Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to change spring security oauth2 default token endpoint?

We have spring security oauth2 based application. Every thing is working fine. But i am failed to change default token endpoint from "/oauth/token" to "/external/oauth/token".

My spring-servlet.xml

<http pattern="/external/oauth/token" create-session="stateless"         authentication-manager-ref="clientAuthenticationManager"        use-expressions="true" xmlns="http://www.springframework.org/schema/security">       <intercept-url pattern="/external/oauth/token" access="isFullyAuthenticated()" />       <anonymous enabled="false" />       <http-basic entry-point-ref="clientAuthenticationEntryPoint" />       <!-- include this only if you need to authenticate clients via request parameters -->       <custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER" />       <access-denied-handler ref="oauthAccessDeniedHandler"/> </http>  <oauth:authorization-server client-details-service-ref="clientDetails"          token-services-ref="tokenServices"          user-approval-handler-ref="userApprovalHandler" token-endpoint-url="/external/oauth/token">         <oauth:authorization-code />         <oauth:implicit />         <oauth:refresh-token />         <oauth:client-credentials />         <oauth:password /> </oauth:authorization-server> 

But the result when i access this endpoint is

{     error: "unauthorized"     error_description: "An Authentication object was not found in the SecurityContext" } 

am i missing any thing ? Please suggest.

like image 376
Srikanth Avatar asked Mar 06 '14 11:03

Srikanth


People also ask

What is token endpoint in OAuth2?

The token endpoint is a subcomponent of the authorization server. It is a dedicated ICF node for issuing access tokens after having successfully authenticated an OAuth 2.0 client.

Is Spring Security OAuth2 Autoconfigure deprecated?

Spring Security OAuth2 project is currently deprecated and Spring Security team has decided to no longer provide support for authorization servers.


1 Answers

With the version 2.0.5.RELEASE or above of spring-security-oauth2

In one line in java based configuration, tested and works fine, somehow it's overriding the RequestMapping value of the TokenEndpoint class.

@Configuration @EnableAuthorizationServer protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {                @Override         public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {             endpoints                 .pathMapping("/oauth/token", "<your custom endpoint>")         } } 
like image 172
Emilien Brigand Avatar answered Sep 22 '22 14:09

Emilien Brigand