Access Danied - Spring Boot and Oauth2

Question

Access Danied - Spring Boot and Oauth2

Navigation

1

I have a problem, I'm testing an api with spring boot and oauth2, but when requesting the token the same is generated and sent to the browser, however when sending to the resource I only get access danied, below the codes:

ServerAuthorizationApplication

package br.com.serverAuthorization;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class ServerAuthorizationApplication {

    public static void main(String[] args) {
        SpringApplication.run(ServerAuthorizationApplication.class, args);
    }
}

AuthorizationServerConfig

package br.com.serverAuthorization.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
    public static final String RESOURCE_ID = "arip";

    @Autowired
    @Qualifier("authenticationManagerBean")
    private AuthenticationManager authenticationManager;

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.tokenStore(new InMemoryTokenStore()).authenticationManager(authenticationManager);
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
        oauthServer.checkTokenAccess("hasRole('CLIENT')");
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer client) throws Exception {
        client.inMemory()
            .withClient("clientapp")
                .secret("123456")
                .authorizedGrantTypes("password")
                .scopes("read", "write")
                .resourceIds(RESOURCE_ID)
            .and()
            .withClient("clientcred")
                .secret("123456")
                .authorizedGrantTypes("client_credentials")
                .scopes("trust")
                .resourceIds(RESOURCE_ID)
            .and()
            .withClient("clientauthcode")
                .secret("123456")
                .authorizedGrantTypes("authorization_code", "refresh_token")
                .scopes("read", "write")
                .resourceIds(RESOURCE_ID)
            .and()
            .withClient("jsclient")
                .secret("123456")
                .authorizedGrantTypes("implicit")
                .scopes("read", "write")
                .resourceIds(RESOURCE_ID)
                .authorities("CLIENT")
                .redirectUris("http://localhost:8080/contacts")
                .accessTokenValiditySeconds(3600)
                .autoApprove(true);
    }
}

ResourceServerConfig

package br.com.serverAuthorization.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    public static final String RESOURCE_ID = "arip";

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/contacts").hasRole("ADMIN");
        //http.authorizeRequests().antMatchers("/api/staff").hasRole("STAFF");
        //http.authorizeRequests().antMatchers("/api/client").access("#oauth2.hasScope('trust')");
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        RemoteTokenServices tokenService = new RemoteTokenServices();
        tokenService.setClientId("jsclient");
        tokenService.setClientSecret("123456");
        tokenService.setCheckTokenEndpointUrl("http://localhost:8080/oauth/check_token");

        resources.resourceId(RESOURCE_ID).tokenServices(tokenService);
    }
}

SecurityConfig

package br.com.serverAuthorization.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity(debug = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("admin").password("passw0rd").roles("ADMIN");
        auth.inMemoryAuthentication().withUser("staff").password("passw0rd").roles("STAFF");
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/contacts").authenticated();
    }
}

HomeController

package br.com.serverAuthorization.controllers;

import java.security.Principal;
import java.util.ArrayList;
import java.util.List;

import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import br.com.serverAuthorization.models.Contact;

@RestController
@RequestMapping("/contacts")
public class HomeController {

    private List<Contact> listContact = new ArrayList<Contact>();

    @GetMapping
    public ResponseEntity<Principal> listAll(Principal user){
        System.out.println("Entro");
        listContact.add(new Contact(1, "Marcos Paulo Souza Miranda", "[email protected]"));
        listContact.add(new Contact(2, "João Pedro Souza Miranda", "[email protected]"));
        listContact.add(new Contact(3, "Radames Aurelio Miranda", "[email protected]"));
        listContact.add(new Contact(4, "Lucelia de Souza Silva Miranda", "[email protected]"));

        return new ResponseEntity<>(user, HttpStatus.OK);
    }
}

Contact

package br.com.serverAuthorization.models;

public class Contact {
    private Integer id;
    private String nome;
    private String email;
    public Contact(Integer id, String nome, String email) {
        super();
        this.id = id;
        this.nome = nome;
        this.email = email;
    }
    public Integer getId() {
        return id;
    }
    public void setId(Integer id) {
        this.id = id;
    }
    public String getNome() {
        return nome;
    }
    public void setNome(String nome) {
        this.nome = nome;
    }
    public String getEmail() {
        return email;
    }
    public void setEmail(String email) {
        this.email = email;
    }
}

java spring-security oauth2 spring-boot

asked by anonymous 21.03.2017 / 00:33

0 answers

Python 2.7.9 - Tkinter Module 01 Test API Python