I am getting “Full authentication is required to access this resource” response from Spring boot security setup
Question
I am building simple password grant type with in memory authorization server for demo purpose, and later on to integrate with my existing web application.
Not sure is there any configuration I am missing.
Also tried with base64 url, form data and other options but still getting the same response from server.
spring boot basic security is disabled with management.security.enabled=false
Authorization server
@Configuration
@EnableAuthorizationServer
@EnableAutoConfiguration
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private TokenStore tokenStore;
@Override
public void configure (AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authenticationManager (authenticationManager)
.tokenStore (tokenStore);
}
@Bean
public TokenStore tokenStore () {
return new InMemoryTokenStore ();
}
@Bean
public PasswordEncoder passwordEncoder () {
return new BCryptPasswordEncoder ();
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient("java-client").secret(passwordEncoder (). encode ("java-secret"))
.authorities ("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT", "USER")
.autoApprove (true)
.authorizedGrantTypes("authorization_code", "refresh_token", "password").scopes("read", "write");
}
}
// Security Config
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception { // @formatter:off
http.authorizeRequests()
.antMatchers("**").permitAll();
} // @formatter:on
@Bean
public BCryptPasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
}
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.allowFormAuthenticationForClients();
}
}
1 answers
solution1
0 2019-04-27 19:58:12
That error basically means you access to the resource that is protected by authentication and you didn't provide a username/password properly. If you access to the url on webbrwoser, you'll be asked to enter username and password. Alternatively, you can add username and password on the request if you use curl.
Either username:password@your_url, or add Authorization header with "Basic ".
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.