Open osgafarov opened 6 years ago
Why are you annotating the class OAuth2Configuration
with @EnableResourceServer
and @EnableAuthorizationServer
at the same time?
Just another tip, you don't need to inject AuthenticationManagerBuilder
for password grant type. Injecting AuthenticationManager
should be enough.
any solution?
I ended up with this configuration and it worked for me:
@Configuration
public class SecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin().loginPage("/login").permitAll()
.and()
.requestMatchers().antMatchers("/login", "/oauth/authorize", "/oauth/confirm_access")
.and()
.authorizeRequests().anyRequest().authenticated();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers(HttpMethod.PUT, "/users/")
.antMatchers("/users/facebook/**")
.antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/security", "/swagger-ui.html", "/webjars/**");
}
}
Hi,
I am developing a Spring Boot OAuth2 + mobile client with
authorization_code
flow. I have a custom login page, so when the mobile client callsoauth/authorize
, the server redirects the user to Login page, the user signs in, then the server issues an authorization code and with this authorization code, the app requests the token.However, when calling a secure API and passing the Bearer token, the server fails with an exeption:
What is interesting is when the Spring boot app is started I can see the
OAuth2AuthenticationProcessingFilter
filter in the logs:However, when calling
curl -H "Authorization: bearer eaee916e-fdf1-4e80-808e-cfd9b2944539" localhost:8080/users
I see the following logs:
And as you can see in the second log, it did not go through
OAuth2AuthenticationProcessingFilter
.Here is my configuration: https://gist.github.com/osgafarov/ef432de739f0e8dd2eb595c0c75aff1d
Here is the flow:
Do you know what might be wrong in my configuration? I've spent already quite some time to figure out, but cannot find what is wrong.
Thanks, Osman