search

spring-projects / spring-authorization-server

Spring Authorization Server
https://spring.io/projects/spring-authorization-server
Apache License 2.0
4.78k stars 1.25k forks source link

RestController not reachable #1644

Closed EE1234EE closed 2 weeks ago

EE1234EE commented 2 weeks ago

Describe the bug I downloaded this repo and started demo-authorizationserver, client and resource-server. Everything fine so far. After that I added a RestController, changed the DefaultSecurityConfg accordingly and no matter what I'm doing. I'm redirected to /login page. No matter what client.

To Reproduce

package sample.controller;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController("/test")
public class TestController {

        @GetMapping("/get")
        public String test() {
             return "test";
        }

    @PostMapping("/post")
    public String testPost(Tester tester) {
        return tester.getName();
    }

}
package sample.controller;

public class Tester {
    private String name;
    private int age;

    public String getName() {
        return name;
    }

    public void setName(String name) {
        this.name = name;
    }

    public int getAge() {
        return age;
    }

    public void setAge(int age) {
        this.age = age;
    }
}

Changed DefaultSecurityConfig -> defaultSecurityFilterChain:

@Bean
public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
        http
            .authorizeHttpRequests(authorize ->
                authorize
                    .requestMatchers("/assets/**", "/login", "/test/**").permitAll()
                    .anyRequest().authenticated()
            )
            .formLogin(formLogin ->
                formLogin
                    .loginPage("/login")
            )
            .oauth2Login(oauth2Login ->
                oauth2Login
                    .loginPage("/login")
                    .successHandler(authenticationSuccessHandler())
            );

        return http.build();
}

Expected behavior Reaching RestController

I started a custom spring auth-server and tried with a confidential client to reach custom controllers on spring auth server. No chance. I get the token with client_credentials, and after that my post/get whatever request with that token to the RestController I get as response 403 forbidden or the LoginPage.

I'm really willing to help but I do not even know where to start here a bit guidance would be awesome.

image

Sample Given Sample with mentioned modifications.

I would use it for user registration for example.

franzfloresjr commented 2 weeks ago

Hi @EE1234EE ,

I think you mean

@RestController
@RequestMapping("/test")
public class TestController {

....

}

Please see @RestController and @RequestMapping

EE1234EE commented 2 weeks ago

I'm sorry, can be closed because of stupidity ..