1

I am testing an endpoint developed with Spring Boot, which throws the following error:

{
  "error": "unauthorized",
  "error_description": "Full authentication is required to access this resource"
}
www-authenticate: Bearer realm="oauth2-resource", error="unauthorized", error_description="Full authentication is required to access this resource"

After taking a look here I realized that it has to do with the OAuth2 library, I am just not sure how to debbug it, because when I add breakboints on the OAuth2ResourceServerConfigJwt the code hasnt run far enough to set up the server and let me debbug from the point where I send I request through my endpoint. Any ideas how I can debbug this thing or where the problem could lie? Here is my OAuth2ResourceServerConfigJwt class:

@RequiredArgsConstructor
@Configuration
@EnableResourceServer
public class OAuth2ResourceServerConfigJwt extends ResourceServerConfigurerAdapter {

    private static final String ALGORITHM = "HMACSHA512";

    private final CustomAccessTokenConverter customAccessTokenConverter;

    @Value("${auth.secret}")
    private String secret;

    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        final JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        converter.setAccessTokenConverter(customAccessTokenConverter);

        SecretKeySpec hs512 = new SecretKeySpec(secret.getBytes(), ALGORITHM);
        converter.setVerifier(new MacSigner(ALGORITHM, hs512));

        converter.setSigningKey(secret);
        return converter;
    }

    @Override
    public void configure(final ResourceServerSecurityConfigurer config) {
        config.tokenServices(tokenServices());
    }

    @Override
    public void configure(final HttpSecurity http) throws Exception {
    // @formatter:off
        http.authorizeRequests()
                .antMatchers(HttpMethod.OPTIONS).permitAll()
                .antMatchers("/testEndpoint/**").authenticated()
                .antMatchers("/**").permitAll().and()
                .authorizeRequests().anyRequest().authenticated();
    // @formatter:on
    }

    @Bean
    @Primary
    public DefaultTokenServices tokenServices() {
        final DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        return defaultTokenServices;
    }

    @Bean
    public TokenStore tokenStore() {
        return new JwtTokenStore(accessTokenConverter());
    }
hispanicprogrammer
  • 367
  • 3
  • 6
  • 22
  • in your `client/auth-server` application add *(debug=true)* `EnableWebSecurity` to debug spring security and soudn't it be like `antMatchers(HttpMethod.OPTIONS).permitAll() .antMatchers("/testEndpoint/**").anyRequest().permitAll()` – bananas Aug 06 '20 at 09:25
  • @emotionlessbananas thank you! what do you mean by `client/auth-server` application tho? – hispanicprogrammer Aug 06 '20 at 11:14

0 Answers0