java - Why does this spring oauth configuration never return 401 unauthorized? -


i followed tutorial here attempt started spring oauth. however, no pages return 401 unauthorized, though have not authenticated server (the configuration examples in tutorial supposedly disable anonymous access. comment on tutorial related issue has single response saying authorization has not been enabled, have @enableauthorizationserver on 1 of configuration classes.

all config classes

application:

@springbootapplication @enabletransactionmanagement @enableautoconfiguration(exclude = {repositoryrestmvcautoconfiguration.class}) public class application extends springbootservletinitializer {     @override     protected springapplicationbuilder configure(springapplicationbuilder application) {         return application.sources(application.class);     }      public static void main(string[] args) {         springapplication.run(application.class, args);     } }

authorization server:

@configuration @enableauthorizationserver public class authorizationserverconfig extends authorizationserverconfigureradapter {     private static string realm = "example_realm";      @autowired     private tokenstore tokenstore;      @autowired     private userapprovalhandler handler;      @autowired     @qualifier("authenticationmanagerbean")     private authenticationmanager authmanager;      @override     public void configure(clientdetailsserviceconfigurer clients) throws exception {          clients.inmemory()                .withclient("trusted-client")                .authorizedgranttypes("password", "authorization_code", "refresh_token", "implicit")                .authorities("role_client", "role_trusted_client")                .scopes("read", "write", "trust")                .secret("secret")                .accesstokenvalidityseconds(300)//invalid after 5 minutes.                .refreshtokenvalidityseconds(600);//refresh after 10 minutes.     }      @override     public void configure(authorizationserverendpointsconfigurer endpoints) throws exception {         endpoints.tokenstore(tokenstore).userapprovalhandler(handler)                  .authenticationmanager(authmanager);     }      @override     public void configure(authorizationserversecurityconfigurer oauthserver) throws exception {         oauthserver.realm(realm + "/client");     } }

resource server (note changed antmatchers anyrequest testing purposes):

@configuration @enableresourceserver public class resourceserverconfig extends resourceserverconfigureradapter {     private static final string resource_id = "spring_rest_api";      @override     public void configure(resourceserversecurityconfigurer resources) {         resources.resourceid(resource_id).stateless(false);     }      @override     public void configure(httpsecurity http) throws exception {         http.anonymous().disable()             .requestmatchers().anyrequest()             .and().authorizerequests()             .anyrequest().access("hasrole('admin')")             .and().exceptionhandling().accessdeniedhandler(new oauth2accessdeniedhandler());     } }

"security":

@configuration @enablewebsecurity public class securityconfig extends websecurityconfigureradapter {     @autowired     private clientdetailsservice clientservice;      @autowired     public void globaluserdetails(authenticationmanagerbuilder auth) throws exception {         auth.inmemoryauthentication()             .withuser("javabycode").password("123456").roles("user")             .and()             .withuser("admin").password("admin123").roles("admin");     }      @override     protected void configure(httpsecurity http) throws exception {         http.csrf().disable()             .anonymous().disable()             .authorizerequests()             .antmatchers("/oauth/token").permitall();     }      @override     @bean     public authenticationmanager authenticationmanagerbean() throws exception {         return super.authenticationmanagerbean();     }       @bean     public tokenstore tokenstore() {         return new inmemorytokenstore();     }      @bean     @autowired     public tokenstoreuserapprovalhandler userapprovalhandler(tokenstore tokenstore){         tokenstoreuserapprovalhandler handler = new tokenstoreuserapprovalhandler();         handler.settokenstore(tokenstore);         handler.setrequestfactory(new defaultoauth2requestfactory(clientservice));         handler.setclientdetailsservice(clientservice);         return handler;     }      @bean     @autowired     public approvalstore approvalstore(tokenstore tokenstore) throws exception {         tokenapprovalstore store = new tokenapprovalstore();         store.settokenstore(tokenstore);         return store;     } }

probably unrelated, there also:

@configuration @enablewebmvc @enablewebsecurity public class webconfig extends webmvcconfigureradapter {     @override     public void addcorsmappings(corsregistry registry) {         registry.addmapping("/**");     } }

after reading through full source code of tutorial, added

@configuration @enableglobalmethodsecurity(prepostenabled = true, proxytargetclass = true) public class methodsecurityconfig extends globalmethodsecurityconfiguration {     @override     protected methodsecurityexpressionhandler createexpressionhandler() {         return new oauth2methodsecurityexpressionhandler();     } }

finally, build.gradle project since have had issues specific versions of dependencies when working spring:

