Consume an OAuth-secured REST webservice using Spring oauth2

Question

I want to consume a REST webservice from a server which protects his resources using oauth2.

I use Spring boot (JHipster).

To do this i have in SecurityConfiguration class this :

@Value("${oauth.resource:http://sercverUsingOAuth2}")
private String baseUrl;

@Value("${oauth.authorize:http://sercverUsingOAuth2/rest/oauth/token}")
private String authorizeUrl;

@Value("${oauth.token:http://sercverUsingOAuth2/rest/oauth/token}")
private String tokenUrl;

@Bean
public OAuth2RestOperations oauth2RestTemplate() {
    AccessTokenRequest atr = new DefaultAccessTokenRequest();
    return new OAuth2RestTemplate(resource(),
            new DefaultOAuth2ClientContext(atr));
}

@Bean
protected OAuth2ProtectedResourceDetails resource() {
    AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
    resource.setAccessTokenUri(tokenUrl);
    resource.setUserAuthorizationUri(authorizeUrl);
    resource.setClientId("client_id");
    resource.setClientSecret("client_secret");
    resource.setGrantType("grant_type");
    return resource;
}

This class (SecurityConfiguration) is annoted using :

@Configuration
@EnableWebSecurity
@EnableOAuth2Client

And this is my controller (Spring MVC) :

@RestController
@RequestMapping("/consume")
public class MyContrtoller {

@Inject
private OAuth2RestOperations oauth2RestTemplate;

@RequestMapping(value = "/oauth2", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
public List<DataModel> getProducts() {

    ResponseEntity<MyModel> forEntity = oauth2RestTemplate
            .getForEntity("http://sercverUsingOAuth2/rest/resourceToConsume",
                    MyModel.class);
    return forEntity.getBody().getData();
}

}

However when i want to consume my webservice (http://myHost/consume/oauth2) i get this Exception :

    org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException:
 Unable to obtain a new access token for resource 'null'. The provider manager
 is not configured to support it.

I have googled and i found this :

But it doesn't help me.

Thanks.

You could find useful this topic: http://stackoverflow.com/a/28278293/604218 — Roberto, Jul 21 '15 at 15:14
I do not need user name and user password to consume the web service, because the server where this ws is hosted allow me to consume this ws using: client_id,client_secret and grant_type. PS:When i use a rest client apps i get the token form server but using my java code i can't. — LBOSS, Jul 22 '15 at 09:09

score 5 · Accepted Answer · answered Dec 20 '15 at 17:20

You are using the same URL for the authorization url and the token url. That was my first clue, then I saw your comments.

Even though you are changing the grant type, you are still using "AuthorizationCodeResourceDetails" when you should be using "ClientCredentialsResourceDetails" instead. This type of ResourceDetails is meant to be used for the case you are explaining.

ClientCredentialsResourceDetails resource = new ClientCredentialsResourceDetails();
resource.setAccessTokenUri(TOKEN_URL);
resource.setClientId(CLIENT_ID);
resource.setClientSecret(CLIENT_SECRET);
resource.setClientAuthenticationScheme(AuthenticationScheme.form); //This line isn't always needed
return resource;

Thanks @DaShaun :). you help me – LBOSS Dec 22 '15 at 10:14 — LBOSS, Dec 22 '15 at 10:14

Consume an OAuth-secured REST webservice using Spring oauth2

1 Answers1