jgrandja / oauth2-protocol-patterns Goto Github PK
View Code? Open in Web Editor NEWLicense: Apache License 2.0
oauth2-protocol-patterns's People
Contributors
Stargazers
Watchers
Forkers
fagerli cfossguy honnuanand kunmunm cadu-goncalves vts256 sanayafai dgsaigit willydekeyser barser svlugovoy petros0 nodejsnewbie karthikbashyam deepaksorthiya ahulyk sdoxsee beijixing1745 glennoph p5f8 fabiosalasm-zz vasilaio sakhtar1979 dfcoffin sophea sergion carpentrie omebarki anandvarkeyphilips alexpeul steklopod lnvieira kosmoflyko jansturenielsen greticani ylcolala scousex avec112 rmampuzha-aie littlebaibai ghostidentity rejwan052 josemar7 martowu nsardan boapinta mahatmafatalerror nicholasjorge prometheus178 mana-boot adib-samples toretest marcelomata myluckagain sivaone donhuvy philyue sai-studio dk-courses softwaremike nashidforbes radhikari54 neerazz tusharchaudhari30 anoopgarlapati sumanbandopadhyay th3n3rd c20o20 casimirrex juniar-rakhman pengliuibm skalej tanzcntt amrnyang medovuk aplusphilic cotharsis sharifyy abrahamyanarman nemomichael missaouib zhangxiuzhi direkshan-digital ezmobivietnam m0b1n sjohnr slepvlad shipofsea m-omarahmed javiosyc i-zakharov dmitriivashchenko alexrogalskiy thiaguten edmwat ipalbeniz nickem kgromov stefanganzer wmhillockoauth2-protocol-patterns's Issues
Actuactor health endpoints are blocked
My microservice needs to expose actuator endpoints for monitoring purpose. thus I added the dependency "org.springframework.boot:spring-boot-starter-actuator". but I hit the error "HTTP ERROR 401".
I modified ResourceServerConfig to exclude the authentication check on this endpoint as below:
// @Formatter:off
@OverRide
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/actuator/health").permitAll()
.mvcMatchers("/api/**").access("hasAuthority('SCOPE_resource.read')")
.anyRequest().authenticated()
.and()
.oauth2ResourceServer()
.jwt()
.jwkSetUri(this.resourceServerProperties.getJwt().getJwkSetUri());
}
// @Formatter:on
but it doesn't work. Any advice?
How to secure individual endpoints on microservice c
If microservice c had 10 RestController endpoints, how could you update this code to lockdown each one of them? Because it looks like the token allows access to the entire service when in reality that is never the case. A client of a service may only have access to 5 of the 10 endpoints. How can you get more granular security in the client credential flow?
FAILURE with UAA
When I start uaa server using ./gradlew -b uaa-server/build.gradle uaa
I got FAILURE as a response on http://localhost:8090/uaa/
How to enable logs?
Which SSO provider to use : Spring or Keycloak ?
Thank you Joe, for this great sample application demo.
Question: I am try to decide which provider to use (spring or keycloak) for my SSO application. Can you guide me to right direction. We are planning to starting SSO development in couple of weeks.
How does Spring Security 5.2 and later support Client Assertion?
Hi Joe,
Can you please provide an example about how to implement Client Assertion (one kind of client credentials for service to service) with Spring Security 5.2 and above?
Thank you in advance,
Will
Cannot run the demo
Hi,
Thank for sharing the demo!
When I access localhost:8080, after a while it will show FAILURE.
And when I see the uaa-server.log, I have an error:
Caused by: java.lang.ClassNotFoundException: javax.xml.bind.JAXBException
I try to add these dependencies but it doesn't work
dependencies {
uaa("org.cloudfoundry.identity:cloudfoundry-identity-uaa:${uaaVersion}@war") {
artifact {
name = "cloudfoundry-identity-uaa"
extension = 'war'
type = 'war'
}
compile "javax.xml.bind:jaxb-api:2.2.11"
compile "com.sun.xml.bind:jaxb-core:2.2.11"
compile "com.sun.xml.bind:jaxb-impl:2.2.11"
compile "javax.activation:activation:1.1.1"
}
}
Can you help me on this?
