Reputation: 13
Spring Boot 3.1.3 MultiTenancy + Authorization Server with Client_credentials how to authenticate users?
Currently I am migrating the microservice from Spring Boot 2.7.* to Spring Boot 3.1.3, but for some reason the user credentials that I am passing as x-www-form-urlencoded values are not being picked up. UserDetails are not being loaded in the context, I need them loaded so I can modify the JWT token.
AuthorizationServer.java
@Configuration
@EnableWebSecurity
public class AuthorizationServer {
@Bean
public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) {
return new JdbcRegisteredClientRepository(jdbcTemplate);
}
@Bean
public AuthorizationServerSettings authorizationServerSettings() {
return AuthorizationServerSettings.builder().build();
}
@Bean
SecurityFilterChain authServerSecurityFilterChain(HttpSecurity http) throws Exception {
OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
new OAuth2AuthorizationServerConfigurer();
http.authorizeHttpRequests(authorize ->
authorize.anyRequest().authenticated()
)
.sessionManagement(session -> session
.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.csrf(CsrfConfigurer::disable)
.formLogin(AbstractHttpConfigurer::disable)
.logout(AbstractHttpConfigurer::disable)
.addFilterBefore(new MultiTenancyInterceptor(), BasicAuthenticationFilter.class)
.httpBasic(withDefaults())
.apply(authorizationServerConfigurer);
return http.build();
}
@Bean
public UserDetailsService userDetailsService() {
return new CustomUserDetailsService();
}
@Bean
public PasswordEncoder passwordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
@Bean
public AuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(userDetailsService());
authenticationProvider.setPasswordEncoder(passwordEncoder());
return authenticationProvider;
}
}
Any ideas how to fix this ?
I am expecting the request to look like this
curl --location 'http://localhost:8001/login' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic ' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'username=' \
--data-urlencode 'password='
And the userdetails to be filled
Upvotes: 0
Views: 313
Answers (1)
Reputation: 6043
Spring Authorization Server does not support the password grant type because it is deprecated in OAuth 2.1.
You do not need to pass the client credentials in both the Authorization header and the body of the request. Simply remove --data-urlencode 'username=' and --data-urlencode 'password='.
Upvotes: 0
Related Questions
- How to access a value defined in the application.properties file in Spring Boot
- How to configure port for a Spring Boot application
- How do I activate a Spring Boot profile when running from IntelliJ?
- How can I log SQL statements in Spring Boot?
- Spring OAuth2 authorization server: straightforward client_credentials unauthorized
- Customize Spring Security for trusted space
- Spring boot security consider case insensitive username check for login
- Spring Boot OAuth 2.0 UserDetails user not found
- How exactly works Spring Security configuration in this Spring Boot project?