Spring Boot: Full authentication is required to access this resource

Question

I am doing example of Spring Boot Security with wso2is server from this post https://github.com/angel-git/wso2is-springoauth, when I am trying to access resource with access token I am getting

{"error":"unauthorized","error_description":"Full authentication is required to access this resource"}

I am generating access token by:

curl -u CLIENT_ID:CLIENT_SECRET-k -d "grant_type=password&username=admin&password=admin" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2/token

and accessing resources by:

curl -H GET "Authorization: ACCESS_TOKEN" http://localhost:8080/greeting

I found many solution on stackoverflow but unfortunately could not solve my issue

please help, thank you

Send bearer tokens using `Authorization: Bearer ACCESS_TOKEN` format — Ali Dehghani, Jun 03 '16 at 12:09
Did you use `curl -H "Authorization: Bearer ACCESS_TOKEN" http://localhost:8080/greeting`? Drop the `GET` — Ali Dehghani, Jun 03 '16 at 12:29
now it's giving {"error":"access_denied","error_description":"Access is denied"} — deen, Jun 03 '16 at 12:38
when I am accessing with curl -H "Authorization: Basic " http://localhost:8080/generateKey/, without wso2 authentication I get result. But my requirement is first it will authenticate with wso2 IDP then only user can access it. — deen, Jun 03 '16 at 13:06

score 14 · Answer 1 · edited Dec 11 '17 at 19:39

14

I was getting the same error message for

"curl http://localhost:8080/spring4/beans" :
{"timestamp":1493591079040,"status":401,"error":"Unauthorized","message":"Full authentication is required to access this resource.","path":"/spring4/beans"}

Setting the below property in application.properties bypassed the security check & I could use all the acuator endpoints:

management.security.enabled=false

edited Dec 11 '17 at 19:39

lealceldeiro

14,342
6
49
80

answered Apr 30 '17 at 22:33

41

Somehow I doubt that bypassing security is the right answer for someone who is trying to use Spring security. – james.garriss Jun 13 '17 at 14:30
3

Yes, I was just using it for testing. Have to use tokens, etc. for full security. – Jul 05 '17 at 01:03

score 3 · Accepted Answer · answered Jun 07 '16 at 13:49

3

Many thanx to Angel Gavalda who helped me to solved problem. I used following commands to generate access token and access resource

For Generating Access token:-

curl -k -d 'grant_type=client_credentials&client_id=yourClientId&client_secret=yourClientSecret' https://localhost:9443/oauth2/token

For Accessing Resource:-

curl -k -H "Authorization: Bearer $ACCESS_TOKEN" http://localhost:8080/greeting

answered Jun 07 '16 at 13:49

deen

2,185
7
29
53

When I am trying to access resource, I get "Please contact your administrator". Am I using the wrong request url? I tried another url and I get the error message that the op is getting. – JayC Mar 27 '17 at 13:47
@Jesse How you are accessing the resource? – deen Mar 28 '17 at 10:20
@GelSisaed from postman it'll pretty simple. Get the token from wso2 then hit your service by providing the Authz type as Bearer Token. – deen Apr 06 '19 at 04:56

score 1 · Answer 3 · edited May 25 '18 at 05:42

1

When the answer above does not solve this issue change OAuthConfigurations/RemoveOAuthHeadersFromOutMessage to false in the file api-manager.xml.

edited May 25 '18 at 05:42

sampathsris

21,564
12
71
98

answered Apr 19 '18 at 10:51

McFire

15
4

score 0 · Answer 4 · answered Aug 11 '23 at 08:36

I was having this issue because I was not properly authenticating the user in my Authentication filter. Please check if user is ACTUALLY authenticated and the roles are filled properly.

UsernamePasswordAuthenticationToken authentication =
                new UsernamePasswordAuthenticationToken(
                    userDetails,
                    null,
                    userDetails.getAuthorities());

System.out.println("Is user authenticated? " + authentication.isAuthenticated())

Spring Boot: Full authentication is required to access this resource

4 Answers4

Linked