Spring Boot docs on error handling: http://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#boot-features-error-handling. One way you can control the JSON is by adding a @Bean of type ErrorAttributes. @Bean ErrorAttributes errorAttributes() { return new MyErrorAttributes(); }
I noticed a client has both scope and authorities The client only has scope, but we can consider/use it as an authority(roles). This is because OAuth2 spec doesn’t explain specific usage of scope. Consider this, a user authorizes Twitter to post a user’s tweet to Facebook. In this case, Twitter will have a scope write_facebook_status. … Read more
To summarize your situation: You have your own backend (server of some kind, such as a web application implementing a REST API) where users should be able to login using a username and password to obtain an access token giving their access to their own resources on the server, and they should be able to … Read more
I had a similar problem on a JHipster-generated web application. Finally I decided to go with the SocialAuthenticationFilter option from Spring Social (via the SpringSocialConfigurer). After a successful social login, the server automatically generates and returns the “own” access token via redirection to the client app. Here’s my try: @Configuration @EnableResourceServer protected static class ResourceServerConfiguration … Read more
You will need to implement a custom TokenEnhancer like so: public class CustomTokenEnhancer implements TokenEnhancer { @Override public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) { User user = (User) authentication.getPrincipal(); final Map<String, Object> additionalInfo = new HashMap<>(); additionalInfo.put(“customInfo”, “some_stuff_here”); additionalInfo.put(“authorities”, user.getAuthorities()); ((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo); return accessToken; } } and add it to your AuthorizationServerConfigurerAdapter as a bean … Read more
The article which you have shared asks you to add web dependency which i dont see in your pom.xml file. Add the below dependency which should solve the javax.servlet error <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> If you check within the spring-boot-starter-web pom file you will see a dependency to javax.servlet-api – 3.1.0.
You need a WebSecurityConfigurerAdapter to secure the /authorize endpoint and to provide a way for users to authenticate. A Spring Boot application would do that for you (by adding its own WebSecurityConfigurerAdapter with HTTP basic auth). It creates a filter chain with order=0 by default, and protects all resources unless you provide a request matcher. … Read more
You need to set the content-type in postman as JSON (application/json). Go to the body inside your POST request, there you will find the raw option. Right next to it, there will be a drop down, select JSON (application.json).
The client_id and client_secret, by default, should go in the Authorization header, not the form-urlencoded body. Concatenate your client_id and client_secret, with a colon between them: abc@gmail.com:12345678. Base 64 encode the result: YWJjQGdtYWlsLmNvbToxMjM0NTY3OA== Set the Authorization header: Authorization: Basic YWJjQGdtYWlsLmNvbToxMjM0NTY3OA==
I managed to get this work based on the hints by Michael Ressler’s answer but with some tweaks. My goal was to allow both Basic Auth and Oauth on the same resource endpoints, e.g., /leafcase/123. I was trapped for quite some time due to the ordering of the filterChains (can be inspected in FilterChainProxy.filterChains); the … Read more