How to implement Client Assertion with Spring Security 5.2+ ?
Hi Joe,
Can you please advise how to implement Client Assertion with Spring Security 5.2+ ?
Thank you in advance,
Will
oauth2Authentication is null
Hi Joe,
I changed the "auth-server" to "localhost" in all projects. I tried to access localhost:8080 and it showed a login page at http://localhost:9000. I typed in user1/password, and it had 500 internal error, checked the log, it was caused by "oauth2Authentication is null".
@bean
ProviderSettings providerSettings() {
return new ProviderSettings().issuer("http://localhost:9000");
}
@ModelAttribute("authorizedClientRegistrations")
List authorizedClientRegistrations(OAuth2AuthenticationToken oauth2Authentication) {
if (this.clientRegistrationRepository == null) {
return Collections.emptyList();
}
If I added the entry 127.0.0.1 auth-server to host file and keep using "auth-server", it works.
What is the difference between http://auth-server:9000 and http://localhost:9000 in this case?
Warm regards,
William
@Postmapping(/message) ending up 403 forbidden
Hi @jgrandja ,
I am trying with Keycloak configuration .
all "Get" request are working fine i.e @GetMapping("/") and @GetMapping("/whoami") from "Amicroservice and Bmicroservice.
But when i add a "@Postmapping(/massage)" in AControlloer.java and try to consume from home.html or index.html, issue. 403 forbidden.
Should i need to add something like below to consume "@postmapping()" or Post method .?
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.oauth2Login().and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.and()
.authorizeRequests()
if possible, can you please add a simple @Postmapping() example api/method in any of the "Amicroservice or hotel Bmicroservice. and consume it from Index.html or home.html.
Code snippet:
@SpringBootApplication
@Controller
public class HotelsApplication {
public static void main(String[] args) {
SpringApplication.run(HotelsApplication.class, args);
}
@GetMapping("/")
public String getIndex() {
return "index";
}
@GetMapping("/whoami")
@ResponseBody
public Authentication whoami(Authentication auth) {
return auth;
}
/* newly added post method
* which is not working as expected , it sis ending up with error
* Failed to load resource: the server responded with a status of 403 (Forbidden)
*/
@PostMapping("/message")
public String createMessage(@RequestBody String message) {
return String.format("Message was created. Content: %s", message);
}
}
Securityconfig class is in my Amicroservice (ResourceService )
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.oauth2ResourceServer().jwt().jwtAuthenticationConverter(jwtAuthenticationConverter());
http.authorizeRequests().anyRequest().authenticated();
http.headers().frameOptions().sameOrigin();
}
private JwtAuthenticationConverter jwtAuthenticationConverter() {
JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(new KeycloakRealmRoleConverter());
return jwtAuthenticationConverter;
}
@Bean
public JwtDecoder jwtDecoderByIssuerUri(OAuth2ResourceServerProperties properties) {
String issuerUri = properties.getJwt().getIssuerUri();
NimbusJwtDecoder jwtDecoder = (NimbusJwtDecoder) JwtDecoders.fromIssuerLocation(issuerUri);
jwtDecoder.setClaimSetConverter(new UsernameSubClaimAdapter());
return jwtDecoder;
}
}
class UsernameSubClaimAdapter implements Converter<Map<String, Object>, Map<String, Object>> {
private final MappedJwtClaimSetConverter delegate = MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap());
@Override
public Map<String, Object> convert(Map<String, Object> claims) {
Map<String, Object> convertedClaims = this.delegate.convert(claims);
String username = (String) convertedClaims.get("preferred_username");
convertedClaims.put("sub", username);
return convertedClaims;
}
}
class KeycloakRealmRoleConverter implements Converter<Jwt, Collection<GrantedAuthority>> {
@Override
@SuppressWarnings("unchecked")
public Collection<GrantedAuthority> convert(final Jwt jwt) {
final Map<String, Object> realmAccess = (Map<String, Object>) jwt.getClaims().get("realm_access");
return ((List<String>) realmAccess.get("roles")).stream()
.map(roleName -> "ROLE_" + roleName)
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList());
}
}
Thanks in advance.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.