Open NABEEL-AHMED-JAMIL opened 6 years ago
Same here. GrantType Password is not working with the latest version.
It also occurs in 2.3.0.RELEASE.
I'm not convinced, but it seems that Spring Security team expressed some thoughts on this topic. They recommend not to use password grant type, if I'm not mistaken. Anyway, I've looked through some code and found something interesting in AuthorizationServerEndpointsConfigurer.getDefaultTokenGranters
:
private List<TokenGranter> getDefaultTokenGranters() {
ClientDetailsService clientDetails = clientDetailsService();
AuthorizationServerTokenServices tokenServices = tokenServices();
AuthorizationCodeServices authorizationCodeServices = authorizationCodeServices();
OAuth2RequestFactory requestFactory = requestFactory();
List<TokenGranter> tokenGranters = new ArrayList<TokenGranter>();
tokenGranters.add(new AuthorizationCodeTokenGranter(tokenServices, authorizationCodeServices, clientDetails,
requestFactory));
tokenGranters.add(new RefreshTokenGranter(tokenServices, clientDetails, requestFactory));
ImplicitTokenGranter implicit = new ImplicitTokenGranter(tokenServices, clientDetails, requestFactory);
tokenGranters.add(implicit);
tokenGranters.add(new ClientCredentialsTokenGranter(tokenServices, clientDetails, requestFactory));
if (authenticationManager != null) {
tokenGranters.add(new ResourceOwnerPasswordTokenGranter(authenticationManager, tokenServices,
clientDetails, requestFactory));
}
return tokenGranters;
}
So, if you expose AuthenticationManager
as a bean in context like this:
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
// ...
}
password grant type begin working
P.S.: I'm using 2.3.3.RELEASE version
The same problem with oauth2-2.0.14
I use the same Jenkins docker image build project, but it throws exception if compile on CentOS 7.5 and works well if compile on Ubuntu 16.04
CentOS 7.5:
Apache Maven 3.5.3 (3383c37e1f9e9b3bc3df5050c29c8aff9f295297; 2018-02-25T03:49:05+08:00) Maven home: /usr/share/apache-maven-3.5.3 Java version: 1.8.0_171, vendor: Oracle Corporation Java home: /usr/lib/jvm/java-8-openjdk-amd64/jre Default locale: en, platform encoding: UTF-8 OS name: "linux", version: "4.4.0-134-generic", arch: "amd64", family: "unix"
Ubuntu 16.04
Apache Maven 3.5.3 (3383c37e1f9e9b3bc3df5050c29c8aff9f295297; 2018-02-25T03:49:05+08:00) Maven home: /usr/share/maven/apache-maven-3.5.3 Java version: 1.8.0_171, vendor: Oracle Corporation Java home: /usr/lib/jvm/java-8-openjdk-amd64/jre Default locale: en, platform encoding: UTF-8 OS name: "linux", version: "3.10.0-862.6.3.el7.x86_64", arch: "amd64", family: "unix"
Only the kernel version is different.
And still not work if upgrade oauth2-2.3.3
I am also facing the same issue, password grant not supported
I catched the issue on Windows10. { "error": "unsupported_grant_type", "error_description": "Unsupported grant type: password" } But I have set the "password" grant_type to the table oauth_client_details. But it works well on CentOS 7.4.1708
I'm not convinced, but it seems that Spring Security team expressed some thoughts on this topic. They recommend not to use password grant type, if I'm not mistaken. Anyway, I've looked through some code and found something interesting in
AuthorizationServerEndpointsConfigurer.getDefaultTokenGranters
:private List<TokenGranter> getDefaultTokenGranters() { ClientDetailsService clientDetails = clientDetailsService(); AuthorizationServerTokenServices tokenServices = tokenServices(); AuthorizationCodeServices authorizationCodeServices = authorizationCodeServices(); OAuth2RequestFactory requestFactory = requestFactory(); List<TokenGranter> tokenGranters = new ArrayList<TokenGranter>(); tokenGranters.add(new AuthorizationCodeTokenGranter(tokenServices, authorizationCodeServices, clientDetails, requestFactory)); tokenGranters.add(new RefreshTokenGranter(tokenServices, clientDetails, requestFactory)); ImplicitTokenGranter implicit = new ImplicitTokenGranter(tokenServices, clientDetails, requestFactory); tokenGranters.add(implicit); tokenGranters.add(new ClientCredentialsTokenGranter(tokenServices, clientDetails, requestFactory)); if (authenticationManager != null) { tokenGranters.add(new ResourceOwnerPasswordTokenGranter(authenticationManager, tokenServices, clientDetails, requestFactory)); } return tokenGranters; }
So, if you expose
AuthenticationManager
as a bean in context like this:@Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter { @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } // ... }
password grant type begin working
P.S.: I'm using 2.3.3.RELEASE version
Thanks a lot, It works!
@Insomnium There is an override-ed method in author's example and mine, but still got this exception.
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
Same problem. Can the spring security team please look into this?
