoint called http://localhost:8081/oauth2/authorization/google which is I haven't defined.
Please help me to overcome this problem. Thank you.
Upvotes: 0
Views: 1058
Answers (1)
Reputation: 129
This configuration works for me. I had to allow all endpoints that were redirecting while Google's authentication process was running.
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.requestMatchers().antMatchers("/google/**","/oauth2/authorization/google","/login/oauth2/code/google")
.and()
.authorizeRequests().antMatchers("/ldap/**").permitAll()
.anyRequest().fullyAuthenticated()
.and()
.oauth2Login();
}
Upvotes: 1
Related Questions
- Spring security oauth2 - add filter after oauth/token call
- Configure antMatchers with oauth2ResourceServer
- Add filter before OAuth2AuthenticationProcessingFilter
- Spring Boot OAuth2 with custom security filter
- Spring OAuth Filter Chain & Java Config
- OAuth2LoginAuthenticationFilter Spring Security
- Spring boot Oauth 2 configuration cause to 401 even with the permitall antMatchers
- Spring Security OAuth2 Protected Resource not actually protected... Filters Not Working?
- Can not get Spring OAuth SSO filter to trigger
- Basic Authentication Filter and authentication entry point not actually used from spring oauth2 token request