Spring-Security oauth2 create custom oauth_client_details table

Question

i want to implement oauth2 in my Spring REST application. Firstly, i have implemented my custom authentication and userdetails (with my own roles and authorities). That works fine with basic authentication.

Tables:

user: user_id, name, email, password (hashed), active

role: role_id, role

user_to_role (connect an user with his roles): role_id, user_id

Now, i am trying to implement oauth2.

My resource server class looks:

@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends  ResourceServerConfigurerAdapter {

private static final String RESOURCE_ID = "my_rest_api";

@Override
public void configure(ResourceServerSecurityConfigurer resources) {
    resources.resourceId(RESOURCE_ID).stateless(false);
}


@Override
public void configure(HttpSecurity http) throws Exception {
    http.anonymous().disable()
        .cors().and()
        .csrf().disable()
        .authorizeRequests().antMatchers("/" + Constants.VERSION + "/**").authenticated().and()
        .httpBasic().and()
        .headers().frameOptions().sameOrigin().and()
        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
        }

    }

Authorization Server:

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends 
AuthorizationServerConfigurerAdapter {

@Autowired
private AuthenticationManager authenticationManager;

@Autowired
private org.apache.tomcat.jdbc.pool.DataSource dataSource;

@Autowired
private ClientDetailsService clientDetailsService;

@Override
public void configure(
    AuthorizationServerSecurityConfigurer oauthServer)
    throws Exception {
    oauthServer
        .tokenKeyAccess("permitAll()")
        .checkTokenAccess("isAuthenticated()")
        .allowFormAuthenticationForClients();
}

@Override
public void configure(ClientDetailsServiceConfigurer clients)
    throws Exception {
    clients.jdbc(dataSource).clients(clientDetailsService);
}

@Override
public void configure(
    AuthorizationServerEndpointsConfigurer endpoints)
    throws Exception {

    endpoints
        .tokenStore(tokenStore())
        .authenticationManager(authenticationManager)
        .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
}

@Bean
public TokenStore tokenStore() {
    return new JdbcTokenStore(dataSource);
        } 



    }

And my security configuration:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

@Autowired
private ClientDetailsService clientDetailsService;

private UserDetailsService userDetailsService;

private PasswordEncoder passwordEncoder;

@Autowired
public SecurityConfiguration(UserDetailsService userDetailsService,
    PasswordEncoder passwordEncoder) {
    this.userDetailsService = userDetailsService;
    this.passwordEncoder = passwordEncoder;
}


@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
        .userDetailsService(userDetailsService)
        .passwordEncoder(passwordEncoder);
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .csrf().disable()
        .anonymous().disable()
        .authorizeRequests()
        .antMatchers("/oauth/token").permitAll();
}

@Bean
@Autowired
public TokenStoreUserApprovalHandler userApprovalHandler(TokenStore tokenStore) {
    TokenStoreUserApprovalHandler handler = new TokenStoreUserApprovalHandler();
    handler.setTokenStore(tokenStore);
    handler.setRequestFactory(new DefaultOAuth2RequestFactory(clientDetailsService));
    handler.setClientDetailsService(clientDetailsService);
    return handler;
}

@Bean
@Autowired
public ApprovalStore approvalStore(TokenStore tokenStore) throws Exception {
    TokenApprovalStore store = new TokenApprovalStore();
    store.setTokenStore(tokenStore);
    return store;
    }

}

QUESTION: I want to create my own OAUTH_CLIENT_DETAILS table. The table has to look like the user table with the extra column "token".

I can not find any tutorials how to create an custom oaut_client_details.

Hopefully, someone can help me.

Thank you guys :).

hasnae · Answer 1 · 2019-06-19T15:27:54.557

0

You can acheive this by implementing the ClientDetailsService and ClientDetails interfaces.

edited Jun 19 '19 at 15:27

answered Jun 19 '19 at 15:17

hasnae

2,137
17
21

Spring-Security oauth2 create custom oauth_client_details table

1 Answers1