Open robsilvia opened 9 years ago
The same problem. Does exist any solution for this error?
You need to write you own configuration. Examples can be found in https://github.com/spring-projects/spring-security-oauth/tree/master/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration.
The issue itself is related to how configurers are handled at line 170 in https://github.com/spring-projects/spring-security-oauth/blob/master/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configuration/ResourceServerConfiguration.java#L170-L176
I should also mention you're better off separating the resource server from the authorization server than you're writing your own configuration to get them both working on the same instance.
@robsilvia: Could you explain what you mean with separating resource server and authorization server? And maybe explain the background on what the problem is? I have the same problem, but I fail to understand the problem :-(.
When I wrote this I thought the only way to work around this problem was to create your own configuration or move the ResourceServerConfigurerAdapter over to a separate resource server instance.
I later found out that if you define a ResourceServerConfigurerAdapter you need explicitly define a security builder.
This works
@Configuration
protected static class OAuth2ResourceConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated();
}
}
This produces the above error
@Configuration
protected static class OAuth2ResourceConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
//http.authorizeRequests().anyRequest().authenticated();
}
}
If you’re receiving this error message outside of an oauth2 context as far as I can tell it means some where authorizeRequests() is being called on an instance of HttpSecurity that has already been built (processed by the filterChain).
Adding a ResourceServerConfigurerAdapter
to oauth demo at https://github.com/dsyer/spring-security-angular/blob/master/oauth2/authserver/src/main/java/demo/AuthserverApplication.java
Causes the same problem as https://github.com/spring-projects/spring-security-oauth-javaconfig/issues/1