I have an spring boot application for OAuth2 login and Okta as Auth server. below code is running fine. If I try to access secured url, spring redirects to /oauth2/authorization/{registrationId} for authorization code grant flow.
Spring Security version - 5.7.3 Spring Oauth 2 - 5.7.8
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/", "/img/**","/error", "/status") .permitAll() .anyRequest() .fullyAuthenticated();
http
.oauth2Login()
.authorizationEndpoint()
.authorizationRequestResolver(new CustomAuthorizationRequestResolver(
clientRegistrationRepository, DEFAULT_AUTHORIZATION_REQUEST_BASE_URI
));
http.oauth2Login().redirectionEndpoint().baseUri(REDIRECT_PATH);
http.oauth2Login().userInfoEndpoint().oidcUserService(this.oidcUserService());
}
But as my project is xml based (not annotaion based) so converted above code in spring xml as below :
<security:intercept-url pattern="/" access="permitAll" />
<security:intercept-url pattern="/img/**" access="permitAll" />
<security:intercept-url pattern="/error" access="permitAll" />
<security:intercept-url pattern="/status" access="permitAll" />
<security:intercept-url pattern="/**" access="isFullyAuthenticated" />
<security:oauth2-login
client-registration-repository-ref="clientRegistrationRepository"
authorization-request-resolver-ref="customAuthorizationRequestResolver"
oidc-user-service-ref="oidcUserService"
login-processing-url="/callback"
jwt-decoder-factory-ref="jwtDecoderFactory"
/>
I provided all required beans above.
Problem with XML : If I try to access secured url, it is not redirecting to /oauth2/authorization/{registrationId} and because of this Auth server (Okta) login not coming up. So i stuck there.
Any help would be appreciated.
Thanks in advance.