Stack Overflow
Stack Overflow

Questions tagged [spring-resource-server]

16 questions
4
votes
0 answers

Why is Spring Security 6 not hitting the validate method of my OAuth2TokenValidator?

I have the following code... public class AudienceValidator implements OAuth2TokenValidator { private final String audience; public AudienceValidator(String audience) { this.audience = audience; } @Override …
Jose Gleeson
  • 173
  • 1
  • 11
1
vote
1 answer

Why isn't my CustomAuthenticationEntryPoint commence method getting called for invalid or expired JWT tokens in Java?

Why doesn't this commence method get called for when jwt token is invalid or expired? It gets called for when the token is empty. Weird thing is that while debugging I found out that the BearerTokenAuthenticationEntryPoint.commence() method is being…
lilpipehit
  • 11
  • 4
1
vote
1 answer

@PreAuthroize has role vs requestMatchers().hasRole()

I have created jwt implementation with Spring Resource Server dependency. Here is config class: @Configuration @RequiredArgsConstructor @EnableWebSecurity @EnableMethodSecurity public class WebSecurityConfig { …
eternal
  • 339
  • 2
  • 15
0
votes
1 answer

How retrieve user information, such as name and email in a Spring Boot that serves as a REST API and utilizes oauth2-resource-server?

I have a Spring Boot application that provides a REST API and is using cognito and oauth2-resource-server. My resources are protected and work correctly when accessed with the access_token. I have this common SecurityConfig: @Configuration public…
Miletos
  • 231
  • 1
  • 7
0
votes
0 answers

Error when trying to consume authenticated service

I'm encountering an error when trying to consume an authenticated service. Here is the full error: java.lang.RuntimeException: Must set 'realm' in config at…
Alfonso Pimienta
  • 3
  • 3
0
votes
0 answers

How to validate Authorization header with specific client in Spring Resource Server?

I have two spring boot services called Service1 and Service2. Service1 call API in Service2 along with the Authorization Header (JWT) which generated using org.springframework.boot:spring-boot-starter-oauth2-client with below configurations. …
Dush
  • 11
  • 2
0
votes
1 answer

Is there any listener for the OAuth2 resource server's successful authentication?

Is there any listener for the OAuth2 resource server's successful authentication? I need, to create/replicate the user details in the spring boot resource server on successful authentication, or during token validation. Any suggestions, on how to…
Thirumal
  • 8,280
  • 11
  • 53
  • 103
0
votes
1 answer

How to test http status code 401 (unauthenticated) with MockMVC and Spring Boot OAuth2 Resource Server?

I am currently developing a Spring Boot 3 application which provides a REST API. To consume this API, users have to be authenticated via an OAuth2 workflow of our identity provider keycloak. Therefore, I have used…
LucasMoody
  • 403
  • 4
  • 10
0
votes
1 answer

How to decode and verify customized JWT from Spring Authorization server in Spring Resource Server?

I am using Spring authorization Server 1.0.0. In this I have customized the JWT as per my requirement as follows. Let's say there is a user "vinay". And his role is also "vinay". I am adding extra field "authority" : [{"role":"ROLE_vinay"}] in JWT.…
Vinayak Pattar
  • 21
  • 4
0
votes
1 answer

Spring Security Authorization Server

my question about new Spring-Security-Authorization-Server, i create auth-server and resource-server, and generating public and private keys in auth-server. I set jwkSetUri in resource-server, can't understand how resource-server checks token. Who…
Xan
  • 31
  • 5
0
votes
1 answer

Can the new Spring Authorization Server generate tokens other than JWT and Opaque?

I am currently migrating the authorization server from old Spring Security OAuth2 to the new Spring Authorization Server. It seems that the new Spring Authorization Server generates JWT tokens by default. What if I dont want to use JWT and…
jetpack
  • 169
  • 1
  • 9
0
votes
1 answer

Static resources load failed - Spring MVC

In my Spring MVC application, I want to serve static resources using a java annotation-based configuration. I have a config class annotated with @Configuration, @EnableWebMvc, and @ComponentScan and my class is implementing WebMvcConfigurer. //set…
santhosh_athreya
  • 25
  • 5
0
votes
0 answers

Spring Boot Authentication - oauth2 login with form logn and other oauth providers

I have following security config file in my authorization server : @EnableWebSecurity public class DefaultSecurityConfig { @Autowired MyUserDetailService myUserDetailService; @Bean SecurityFilterChain…
Feroz Siddiqui
  • 3,840
  • 6
  • 34
  • 69
-1
votes
0 answers

Customize spring Authorization server & Resource server for REST API's using Oauth2 protocol without formlogin

I am new to Spring Boot and I am going to develop a Card issuance System (Micro-services based) I have two types of users that will request protected resources of the system. Admin users (Uses REST API & React App) Third party (Microfinance bank…
Adil Bhatti
  • 1
  • 1
-1
votes
2 answers

How to validate OAuth2 access token from resource server

I have Authorization Server and Resource Server as two different entities. I am calling REST API with the Access Token in header. I want to check the validity of the AT, whether it is active or not? I have done some googling and found that we can…
ankit
  • 25
  • 1
  • 2
  • 11
1
2