I'm trying to do a simple spring boot + oauth2 application and I'm facing the issue that /oauth/authorize is not being matched to the oauth2 server endpoint. that endpoint is not even listed in the list of available apis
my code:
package com.example;
import java.security.Principal;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@SpringBootApplication
@RestController
@EnableResourceServer
public class DemoApplication extends WebMvcConfigurerAdapter{
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class, args);
}
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient("foo").secret("foosecret")
.authorizedGrantTypes("authorization_code", "refresh_token", "password").scopes("openid");
}
}
@RequestMapping("/user")
public Principal user(Principal user) {
return user;
}
}
and the application properties:
server.port=9000
security.user.name=bar
security.user.password=barsecret
#server.contextPath=/
#security.oauth2.client.clientId=foo
#security.oauth2.client.clientSecret=foosecret
#security.oauth2.client.authorized-grant-types=authorization_code,refresh_token,password
#security.oauth2.client.scope=picture
logging.level.org.springframework.web=debug
logging.level.org.springframework.security=trace
logging.level.org.springframework.web-security=trace
when I try this request:
see image here for the Oauth code request the logs get printed and there is no matcher to maps to /oauth/authorize
2017-01-03 00:00:10.309 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/css/**']
2017-01-03 00:00:10.309 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/authorize'; against '/css/**'
2017-01-03 00:00:10.309 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/js/**']
2017-01-03 00:00:10.309 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/authorize'; against '/js/**'
2017-01-03 00:00:10.309 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/images/**']
....
2017-01-03 00:00:10.309 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/authorize'; against '/**/favicon.ico'
2017-01-03 00:00:10.309 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/error']
2017-01-03 00:00:10.309 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/authorize'; against '/error'
2017-01-03 00:00:10.309 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2017-01-03 00:00:10.309 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/token']
2017-01-03 00:00:10.309 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/authorize'; against '/oauth/token'
2017-01-03 00:00:10.309 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/token_key']
2017-01-03 00:00:10.310 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/authorize'; against '/oauth/token_key'
2017-01-03 00:00:10.310 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/check_token']
2017-01-03 00:00:10.310 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/authorize'; against '/oauth/check_token'
2017-01-03 00:00:10.310 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2017-01-03 00:00:10.313 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/pause']
...
2017-01-03 00:00:10.316 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/resume/']
2017-01-03 00:00:10.316 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/authorize'; against '/resume/'
2017-01-03 00:00:10.316 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/metrics']
...
2017-01-03 00:00:10.318 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/authorize'; against '/configprops/'
2017-01-03 00:00:10.318 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2017-01-03 00:00:10.318 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/**']
2017-01-03 00:00:10.318 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Request '/oauth/authorize' matched by universal pattern '/**'
2017-01-03 00:00:10.318 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : matched
2017-01-03 00:00:10.319 DEBUG 10988 --- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : /oauth/authorize?response_type=code&client_id=foo&redirect_uri=http://www.google.com at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2017-01-03 00:00:10.320 DEBUG 10988 --- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : /oauth/authorize?response_type=code&client_id=foo&redirect_uri=http://www.google.com at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2017-01-03 00:00:10.320 DEBUG 10988 --- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : /oauth/authorize?response_type=code&client_id=foo&redirect_uri=http://www.google.com at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2017-01-03 00:00:10.321 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@33b1c010
2017-01-03 00:00:10.321 DEBUG 10988 --- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : /oauth/authorize?response_type=code&client_id=foo&redirect_uri=http://www.google.com at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2017-01-03 00:00:10.321 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', GET]
2017-01-03 00:00:10.321 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/authorize'; against '/logout'
2017-01-03 00:00:10.321 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', POST]
2017-01-03 00:00:10.321 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /oauth/authorize' doesn't match 'POST /logout
2017-01-03 00:00:10.321 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', PUT]
2017-01-03 00:00:10.321 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /oauth/authorize' doesn't match 'PUT /logout
2017-01-03 00:00:10.321 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', DELETE]
2017-01-03 00:00:10.321 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /oauth/authorize' doesn't match 'DELETE /logout
2017-01-03 00:00:10.321 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2017-01-03 00:00:10.321 DEBUG 10988 --- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : /oauth/authorize?response_type=code&client_id=foo&redirect_uri=http://www.google.com at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2017-01-03 00:00:10.323 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.w.a.www.BasicAuthenticationFilter : Basic Authentication Authorization header found for user 'foo'
2017-01-03 00:00:10.325 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2017-01-03 00:00:10.327 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.a.dao.DaoAuthenticationProvider : User 'foo' not found
2017-01-03 00:00:10.330 DEBUG 10988 --- [nio-9000-exec-1] o.s.s.w.a.www.BasicAuthenticationFilter : Authentication request for failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
2017-01-03 00:00:10.330 DEBUG 10988 --- [nio-9000-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2017-01-03 00:00:10.340 DEBUG 10988 --- [nio-9000-exec-1] o.s.web.servlet.DispatcherServlet : DispatcherServlet with name 'dispatcherServlet' processing GET request for [/error]
2017-01-03 00:00:10.351 DEBUG 10988 --- [nio-9000-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /error
2017-01-03 00:00:10.354 DEBUG 10988 --- [nio-9000-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Returning handler method [public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)]
2017-01-03 00:00:10.355 DEBUG 10988 --- [nio-9000-exec-1] o.s.web.servlet.DispatcherServlet : Last-Modified value for [/error] is: -1
2017-01-03 00:00:10.422 DEBUG 10988 --- [nio-9000-exec-1] o.s.w.s.m.m.a.HttpEntityMethodProcessor : Written [{timestamp=Tue Jan 03 00:00:10 IST 2017, status=401, error=Unauthorized, message=Bad credentials, path=/oauth/authorize}] as "application/json" using [org.springframework.http.converter.json.MappingJackson2HttpMessageConverter@761956ac]
2017-01-03 00:00:10.422 DEBUG 10988 --- [nio-9000-exec-1] o.s.web.servlet.DispatcherServlet : Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling
2017-01-03 00:00:10.422 DEBUG 10988 --- [nio-9000-exec-1] o.s.web.servlet.DispatcherServlet : Successfully completed request
project source zip : https://filehost.net/4aa76878c969c76c
You're using
@EnableResourceServer
. You need to use@EnableAuthorizationServer
.The Resource Server in OAuth2 terms would be a service that accepts OAuth2 tokens from the Authorization Server.