I am building simple password grant type with in memory authorization server for demo purpose, and later on to integrate with my existing web application.

Not sure is there any configuration I am missing.

Also tried with base64 url, form data and other options but still getting the same response from server.

spring boot basic security is disabled with management.security.enabled=false

Authorization server

@Configuration
@EnableAuthorizationServer
@EnableAutoConfiguration

public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
       private TokenStore tokenStore;

    @Override
      public void configure (AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
          endpoints
                  .authenticationManager (authenticationManager)        
                  .tokenStore (tokenStore);
      }
       @Bean
       public TokenStore tokenStore () {
           return new InMemoryTokenStore ();
       }


     @Bean
     public PasswordEncoder passwordEncoder () {
         return new BCryptPasswordEncoder ();
     }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory().withClient("java-client").secret(passwordEncoder (). encode ("java-secret"))
         .authorities ("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT", "USER")
         .autoApprove (true)
                .authorizedGrantTypes("authorization_code", "refresh_token", "password").scopes("read", "write");

    }
}

// Security Config

    @Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

      @Override
        protected void configure(HttpSecurity http) throws Exception { // @formatter:off
            http.authorizeRequests()
            .antMatchers("**").permitAll();

        } // @formatter:on


        @Bean
        public BCryptPasswordEncoder passwordEncoder(){
            return new BCryptPasswordEncoder();
        }

        @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
            auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
        }

        public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {

            security.allowFormAuthenticationForClients();
        }
}

1 Answers

0
wonhee On

That error basically means you access to the resource that is protected by authentication and you didn't provide a username/password properly. If you access to the url on webbrwoser, you'll be asked to enter username and password. Alternatively, you can add username and password on the request if you use curl.

Either username:[email protected]_url, or add Authorization header with "Basic ".