Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to change spring security oauth2 default token endpoint?

Tags:

spring-security-oauth2

We have spring security oauth2 based application. Every thing is working fine. But i am failed to change default token endpoint from "/oauth/token" to "/external/oauth/token".

My spring-servlet.xml

<http pattern="/external/oauth/token" create-session="stateless"         authentication-manager-ref="clientAuthenticationManager"        use-expressions="true" xmlns="http://www.springframework.org/schema/security">       <intercept-url pattern="/external/oauth/token" access="isFullyAuthenticated()" />       <anonymous enabled="false" />       <http-basic entry-point-ref="clientAuthenticationEntryPoint" />       <!-- include this only if you need to authenticate clients via request parameters -->       <custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER" />       <access-denied-handler ref="oauthAccessDeniedHandler"/> </http>  <oauth:authorization-server client-details-service-ref="clientDetails"          token-services-ref="tokenServices"          user-approval-handler-ref="userApprovalHandler" token-endpoint-url="/external/oauth/token">         <oauth:authorization-code />         <oauth:implicit />         <oauth:refresh-token />         <oauth:client-credentials />         <oauth:password /> </oauth:authorization-server>

But the result when i access this endpoint is

{     error: "unauthorized"     error_description: "An Authentication object was not found in the SecurityContext" }

am i missing any thing ? Please suggest.

like image 376
Srikanth Avatar asked Mar 06 '14 11:03

Srikanth

People also ask

What is token endpoint in OAuth2?

The token endpoint is a subcomponent of the authorization server. It is a dedicated ICF node for issuing access tokens after having successfully authenticated an OAuth 2.0 client.

Is Spring Security OAuth2 Autoconfigure deprecated?

Spring Security OAuth2 project is currently deprecated and Spring Security team has decided to no longer provide support for authorization servers.

1 Answers

With the version 2.0.5.RELEASE or above of spring-security-oauth2

In one line in java based configuration, tested and works fine, somehow it's overriding the RequestMapping value of the TokenEndpoint class.

@Configuration @EnableAuthorizationServer protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {                @Override         public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {             endpoints                 .pathMapping("/oauth/token", "<your custom endpoint>")         } }
like image 172
Emilien Brigand Avatar answered Sep 22 '22 14:09

Emilien Brigand
Sign in to Comment

Related questions

How do /oauth/authorize and /oauth/token interact in Spring OAuth?
How to allow a User only access their own data in Spring Boot / Spring Security?
How to make Spring Security OAuth2 really stateless / get rid of "state" parameter?
Spring OAuth2 - There is no client authentication. Try adding an appropriate authentication filter
How to add more data in access_token JWT
Spring OAuth2 - custom "OAuth Approval" page at oauth/authorize
How to add a client using JDBC for ClientDetailsServiceConfigurer in Spring?
Why is my token being rejected? What is a resource ID? "Invalid token does not contain resource id (oauth2-resource)"
Is there working example of OAuth2 with WebFlux
Spring OAuth2 checkUserScopes is not working as expected
Web and Mobile Clients for Spring Security OAuth2
Spring security - allowing anonymous access
Spring Boot 1.3.3 @EnableResourceServer and @EnableOAuth2Sso at the same time
Spring Boot + Spring Security + Spring OAuth2 + Google Sign in
How to get Spring Boot and OAuth2 example to use password grant credentials other than the default
How to logout oauth2 client in Spring?
Adding more then one client to the Spring OAuth2 Auth Server
Standalone Spring OAuth2 JWT Authorization Server + CORS
Unable to get EnableOauth2Sso Working -- BadCredentialsException: Could not obtain access token

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!