Skip to content
Advertisement

Tag: spring-security-oauth2

OAuth issue in API gateway

I am facing the OAuth issue, details are below: I am having two microservices: registration-service(https://github.com/choudharylakshyaveer/registration-service) student-service(https://github.com/choudharylakshyaveer/student-service) For these two I have added : cloud-config-server(https://github.com/choudharylakshyaveer/cloud-config-server) naminig-server(https://github.com/choudharylakshyaveer/naming-server) gateway(https://github.com/choudharylakshyaveer/api-gateway) FrontEnd: is at react js: https://github.com/choudharylakshyaveer/chargie For first time use, a new user need to be register that can be done from curl: To login using the above registered user, below can be run

A better way to implement a large amount of cascading roles and authorities in Spring Security?

So i’m currently refactoring the backend code for my organization to prep for future upgrades. It currently runs fine, its just that the code is getting quite messy because of the sheer amount of roles and authorizations that exist in this org. So our backend stack here is a simple springboot Rest API, we use a third party Oauth authentication

Spring Boot, OAuth2 authentication is lost between requests

EDIT: log from org.springframework.security: ***But if I look in the logs some requests after I can get the valid auth: Debug 2022-01-17 12:31:03.945 IST “Set SecurityContextHolder to SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=com..security.oauth.CustomOAuth2User@, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=***, SessionId=9438C880A19C93AADJI206B9B8B3386], Granted Authorities=[ROLE_USER, SCOPE_https://www.googleapis.com/auth/userinfo.email, SCOPE_https://www.googleapis.com/auth/userinfo.profile, SCOPE_openid]]]” Debug 2022-01-17 12:31:03.945 IST “Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=com..security.oauth.CustomOAuth2User@, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=***, SessionId=9438C880A19C93AADJI206B9B8B3386], Granted Authorities=[ROLE_USER, SCOPE_https://www.googleapis.com/auth/userinfo.email, SCOPE_https://www.googleapis.com/auth/userinfo.profile, SCOPE_openid]]]” Debug 2022-01-17

Token exchange in Spring OAuth2 client credentials flow

I have following Spring Security configuration: And following configuration is used: Now I need to do impersonation(https://datatracker.ietf.org/doc/html/rfc8693). So I need to pretend as some user. I need it because of “current user” logic inside some-app application. How can I reconfigure to achieve it ? P.S. I tried to google it but I haven’t found anything relevant. Answer RFC 8693 Token

spring security hasAuthority(“SCOPE_xxx”) method not working with spring authorization server version 0.2.0

I have created an authorization server using the new spring authorization server module. I am able to get the token successfully but when I try to use the token against a protected endpoint with hasAuthority() I get forbidden 403 error. Below my pom.xml file Below is my Authorization Server config And this is my Security Config Here is my user

Spring Boot HttpSecurity – @PreAuthorize – How to set AuthenticationFilter?

I am currently developing a API Authorization. So basically I have a filter JwtAuthorizationFilter. And in my RestController I want to annotate the request that should be filtered via @PreAuthorize(“hasRole(‘ADMIN’)”) for example. So my question is now: How do i have to setup the WebSecurityConfigureAdapter (or any other thing) to link the annotations with the JwtAuthorizationFilter? Thank you! Best regards

Spring Boot OAuth2.0 with Azure Authentication Error – Missing required “user name” attribute name in UserInfoEndpoint for Client Registration: azure

I am trying to login using correct credentials and I am getting following error. I have created Azure AD B2C application following spring starters described on Azure website. User created in Azure Active Directory is member of two groups test2 and test3. I have another spring application, authentication and authorization is working in that application but not in this one.

Spring 5 Oauth2 – How to provide the check token URL in my Resource server?

I need some help.. I set up an AuthorizationServer using @EnableAuthorizationServer from Spring-security-oauth2 for grant type “client_credentials”. Able to create, check tokens and everything good with this. /oauth/token /oauth/checkToken Followed this sample for Authorization server I have a separate project that has the REST APIs to be secured. I can’t use @EnableResourceServer because that project uses Spring 5.2.8 and the

Advertisement