I am following this tutorial from the official spring docs to Manually Configure OAuth2 Client using @EnableOAuth2Client
. For some reason it is not working. When I run the app and visit http://localhost:8080/login
I see the basic form login instead of Google Sign in options. (I need to make this manual configuration work because of my use case.)
However the @EnableOauth2Sso
code works fine where I don't do any manual configuration using OAuth2AuthenticationProcessingFilters
. In this case I get the google sign in options on visiting my login page. Can someone please help me. I have added the code below:
This is with @EnableOAuth2Sso
, which works perfectly
@Configuration
@EnableWebSecurity
@EnableOAuth2Sso
@PropertySource({ "classpath:/oauth2.properties" })
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
OAuth2ClientContext oauth2ClientContext;
@Value("${security.oauth2.resource.userInfoUri}")
String userInfoUri;
@Value("${security.oauth2.client.clientId}")
String clientId;
@Bean
public RequestContextListener requestContextListener() {
return new RequestContextListener();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
// http.antMatcher("/**").addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
}
}
This is with @EnableOAuth2Client
, which doesn't work and I get form login instead
@Configuration
@EnableWebSecurity
@EnableOAuth2Client
@PropertySource({ "classpath:/oauth2.properties" })
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
OAuth2ClientContext oauth2ClientContext;
@Value("${security.oauth2.resource.userInfoUri}")
String userInfoUri;
@Value("${security.oauth2.client.clientId}")
String clientId;
@Bean
public RequestContextListener requestContextListener() {
return new RequestContextListener();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.antMatcher("/**").addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
}
private Filter ssoFilter() {
OAuth2ClientAuthenticationProcessingFilter googleFilter = new OAuth2ClientAuthenticationProcessingFilter("/login");
OAuth2RestTemplate googleTemplate = new OAuth2RestTemplate(google(), oauth2ClientContext);
googleFilter.setRestTemplate(googleTemplate);
googleFilter.setTokenServices(new UserInfoTokenServices(googleResource().getUserInfoUri(), google().getClientId()));
return googleFilter;
}
@Bean
@ConfigurationProperties("security.oauth2.client")
public AuthorizationCodeResourceDetails google() {
return new AuthorizationCodeResourceDetails();
}
@Bean
@ConfigurationProperties("security.oauth2.resource")
public ResourceServerProperties googleResource() {
return new ResourceServerProperties();
}
@Bean
public FilterRegistrationBean oauth2ClientFilterRegistration(
OAuth2ClientContextFilter filter) {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(filter);
registration.setOrder(-100);
return registration;
}
}
I would say the call to
super.configure(http)
might be the issue.From the javadoc: