Stack Overflow
Stack Overflow

Questions tagged [spring-security-oauth2]

Spring Security's deprecated implementation of the OAuth2 spec. For OAuth2 with Spring Security 5 use Spring Security tag. We don't get many questions on OAuth 1(a) but feel free to tag them here.

Spring Security's deprecated implementation of the OAuth2 spec. The GitHub Project and the Spring Framework Website provide support for using Spring Security 4 with OAuth (1a) and OAuth2. It provides features for implementing both consumers and providers of these protocols using standard Spring and Spring Security programming models and configuration idioms.

3166 questions
114
votes
12 answers

Spring Security 5 : There is no PasswordEncoder mapped for the id "null"

I am migrating from Spring Boot 1.4.9 to Spring Boot 2.0 and also to Spring Security 5 and I am trying to do authenticate via OAuth 2. But I am getting this error: java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id…
Jimmy
  • 1,719
  • 3
  • 21
  • 33
114
votes
9 answers

How can I revoke a JWT token?

I am using Spring Security OAuth2 and JWT tokens. My question is: How can I revoke a JWT token? As mentioned here http://projects.spring.io/spring-security-oauth/docs/oauth2.html, revocation is done by refresh token. But it does not seem to work.
sabu
  • 1,969
  • 4
  • 18
  • 28
88
votes
8 answers

Unsupported Media Type in postman

I am implementing spring security with oauth2 and jwt. the below is my login function function doLogin(loginData) { $.ajax({ url : back+"/auth/secret", type : "POST", data : JSON.stringify(loginData), …
user7477092
73
votes
9 answers

How to test spring-security-oauth2 resource server security?

Following the release of Spring Security 4 and it's improved support for testing I've wanted to update my current Spring security oauth2 resource server tests. At present I have a helper class that sets up a OAuth2RestTemplate using…
Tim
  • 19,793
  • 8
  • 70
  • 95
71
votes
5 answers

Spring Security 5 Replacement for OAuth2RestTemplate

In spring-security-oauth2:2.4.0.RELEASE classes such as OAuth2RestTemplate, OAuth2ProtectedResourceDetails and ClientCredentialsAccessTokenProvider have all been marked as deprecated. From the javadoc on these classes it points to a spring security…
Matt Williams
  • 1,198
  • 1
  • 10
  • 27
67
votes
3 answers

How to do rest authentication with Spring Social?

I have implemented Spring Social + Spring Security as outlined in the Spring security examples (and with spring security java config). I reported couple of problems at the time (see https://jira.springsource.org/browse/SEC-2204) all of those are…
aug70co
  • 3,965
  • 5
  • 30
  • 44
56
votes
1 answer

What is the replacement for the deprecated AuthorizationServer in Spring Security?

Spring Security 5.2.2 has incorporated Spring Security OAuth project, but not AuthorizationServer or ResourceServer. What are the replacements to AuthorizationServer in Spring Security 5.2.2? OAuth-2.0-Migration-Guide This document contains…
Chloe
  • 25,162
  • 40
  • 190
  • 357
52
votes
9 answers

Spring security with Oauth2 or Http-Basic authentication for the same resource

I'm attempting to implement an API with resources that are protected by either Oauth2 OR Http-Basic authentication. When I load the WebSecurityConfigurerAdapter which applies http-basic authentication to the resource first, Oauth2 token…
user3613594
  • 521
  • 1
  • 4
  • 3
51
votes
8 answers

Spring-Security-Oauth2: Full authentication is required to access this resource

I am trying to use spring-security-oauth2.0 with Java based configuration. My configuration is done, but when i deploy application on tomcat and hit the /oauth/token url for access token, Oauth generate the follwoing error:…
Harmeet Singh Taara
  • 6,483
  • 20
  • 73
  • 126
42
votes
1 answer

Spring Security OAuth2, which decides security?

I've been trying to implement a OAuth2 authentication server using the guides by Dave Syer with some inspiration from JHipster. But I can't figure out how it all works together. It looks like the security setup using the WebSecurityConfigurerAdapter…
LG87
  • 695
  • 1
  • 10
  • 20
38
votes
7 answers

Cannot access javax.servlet.Filter; class file for javax.servlet.Filter not found

I am trying to implement OAuth2 AuthorizationServer as described in this article but I keep getting the error below. For a spring security config: import org.springframework.beans.factory.annotation.Value; import…
mCs
  • 2,591
  • 6
  • 39
  • 66
35
votes
6 answers

can I include user information while issuing an access token?

I have seen in some oauth2 implementations additional information on the response returned by the authorization server when it issues access tokens. I'm wondering if there is a way to accomplish this using spring-security-oauth2. I would love to be…
RutledgePaulV
  • 2,568
  • 3
  • 24
  • 47
34
votes
4 answers

Integrate Spring Security OAuth2 and Spring Social

I'm working with a Spring Boot + Spring Security OAuth2 application that I believe was inspired by examples from Dave Syer. The application is configured to be an OAuth2 authorization server, with a single public client using the Resource Owner…
Andrew Ferk
  • 3,658
  • 3
  • 24
  • 25
31
votes
1 answer

Spring oauth2 scope vs authorities(roles)

I'm Using Spring Security OAuth2 and currently implemented the client_credentials and password grant types. I noticed a client has both scope and authorities. Can someone please explain what the difference is? To be more specific, I'm using the…
Michael LoCicero
  • 423
  • 1
  • 5
  • 11
30
votes
2 answers

what's the alternative to password grant now that it is deprecated? OAUTH 2.0

I have a rest api built in spring boot. A front end application in react. I have users who should be able to log in and access their information e.g. orders. now in order for users to log in and register I thought it would be a best idea to use…
Bee
  • 405
  • 5
  • 11
1
2 3
99 100