Spring OAuth2 autorization from database

2
votes

Hello everyone, I'm practicing OAuth2 in Spring boot.I have developed the application when i access get resources, i'm getting the response but for post resources i have to provide username and password which i'm passing in request but it still gives me this response

curl -i --user admin:admin -H Accept:application/json -X PUT http://localhost:8080/api/user/addUpdateUser -H Content-Type: application/json -d '{ "userId": 3, "firstName": "M.Danish", "lastName": "Khan", "userName": "danishkhan", "address": "Mardan", "phone": "04543545435" }'

{
  "timestamp": 1464778621656,
  "status": 401,
  "error": "Unauthorized",
  "message": "Access Denied",
  "path": "/api/user/addUpdateUser"
}

This my code.

Web Security Configuration

@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter{

@Autowired
private UserDetailsService userDetailsService;

@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(userDetailsService);
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .antMatchers(HttpMethod.GET).permitAll()
            .anyRequest().authenticated()
            .and().httpBasic()
            .and().csrf().disable();
}

@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
}

}

OAuth Resource Server Configuration

@Configuration
@EnableResourceServer
public class OAuth2ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

private final String RESOURCE_ID="SpringOAuth";

@Autowired
private CustomAuthenticationEntryPoint customAuthenticationEntryPoint;

/*@Autowired
private UserDetailsService userDetailsService;*/

@Override
public void configure(HttpSecurity http) throws Exception {

    http    .exceptionHandling()
            .authenticationEntryPoint(customAuthenticationEntryPoint)
            .and()
            .authorizeRequests()
            .antMatchers(HttpMethod.GET).permitAll()
            .anyRequest().authenticated()
            /*.and().userDetailsService(userDetailsService);  was just checking whether it will work with this or not*/
}

@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
    resources.resourceId(RESOURCE_ID);
}
}

OAuth Authorization Server Configuration

@Configuration
@EnableAuthorizationServer
public class OAuth2AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

private final String RESOURCE_ID="SpringOAuth";

private TokenStore tokenStore = new InMemoryTokenStore();

@Autowired
private UserDetailsService userDetailsService;

@Autowired
AuthenticationManager authenticationManager;

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients.inMemory()
            .withClient("client")
            .authorizedGrantTypes("password", "refresh_token")
            .authorities("ROLE_USER")
            .scopes("read")
            .resourceIds(RESOURCE_ID)
            .secret("secret").accessTokenValiditySeconds(3600);
}

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
    endpoints
            .tokenStore(this.tokenStore)
            .authenticationManager(this.authenticationManager)
            .userDetailsService(userDetailsService);
}



@Bean
@Primary
public DefaultTokenServices tokenServices() {
    DefaultTokenServices tokenServices = new DefaultTokenServices();
    tokenServices.setSupportRefreshToken(true);
    tokenServices.setTokenStore(this.tokenStore);
    return tokenServices;
}

}

Controller

@Controller
@RequestMapping("/api/user")
public class UserController {
@Autowired
private UserService userService;

@RequestMapping(value = "/addUpdateUser",method = RequestMethod.POST)
public ResponseEntity<Void> add_UpdateUser(@RequestBody User user){
    if(user==null){
        return new ResponseEntity<Void>(HttpStatus.EXPECTATION_FAILED);
    }else{
        userService.add_UpdateUser(user);
        return new ResponseEntity<Void>(HttpStatus.CREATED);
    }
}

@RequestMapping("/getAllUser")
public ResponseEntity<List<User>> getAllUsers(){
    return new ResponseEntity<List<User>>(userService.getAllUsers(),HttpStatus.OK);
}

@RequestMapping(value = "/deleteUser",method = RequestMethod.POST)
public ResponseEntity<Void> deleteUser(@RequestBody String userName){
    if(userName.equals("")){
        return new ResponseEntity<Void>(HttpStatus.BAD_REQUEST);
    }else {
        userService.deleteUser(userName);
        return new ResponseEntity<Void>(HttpStatus.OK);
    }
}

}
1
oauthspring-bootoauth-2.0spring-security-oauth2
anyone please answer my question. I have recreated the the application still it is like above i described.Muhammad Danish Khan

1 Answers

0
votes

Your content type header must be surround by quotation marks because you have a space in it.

-H Content-Type: application/json

Should be

-H "Content-Type: application/json"

Otherwise the shell considers them as separate arguments. Like this

$ curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 27f9e2b7-4441-4c03-acdb-7e7dc358f783" -d '{"apiKey": "key", "tag": "tag"}' localhost:8080/isTagAvailable

Also you didn't get an access token first.