Spring Security with oAuth2 /oAuth/Token request 405 method not allow
Question
I am using oAuth2 token with Spring Security. If am using using same configuration with Spring boot 1.3.0 and it working fine for me. But when i am using same configuration with Spring Mvc applicaito. Then it will creating a issue
/oAuth/token ---> Post 405 Method not allow.
My oAuth configuration is as:
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
@Configuration
public class OAuth2ServerConfiguration {
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends
ResourceServerConfigurerAdapter {
@Autowired
private HttpUnauthorizedEntryPoint authenticationEntryPoint;
@Override
public void configure(HttpSecurity http) throws Exception {
http
.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint)
.and()
.csrf()
.disable()
.headers()
.frameOptions().disable()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers("/webhook/**").permitAll()
.antMatchers("/app/**").permitAll()
.antMatchers("/api/**").authenticated()
.antMatchers("/protected/**").authenticated();
}
}
@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends
AuthorizationServerConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
endpoints.tokenStore(tokenStore()).authenticationManager(
authenticationManager);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer)
throws Exception {
oauthServer.allowFormAuthenticationForClients();
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient(Constants.htgappClientId)
.scopes("read", "write")
.authorities("ROLE_ADMIN", "ROLE_USER")
.authorizedGrantTypes("password", "refresh_token", "authorization_code", "implicit")
.secret(Constants.htgappClientSecret)
.accessTokenValiditySeconds(Constants.tokenValidityInSeconds);
}
}
}
Can any one help where I am wrong.
2 answers
solution1
0 2016-03-07 13:13:47
You can specify the allowed methods as follows in the config:
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(tokenStore()).authenticationManager(authenticationManager);
endpoints.allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST)
}
solution2
0 2018-06-11 18:07:38
Default allowed is only POST for /oauth/token endpoint . So to allow the GET method we have to configure the REST endpoint. With just an XML config it's not possible to configure the allowed token endpoint methods. So creating an extra configuration class that will run a @PostConstruct method after the XML has run, to finish the job.
@Configuration
public class OauthTokenEndPointMethodConfig {
@Autowired
private TokenEndpoint tokenEndpoint;
@PostConstruct
public void reconfigure() {
Set<HttpMethod> allowedMethods = new HashSet<>(Arrays.asList(HttpMethod.GET, HttpMethod.POST));
tokenEndpoint.setAllowedRequestMethods(allowedMethods);
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Spring oauth2 oauth/token http 405 error POST method not supported
Spring Security: How to pass oauth2 access token in request headers
Token URL fails with spring security oauth2
Spring security OAuth2 token introspection
Spring Security OAuth2 JWT anonymous token
Spring security OAuth2 - verify access token
Spring boot + OAuth2 security & request filter
Spring security oauth2 - add filter after oauth/token call
StackOverflowError in Spring OAuth2 token request
Request new access token using refresh token in username-password grant in Spring Security OAuth2
Related Tags