Spring Boot + Spring OAuth Java configuration

Question

I\'m trying to get OAuth 1 (3 legged) on a simple Spring Boot + Spring OAuth app, only as a consumer.

I\'ve been trying to port the tonr sample on the spring-security-oa

Answer 1

In order to use Spring Security with Java Config you have to have SecurityConfig file with something like this inside (taken from http://projects.spring.io/spring-security-oauth/docs/oauth2.html)

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests().antMatchers("/login").permitAll().and()
    // default protection for all resources (including /oauth/authorize)
        .authorizeRequests()
            .anyRequest().hasRole("USER")
    // ... more configuration, e.g. for form login
}

That's also a place where you can add your filters in specific order using http.addFilterAfter(oAuthConsumerContextFilter(), AnonymousAuthenticationFilter.class);

The problem with your code is that your filter is being executed before Authetication created.

So I guess both of yout filters should be at least after AnonymousAuthenticationFilter.class

You can find list of filters here : http://docs.spring.io/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#filter-stack

This worked for me :

http
.addFilterAfter(oAuthConsumerContextFilter(), SwitchUserFilter.class)
.addFilterAfter(oAuthConsumerProcessingFilter(), OAuthConsumerContextFilter.class)