I too had this issue, and it was not entirely resolved by exposing an authenticationManagerBean.
I was able to get things working though by setting the exposed bean on the AuthorizationServerEndpointsConfigurer.
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
// ...
private AuthenticationManager authenticationManagerBean;
@Autowired
public void setAuthenticationManagerBean(AuthenticationManager authenticationManagerBean) {
this.authenticationManagerBean = authenticationManagerBean;
}
// ...
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
endpoints.tokenStore(tokenStore())
.authenticationManager(authenticationManagerBean)
.tokenServices(tokenServices())
.userApprovalHandler(userApprovalHandler())
.authorizationCodeServices(authorizationCodeServices());
}
// ...
}
@jorisschellekens Have you tried both suggestions as per this comment and this one?
If neither of these work for you, please provide a minimal sample that reproduces the issue and I can take a look at it.
@Autowired public void setAuthenticationManagerBean(AuthenticationManager authenticationManagerBean) { this.authenticationManagerBean = authenticationManagerBean; }
These lines in my AuthorizationServerConfigurerAdapter extension give me the expected result. Thanks @nrheckman.
I too had this issue, and it was not entirely resolved by exposing an authenticationManagerBean.
I was able to get things working though by setting the exposed bean on the AuthorizationServerEndpointsConfigurer.
@Configuration @EnableAuthorizationServer public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter { // ... private AuthenticationManager authenticationManagerBean; @Autowired public void setAuthenticationManagerBean(AuthenticationManager authenticationManagerBean) { this.authenticationManagerBean = authenticationManagerBean; } // ... @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) { endpoints.tokenStore(tokenStore()) .authenticationManager(authenticationManagerBean) .tokenServices(tokenServices()) .userApprovalHandler(userApprovalHandler()) .authorizationCodeServices(authorizationCodeServices()); } // ... }
Thanks a lot. Finally now I can go home.
Please do find the code below. This works perfectly fine for me.
@Configuration
@EnableAuthorizationServer
public class AuthServer extends AuthorizationServerConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private AuthenticationManager authenticationManagerBean;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
endpoints
.authenticationManager(authenticationManagerBean);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().
withClient("client").
secret(passwordEncoder.encode("secret")).
authorizedGrantTypes("password").
scopes("webclient","mobileclient");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
@Configuration
@EnableWebSecurity
public class WebSecurity extends WebSecurityConfigurerAdapter {
@Autowired
PasswordEncoder passwordEncoder;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password(passwordEncoder.encode("user") ).roles("USER");
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
Please do find the code below. This works perfectly fine for me.
@Configuration @EnableAuthorizationServer public class AuthServer extends AuthorizationServerConfigurerAdapter { @Autowired private PasswordEncoder passwordEncoder; @Autowired private AuthenticationManager authenticationManagerBean; @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) { endpoints .authenticationManager(authenticationManagerBean); } @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients.inMemory(). withClient("client"). secret(passwordEncoder.encode("secret")). authorizedGrantTypes("password"). scopes("webclient","mobileclient"); } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } } @Configuration @EnableWebSecurity public class WebSecurity extends WebSecurityConfigurerAdapter { @Autowired PasswordEncoder passwordEncoder; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication().withUser("user").password(passwordEncoder.encode("user") ).roles("USER"); } @Override @Bean public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } }
Not working for 2.2.7.RELEASE
I'm not convinced, but it seems that Spring Security team expressed some thoughts on this topic. They recommend not to use password grant type, if I'm not mistaken. Anyway, I've looked through some code and found something interesting in
AuthorizationServerEndpointsConfigurer.getDefaultTokenGranters
:private List<TokenGranter> getDefaultTokenGranters() { ClientDetailsService clientDetails = clientDetailsService(); AuthorizationServerTokenServices tokenServices = tokenServices(); AuthorizationCodeServices authorizationCodeServices = authorizationCodeServices(); OAuth2RequestFactory requestFactory = requestFactory(); List<TokenGranter> tokenGranters = new ArrayList<TokenGranter>(); tokenGranters.add(new AuthorizationCodeTokenGranter(tokenServices, authorizationCodeServices, clientDetails, requestFactory)); tokenGranters.add(new RefreshTokenGranter(tokenServices, clientDetails, requestFactory)); ImplicitTokenGranter implicit = new ImplicitTokenGranter(tokenServices, clientDetails, requestFactory); tokenGranters.add(implicit); tokenGranters.add(new ClientCredentialsTokenGranter(tokenServices, clientDetails, requestFactory)); if (authenticationManager != null) { tokenGranters.add(new ResourceOwnerPasswordTokenGranter(authenticationManager, tokenServices, clientDetails, requestFactory)); } return tokenGranters; }
So, if you expose
AuthenticationManager
as a bean in context like this:@Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter { @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } // ... }
password grant type begin working
P.S.: I'm using 2.3.3.RELEASE version
Yes, you're right! Thank!
(PS.: using SB version: 2.4.0)
Hello, I'm new on Spring-Security-oauth-2 if face this error
and my code below as