Manual Configuration of OAuth2 Client using @EnableOAuth2Client not working

8.1k views Asked by At

I am following this tutorial from the official spring docs to Manually Configure OAuth2 Client using @EnableOAuth2Client. For some reason it is not working. When I run the app and visit http://localhost:8080/login I see the basic form login instead of Google Sign in options. (I need to make this manual configuration work because of my use case.)

However the @EnableOauth2Sso code works fine where I don't do any manual configuration using OAuth2AuthenticationProcessingFilters. In this case I get the google sign in options on visiting my login page. Can someone please help me. I have added the code below:

This is with @EnableOAuth2Sso, which works perfectly

@Configuration
@EnableWebSecurity
@EnableOAuth2Sso
@PropertySource({ "classpath:/oauth2.properties" })
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    OAuth2ClientContext oauth2ClientContext;

    @Value("${security.oauth2.resource.userInfoUri}")
    String userInfoUri;

    @Value("${security.oauth2.client.clientId}")
    String clientId;

    @Bean
    public RequestContextListener requestContextListener() {
        return new RequestContextListener();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http);
//      http.antMatcher("/**").addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
    }
}

This is with @EnableOAuth2Client, which doesn't work and I get form login instead

@Configuration
@EnableWebSecurity
@EnableOAuth2Client
@PropertySource({ "classpath:/oauth2.properties" })
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    OAuth2ClientContext oauth2ClientContext;

    @Value("${security.oauth2.resource.userInfoUri}")
    String userInfoUri;

    @Value("${security.oauth2.client.clientId}")
    String clientId;

    @Bean
    public RequestContextListener requestContextListener() {
        return new RequestContextListener();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http);
        http.antMatcher("/**").addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
    }

    private Filter ssoFilter() {
        OAuth2ClientAuthenticationProcessingFilter googleFilter = new OAuth2ClientAuthenticationProcessingFilter("/login");
        OAuth2RestTemplate googleTemplate = new OAuth2RestTemplate(google(), oauth2ClientContext);
        googleFilter.setRestTemplate(googleTemplate);
        googleFilter.setTokenServices(new UserInfoTokenServices(googleResource().getUserInfoUri(), google().getClientId()));
        return googleFilter;
    }

    @Bean
    @ConfigurationProperties("security.oauth2.client")
    public AuthorizationCodeResourceDetails google() {
        return new AuthorizationCodeResourceDetails();
    }

    @Bean
    @ConfigurationProperties("security.oauth2.resource")
    public ResourceServerProperties googleResource() {
        return new ResourceServerProperties();
    }

    @Bean
    public FilterRegistrationBean oauth2ClientFilterRegistration(
            OAuth2ClientContextFilter filter) {
        FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setFilter(filter);
        registration.setOrder(-100);
        return registration;
    }

}
1

There are 1 answers

1
AudioBubble On BEST ANSWER

I would say the call to super.configure(http) might be the issue.

From the javadoc:

Typically subclasses should not invoke this method by calling super as it may override their configuration."