I have successfully configured my application to support both Basic, form-based and OAuth2 authentication, but ran into a bit of a snag trying to customize the ClientDetailsUserDetailsService in OAuth. The behavior I'm noticing is that the Spring OAuth ClientDetailsUserDetailsService is always being used despite my attempts to inject a new custom implementation.
The reason I want to customize this class is to return a custom User Details object similar to what I use for the Basic Auth and Form authentication.
I've read multiple posts on the site related to this same topic, but was not able to resolve the issue with the suggested approaches (ie: Previous post)
Spring's AuthorizationServerSecurityConfigurer class seems to always use the ClientDetailsUserDetailsService regardless of what you inject.
Thing(s) I've tried:
Create an @Bean referencing my custom user details impl and set the custom user details in the AuthorizationServerEndpointsConfigurer.userDetailsService.
Set the user details in the GlobalAuthenticationConfigurerAdapter
@Configuration @Order(Ordered.HIGHEST_PRECEDENCE) public class AuthenticationManagerConfiguration extends GlobalAuthenticationConfigurerAdapter {
@Autowired
private UserDetailsService userService;
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(clientDetailsUserDetailsService());// Inject custom
}
}
Created a custom WebSecurityConfigurerAdapter and set the user details service in the HttpSecurity object ie: @Override public void configure(HttpSecurity http) throws Exception {
http .requestMatchers().antMatchers("/oauth/**") .requestMatchers().antMatchers("/api-token/**") .authorizeRequests() .anyRequest().authenticated(); http.userDetailsService(clientDetailsUserService()); http.authenticationProvider(oauthDaoAuthenticationProvider(encryptionService));}
Create a new DaoAuthenticationProvider Bean and manually set my custom user details service for oauth requests.
Any advice or help is greatly appreciated and again, I do have OAuth working, but would like to tweak the implementation a bit without having to hack into the Spring classes to achieve it. Thanks!