buildscript {     repositories {         mavencentral()     }     dependencies {         classpath("org.springframework.boot:spring-boot-gradle-plugin:1.5.1.release")         classpath('com.h2database:h2:1.4.193')         classpath('org.hibernate:hibernate-core:5.0.12.final')         classpath('org.springframework.boot:spring-boot-starter-security:1.5.2.release')     } }  apply plugin: 'idea' apply plugin: 'java' apply plugin: 'org.springframework.boot' apply plugin: 'war' sourcecompatibility = 1.8 targetcompatibility = 1.8  string appversion = "1.0.0"  war{     basename="cubscout-rest"     version=appversion     dofirst {         manifest {             attributes("implementation-title": 'cubscout-rest', "implementation-version": appversion, "implementation-timestamp": new date())         }     } }  repositories {     jcenter() }  dependencies {     compile project(':core')      compile 'org.springframework.boot:spring-boot-gradle-plugin:1.3.5.release'     compile 'org.springframework.boot:spring-boot-starter-web:1.5.1.release'     compile 'org.springframework.boot:spring-boot-starter-data-jpa:1.5.1.release'     //compile 'org.springframework.integration:spring-integration-core:4.3.7.release'     //compile 'org.springframework.batch:spring-batch-core:3.0.7.release'     compile 'org.springframework.data:spring-data-jpa:1.11.0.release'     compile 'org.springframework.data:spring-data-rest-webmvc:2.6.0.release'     compile 'org.springframework.security:spring-security-web:4.2.1.release'     //compile 'org.springframework.boot:spring-boot-starter-security:1.5.2.release'     compile 'org.springframework.security.oauth:spring-security-oauth2:2.1.0.release'     compile 'org.hibernate:hibernate-core:5.0.12.final'     compile 'com.h2database:h2:1.4.193'     compile 'org.springframework.boot:spring-boot-starter-tomcat:1.5.1.release'     testcompile 'junit:junit:4.12'     testcompile 'org.mockito:mockito-all:1.10.19'     providedruntime 'org.springframework.boot:spring-boot-starter-tomcat:1.5.1.release' }

one of spring boot's autoconfigurations interfering. changing

@springbootapplication @enabletransactionmanagement @enableautoconfiguration(exclude = {repositoryrestmvcautoconfiguration.class}) public class application extends springbootservletinitializer {

with

@springbootapplication @enabletransactionmanagement @enableautoconfiguration(exclude = {repositoryrestmvcautoconfiguration.class, oauth2autoconfiguration.class}) public class application extends springbootservletinitializer {

allows configurations function properly.


Comments

Post a Comment

Popular posts from this blog

How to understand 2 main() functions after using uftrace to profile the C++ program? -

i trying uftrace profile following simple c++ program: #include <iostream> class { public: a() {std::cout << "a created" << std::endl;} ~a() {std::cout << "a destroyed" << std::endl;} }; int main() { a; return 0; } the profile result this: # uftrace a.out created destroyed # duration tid function 2.026 [ 4828] | __cxa_atexit(); [ 4828] | main() { [ 4828] | __static_initialization_and_destruction_0() { 89.397 [ 4828] | std::ios_base::init::init(); 0.768 [ 4828] | __cxa_atexit(); 93.029 [ 4828] | } /* __static_initialization_and_destruction_0 */ 94.425 [ 4828] | } /* main */ [ 4828] | main() { [ 4828] | a::a() { 11.104 [ 4828] | std::operator <<(); 10.825 [ 4828] | std::basic_ostream::operator <<(); 24.514 [ 4828] | } /* a::a */ [ 4828] | a::~a() { 0.978 [ 4828] | ...
Read more

c# - Update a combobox from a presenter (MVP) -

i using mvp in project, new in mvp. have 2 comboboxes. when select option in combobox, combobox should filled new data. this action in presenter. view 'view1' in presenter, , introduced combobox1 , combobox2 properties in 'view1', because need 'datasource', 'displaymember', 'valuemember' , 'refresh()' in method below. but, when using pattern, enough send property like public string combobox2 { { return combobox1.selectedvalue.tosstring(); } } into presenter not whole combobox. how can solve problem? public void onselectedindexchangedcombobox1() { if (view1.combobox1.selectedindex == -1) { return; } datatable dt = tools.getdatatable("a path"); var query = (from o in dt.asenumerable() o.field<string>("afield") == farmerview.combobox1.selectedvalue.tostring() orderby o.field<string>("anotherfield") select...
Read more

How to put a lock and transaction on table using spring 4 or above using jdbcTemplate and annotations like @Transactional? -

i trying put lock on table while writing on table , if happened in between roll-back . trying convert below code lock table test_g1 read; lock table test_g write; -- begin; start transaction; insert test_g1 values(143); insert test_g values(145); select * test_g1; select * test_g; rollback; select * test_g; unlock tables; how convert above code @transactional spring jdbctemplate code? @transactional(rollbackfor={dataaccessexception.class}) public void test(){ jdbctemplate.execute("insert test1 (id, nam) values (4, 'a')"); throw new dataaccessexception("error") { }; } here trying throw error, insert statement should rollback it's not happening . thanks edit-1 attaching code , doing in jdbcdaoimpl.java , mentioned problem comment above test() . app.java package com.cgiri.javabrains.spring4; import org.springframework.beans.factory.annotation.autowired; import org.springframework.context.applic...
Read more