spring - multiple oauth2 services and configurations -


i have existing spring application using configuration extending resourceserverconfigureadapter secure apis against internal oauth service a. trying add configuration b extending websecurityconfigureradapter authenticates against external oauth provider.

the aim continue b determine authentication /api/ related endpoints while determines overall login web application.

following existing code using resourceserverconfigureadapter:-

@configuration @enableresourceserver public class resourceserverconfiguration extends resourceserverconfigureradapter {  @value("${oauth.clientid}") private string clientid;  @value("${oauth.clientsecret}") private string clientsecret;  @autowired private resttemplate resttemplate;  @bean public remotetokenservices remotetokenservices() {     remotetokenservices remotetokenservices = new remotetokenservices();     remotetokenservices.setresttemplate(resttemplate);     remotetokenservices.setclientid(clientid);     remotetokenservices.setclientsecret(clientsecret);     remotetokenservices.setchecktokenendpointurl("srvc://myservice/api/v2/oauth/check_token");     return remotetokenservices; }  @override public void configure(resourceserversecurityconfigurer resources) throws exception {     resources.resourceid(null);     resources.tokenservices(remotetokenservices()); }  @override public void configure(httpsecurity http) throws exception {     http.anonymous()         .and().authorizerequests()         .antmatchers("/api/secured/**").authenticated()         .antmatchers("/api/**").permitall(); }}

following code using websecurityconfigureradapter:-

@springbootapplication @enableoauth2client @enablembeanexport(registration = registrationpolicy.ignore_existing) public class demoservice extends websecurityconfigureradapter {      @autowired     oauth2clientcontext oauth2clientcontext;      @override     protected void configure(httpsecurity http) throws exception {         // @formatter:off         http.antmatcher("/**").authorizerequests().antmatchers("/", "/login**", "/webjars/**").permitall().anyrequest()                 .authenticated().and().exceptionhandling()                 .authenticationentrypoint(new loginurlauthenticationentrypoint("/")).and().logout()                 .logoutsuccessurl("/").permitall().and().csrf()                 .csrftokenrepository(cookiecsrftokenrepository.withhttponlyfalse()).and()                 .addfilterbefore(ssofilter(), basicauthenticationfilter.class);         // @formatter:on     }      public static void main(string[] args) {         springapplication.run(demoservice.class, args);     }      @bean     public filterregistrationbean oauth2clientfilterregistration(oauth2clientcontextfilter filter) {         filterregistrationbean registration = new filterregistrationbean();         registration.setfilter(filter);         registration.setorder(-100);         return registration;     }      private filter ssofilter() {         oauth2clientauthenticationprocessingfilter googlefilter = new oauth2clientauthenticationprocessingfilter(                 "/login/google");         oauth2resttemplate googletemplate = new oauth2resttemplate(google(), oauth2clientcontext);         googlefilter.setresttemplate(googletemplate);         userinfotokenservices tokenservices = new userinfotokenservices(googleresource().getuserinfouri(),                 google().getclientid());         tokenservices.setresttemplate(googletemplate);         googlefilter.settokenservices(                 new userinfotokenservices(googleresource().getuserinfouri(), google().getclientid()));         return googlefilter;     }      @bean     @configurationproperties("google.client")     public authorizationcoderesourcedetails google() {         return new authorizationcoderesourcedetails();     }      @bean     @configurationproperties("google.resource")     public resourceserverproperties googleresource() {         return new resourceserverproperties();     }  }

both of them individually run fine put in same project, problems start showing up. compiles , runs fine when hit localhost:8080/ following happens - page loads fine when hit localhost:8080/login/google, shows me whitelabel error page following

this application has no explicit mapping /error, seeing fallback.  thu apr 06 13:22:27 ist 2017 there unexpected error (type=not found, status=404). not found

i try read bit resourceserverconfigureadapter vs websecurityconfigureradapter , understand there kind of filter-order determines priority of each configurer. hasn't helped me fix issue. pointers?

update: there's adapter swagger integration part of project.

