TechQA.

OAuth2RestOperations uses token obtained from request header instead of requesting the auth server

730 views Asked by At

I have a spring boot client app which uses OAuth2RestTemplate as OAuth2Client. I have configured the OAuth2RestTemplate to call authserver and add token obtained from it to header for accessing resource server. The problem occured is that whenever i call the method in client app to access resource server using restTemplate, it used the token coming from header of the request of the client app instead of calling the auth server. It uses that token and the token gets rejected by my resource server. And after it is rejected, it then only calls the auth server and puts correct token and again sends the request to my resource server.

Is there any way to make rest template not use the token from the header and call the auth server for the token before connecting resource server? Thank u

My config class

@Configuration
@EnableOAuth2Client
public class OAuth2ClientConfig {

    @Autowired
    ConfigProperties configProperties;

    @Bean("oauth2AuthServer")
    public OAuth2RestOperations restTemplate(OAuth2ClientContext oauth2ClientContext) {
        OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(resource(), oauth2ClientContext);
        oAuth2RestTemplate.setAccessTokenProvider(new CustomResourceOwnerPasswordAccessTokenProvider());
        return oAuth2RestTemplate;
    }

    @Bean
    protected OAuth2ProtectedResourceDetails resource() {
        ResourceOwnerPasswordResourceDetails resource = new ResourceOwnerPasswordResourceDetails();
        resource.setId(configProperties.getClientId());
        resource.setAccessTokenUri(configProperties.getAccessTokenUri());
        resource.setClientId(configProperties.getClientId());
        resource.setClientSecret(configProperties.getClientSecret());
        resource.setGrantType(configProperties.getGrantType());
        resource.setClientAuthenticationScheme(AuthenticationScheme.header);
        resource.setAuthenticationScheme(AuthenticationScheme.header); // 
        resource.setUsername(configProperties.getUsername());
        resource.setPassword(configProperties.getPassword());
        return resource;
    }

}

My serviceImpl method is

@Autowired
    @Qualifier("oauth2AuthServer")
    private OAuth2RestOperations oauth2RestOperations;

RequestResponse callResourceServer(ResourceRequest request) {
        try {
            RequestResponse response;
            HttpHeaders headers = new HttpHeaders();
            headers.setContentType(MediaType.APPLICATION_JSON); 
            HttpEntity<ReseourceRequest> entity = new HttpEntity<>(request, headers);
            response = this.oauth2RestOperations.postForObject(
                    microServiceConfig.getUrl(), 
                    entity, 
                   RequestResponse.class
            );
            return response;
        } catch (Exception ex) {
            log.error(ex);
            throw new exception("error");
        }
    }
spring spring-boot spring-security-oauth2 oauth2resttemplate
Original Q&A
1

There are 1 answers

2
Sandeep Vedavyas On

I see BaseOAuth2ProtectedResourceDetails and Oauth2RestTemplate deprecated, Can we still use them ? or we should migrate to 5.x options

Related Questions in SPRING

Related Questions in SPRING-BOOT

Related Questions in SPRING-SECURITY-OAUTH2

Related Questions in OAUTH2RESTTEMPLATE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions