Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring OAuth2 - custom "OAuth Approval" page at oauth/authorize

Tags:

spring-security

spring-security-oauth2

what is recommended way to create custom pages OAuth Approval page:

default page

I have to completely override the stuff on the page, need to add styles, branding etc. What is the right way to achieve that? Where could I see the source of the default page to use it as a starting point?

I also need to override the /login page but I think the approach of overriding it is going to be pretty much the same.

like image 416
Barbadoss Avatar asked Mar 30 '15 11:03

Barbadoss

2 Answers

The recommended way is to provide a normal Spring MVC @RequestMapping for the "/oauth/confirm_access". You can look at WhitelabelApprovalEndpoint for the default implementation. Don't forget to use @SessionAttributes("authorizationRequest") in your controller.

like image 79
Dave Syer Avatar answered Oct 18 '22 22:10

Dave Syer

In addition to @DaveSyer's answer, which should work for the most of the cases. Sometimes based on configuration and customization the aforementioned method may not work, if Framew‌orkEndpointHandlerMa‌pping from Spring Security OAuth package has higher order than RequestMappingHandlerMapping of your application. If this is the case, then servlet dispatcher will never reach you mapping and will always show the default page.

One way to fix it is to change the order of mappers, given that Framew‌orkEndpointHandlerMa‌pping's order is Order.LOWEST_PRECEDENCE - 2.

Another way is to set the approval page to a custom URL, not mapped by Framew‌orkEndpointHandlerMa‌pping, thus servlet dispatcher will reaches you application's mapping 

@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
    @Autowired
    private AuthorizationEndpoint authorizationEndpoint;

    @PostConstruct
    public void init() {
        authorizationEndpoint.setUserApprovalPage("forward:/oauth/custom_confirm_access");
        authorizationEndpoint.setErrorPage("forward:/oauth/custom_error");
    }
}

With such a configuration mappings of /oauth/custom_confirm_access and /oauth/custom_error will be used as a confirmation page and an error page respectively.

like image 7
schatten Avatar answered Oct 18 '22 21:10

schatten
Sign in to Comment

Related questions

How to allow a User only access their own data in Spring Boot / Spring Security?
SPRING: Add custom user details to spring security user
How to customize the behaviour of SecurityContextPersistenceFilter?
Facebook login in JWT
JHipster: CORS fails on form login (actual request, not pre-flight)
Integrating Captcha with Spring Security
Spring security 4 custom login j_spring_security_check return http 302
java.lang.IllegalStateException: BeanFactory not initialized or already closed - call 'refresh' before accessing beans via the ApplicationContext
Spring OAuth2 - There is no client authentication. Try adding an appropriate authentication filter
Basic Authentication Filter and authentication entry point not actually used from spring oauth2 token request
"The matching wildcard is strict, but no declaration can be found for element 'http'" Error
SecurityContextHolder.getContext().getAuthentication() returning null
Handling roles when authenticated to active directory with spring security 3.1
IP filter using Spring Security
spring security No WebApplicationContext found
Understanding OAuth2 Client credentials flow
How to configure Spring Security to send 'X-CSRF-TOKEN'?
ajax login with spring webMVC and spring security
Security configuration with Spring-boot
Spring Security: How to use multiple URL patterns in FilterRegistrationBean?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!