@enableswagger2 @configuration public class swaggerconfiguration extends webmvcconfigureradapter {      @override     public void addviewcontrollers(viewcontrollerregistry registry) {         registry.addredirectviewcontroller("/docs", "/swagger-ui.html");         registry.addredirectviewcontroller("/docs/", "/swagger-ui.html");         registry.addredirectviewcontroller("/docs.json", "/v2/api-docs");     }      @bean     public docket swaggerspringmvcplugin() {         return new docket(documentationtype.swagger_2)             .apiinfo(new apiinfobuilder()                 .title("spring boot service")                 .description("sample project documentation")                 .contact("a@b.com")                 .version("1.0")                 .license("apache")                 .build())             .forcodegeneration(true)             .ignoredparametertypes(principal.class)             .usedefaultresponsemessages(false)             .select()             .paths(documentedpaths())             .build();     }      private predicate<string> documentedpaths() {         return or(             regex("/api.*"));     } }

.addfilterbefore(ssofilter(), basicauthenticationfilter.class);

the oauth2clientauthenticationprocessingfilter must after oauth2clientcontextfilter, oauth2clientauthenticationprocessingfilter throw redirect exception when request wrong(no code, etc...),

and oauth2clientcontextfilter catch , redirect userauthorizationuri;

the basicauthenticationfilter before oauth2clientcontextfilter normal, , should change order:

@autowired private oauth2clientcontextfilter oauth2clientcontextfilter;  protected void configure(httpsecurity http) throws exception {      http         .addfilterafter(oauth2clientcontextfilter, exceptiontranslationfilter.class)         .addfilterafter(ssofilter(), oauth2clientcontextfilter.class);  }

update:

there place need updated, if have multi chains, should define request match, default value '/**', , default order of resourceserverconfiguration 3, default order of websecurityconfigureradapter 100, resourceserverconfiguration has high priority.

// handle request start `/api` http.requestmatcher(new antpathrequestmatcher("/api/**")) http.anonymous()         .and().authorizerequests()         .antmatchers("/api/secured/**").authenticated()         .antmatchers("/api/**").permitall();

if put websecurityconfigureradapter before resourceserverconfiguration change order, should config websecurityconfigureradapter not handler /api/**

// skip request start '/api' http.requestmatcher(new regexrequestmatcher("^(?!/api).*$", null))     .authorizerequests().antmatchers("/", "/login/**", "/webjars/**").permitall().anyrequest()

update2:

.authorizerequests().antmatchers("/", "/login**")

this matcher doesn't match /login/google, please update /login/**, should be

.authorizerequests().antmatchers("/", "/login/**").permitall()


Comments

Post a Comment

Popular posts from this blog

inversion of control - Autofac named registration constructor injection -

does autofac support specifying registration name in components' constructors? example: ninject's namedattribute . you need use autofac.extras.attributed package on top achieve this so let's have 1 interface , 2 classes: public interface ihello { string sayhello(); } public class englishhello : ihello { public string sayhello() { return "hello"; } } public class frenchhello : ihello { public string sayhello() { return "bonjour"; } } then have consumer class, in want select instance injected: public class helloconsumer { private readonly ihello helloservice; public helloconsumer([withkey("en")] ihello helloservice) { if (helloservice == null) { throw new argumentnullexception("helloservice"); } this.helloservice = helloservice; } public string sayhello() { return this.helloservice.sayhello()...
Read more

verilog - Systemverilog dynamic casting issues -

i've code snippet following in testbench function void write_to_port( my_data_type_base data ); my_data_type_extended data_ext; if(!$cast(data_ext, data)); `uvm_error(get_type_name(), "failed cast"); `uvm_info(get_name(), $psprintf("data_ext :\n%s", data_ext.sprint()), uvm_medium) // write data_ext out port.... endfunction when run it, i'm getting uvm_error "failed cast." i'm not quire sure why $cast not returning 1. can see, i'm printing out extended class data item after casting uvm_info. can see it's being cast properly. if don't use $cast if condition, don't runtime error. isn't coding practice use if dynamic cast check if $cast returning 1 ? what might reason behind cast not returning 1 in above case? i think semicolon on line 'if' not belong? i think consumes if statement, , uvm_error executes regardless of how if evaluates: if(!$cast(data_ext, data)); <- no semico...
Read more

ios - Change Storyboard View using Seague -

i have following code checks connection server, , depending on want change views if no connection found. nsstring *connect = [nsstring stringwithcontentsofurl:[nsurl urlwithstring:@"http://myserver.com"] encoding:nsutf8stringencoding error:nil]; if (connect == null) { [self performseguewithidentifier:@"network_failure" sender:self]; } else { // other code here } my problem not change views. have added storyboard segue between 2 views identifier of network_failure . not have navigation controller or that, problem? thanks help! no not problem. first of all, in objectivec exists nil object oriented null . must use that. so: if(connect == nil) or better: if(!connect) so due fact nil not same of null , probably code does't enter in if scope . you have been able discover breakpoint. anyway: be sure set trigger segue (line) 2 view controller , , name network_failure (that not best name. should instead view1toview2 ) as, m...
Read more