spring-oauth2

问题 I'm using spring-security and spring-security-oauth2 (JWT access tokens) for authentication and authorization. The idea is to let all requests through, but to be able to distinguish between authenticated users and unauthenticated users. As soon as I enable @EnableResourceServer my configured HttpSecurity seems to get ignored. And requests return 401: { "error": "unauthorized", "error_description": "Full authentication is required to access this resource" } Here's the config:

问题 So I've been trying for over a week to get the JdbcTokenStore to work, but I can't seem to figure out what is wrong. I'm not using spring boot and I'll try my best to explain what I'm doing. So let's start with the database for the tokens: I'm using PostgreSQL which is why I use BYTEA DROP TABLE IF EXISTS oauth_client_details; CREATE TABLE oauth_client_details ( client_id VARCHAR(255) PRIMARY KEY, resource_ids VARCHAR(255), client_secret VARCHAR(255), scope VARCHAR(255), authorized_grant

问题 I am little new Spring boot and Aouth 2. I tried to secure my spring boot application with OAuth2. But My authentication is nit working and it causes for 401 error even with unsecured url. My code can be found in the git hub with under url I used the below curl command curl -i http://localhost:8990/api/hello But it results for {"timestamp":1489824873836,"status":401,"error":"Unauthorized","message":"Full authentication is required to access this resource","path":"/api/hello"} Also when I try

问题 I am using oAuth2 token with Spring Security. If am using using same configuration with Spring boot 1.3.0 and it working fine for me. But when i am using same configuration with Spring Mvc applicaito. Then it will creating a issue /oAuth/token ---> Post 405 Method not allow. My oAuth configuration is as: import javax.sql.DataSource; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context

问题 I have created a spring application that uses an external GitHub oauth2 application for authorisation. The callback url is :8090/login. The browser goes to my site, I click on login and get redirected to GitHub. Authenticate successfully. I expect to be returned to the index page of my site. Instead one of the css files referenced in the html is displayed. If I then re-enter the index url, I get the expected page. WebSecurityConfiguration.java @Configuration @EnableOAuth2Sso @PropertySources(

问题 First of all I want to say that I googled my problem and apllied the advice but it doesn't help me. My source look like this: @SpringBootApplication @EnableEurekaClient @RibbonClient(name = "say-hello"/*, configuration = RibbonConfig.class*/) @EnableAutoConfiguration @EnableOAuth2Sso public class HelloWorldStarter { public static void main(String[] args) { SpringApplication.run(HelloWorldStarter.class, args); } @Bean public RequestContextListener requestContextListener() { return new

问题 Trying to make spring security oauth2 and form login work in a spring boot application. I took cues from https://github.com/spring-projects/spring-security-oauth/tree/master/samples/oauth2/sparklr and https://github.com/royclarkson/spring-rest-service-oauth/issues/11 Below is my configuration @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) public class SecurityConfiguration extends WebSecurityConfigurerAdapter { @Inject private

问题 I have created a Single Page Application using the Spring Tutorial for making one with AngularJS and OAuth and such found here: https://spring.io/guides/tutorials/spring-security-and-angular-js/#_multiple_ui_applications_and_a_gateway_single_page_application_with_spring_and_angular_js_part_vi This is the application.yml files for the SPA application: security: user: password: none oauth2: client: accessTokenUri: localhost:7777/uaa/oauth/token userAuthorizationUri: localhost:7777/uaa/oauth

问题 Let me explain my use case. I need to have a spring boot oauth2 client application (not a resource server As we already have a separate resource server). Also I have following requirements: For each out going request to resource server, we need to send id_token. (Done by customizing resttemplate). For any request, no matter if it invokes resource server or not, If access token is expired my application must refresh it automatically (without any user intervention like any popup or redirection.

问题 I set an additional information by using OAuth2AccessToken enhance. I can see the additional information in the token but how can I get that list in my services class? public final class CustomTokenEnhancer implements TokenEnhancer { @Override public OAuth2AccessToken enhance( OAuth2AccessToken accessToken, OAuth2Authentication authentication) { Map<String, Object> additionalInfo = new HashMap<>(); List<String> companies = new ArrayList<>(); companies.add("Company 1"); companies.add("Company