0

couldn't find a doc which illustrates how to use access_token to get user info.

How can I make a such endpoint?

I see when I access the /user endpoint OAuth2AuthenticationProcessingFilter is not included. I think I messed up something below

@Configuration
@EnableWebSecurity
@Order(2)
// after ResourceServerConfigurerAdapter
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Override
  protected void configure(HttpSecurity http) throws Exception {
    http
      // https://stackoverflow.com/questions/26387003/how-to-make-spring-boot-never-issue-session-cookie
      .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
      .authorizeRequests()
      .antMatchers("/", "index", "/login**", "/webjars/**")
      .permitAll()
      .and().exceptionHandling()
      .authenticationEntryPoint(authenticationEntryPoint)
      .accessDeniedHandler(oAuth2FailedHandler)
      .and().csrf().disable().authorizeRequests()                                                                                                                                       
      .and().addFilterBefore(new CORSFilter(), BasicAuthenticationFilter.class);                                                                                                    }
}
I also have..

@Order(3)
@Configuration
@EnableResourceServer
@Slf4j
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(final ResourceServerSecurityConfigurer config) {
        config.tokenServices(tokenServices());
    }

   @Override
    public void configure(HttpSecurity http) throws Exception {
     // super.configure(http);

     log.info("hello OAuth2ResourceServerConfig:configure");
     http
        .authorizeRequests().anyRequest().authenticated();

    }

     @Bean
     @Primary
     public DefaultTokenServices tokenServices() {
         final DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
         defaultTokenServices.setTokenStore(tokenStore());
         return defaultTokenServices;
     }

     // JDBC token store configuration

     @Bean
     public DataSource dataSource() {
         final DriverManagerDataSource dataSource = new DriverManagerDataSource();
         dataSource.setDriverClassName(env.getProperty("spring.datasource.driver-class-name"));
         dataSource.setUrl(env.getProperty("spring.datasource.url"));
         dataSource.setUsername(env.getProperty("spring.datasource.username"));
         dataSource.setPassword(env.getProperty("spring.datasource.password"));

         return dataSource;
     }

     @Bean
     public TokenStore tokenStore() {
         return new JdbcTokenStore(dataSource());
     }
}


@Configuration
 //@PropertySource({ "classpath:persistence.properties" })                                                                                                                         @EnableAuthorizationServer
 @Slf4j
 public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
    // ....
 }
eugene
  • 39,839
  • 68
  • 255
  • 489
  • I also have `AuthorizationServerConfigurerAdapter` as well.. I didn't know any of this hides another. I have `SecurityConfig` to set `SessionCreationPolicy.STATELESS` and add CORSFilter. Resource server, and auth server are the same server if that's your question. – eugene Feb 25 '18 at 13:41

1 Answers1

-1

Add a REST controller with something like this:

@RequestMapping("/user")
public @ResponseBody Principal  user(Principal user) {
    return user;
}

Then you can call it, using your access token in the Authorization header.

Jim.R
  • 743
  • 1
  • 5
  • 11