Spring custom centralized authorization server (oauth) - Error authenticating and customizing
up vote
0
down vote
favorite
I'm green to both spring and OAuth, which makes this an exciting problem for me to be stuck on!
From what I gather, what I need to do is create a centralized authorization server with oauth and open ID.
We have a central database of users and we want all of our applications to make a call to the authorization server, login in, automatically approve (since the only traffic should be from our servers) and redirect them based on the URI they pass.
Ideally, we would give them the authorization token and the ID token (open ID) so they have information on the user logged in.
So I am working on setting up a Spring boot application where it acts just as the authorization server. So far, I see the login page - but every single login attempt ends with the following error:
Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.
Here is what I have so far for that server:
SpringBootServletInitializer (application initializer) - com.company
@SpringBootApplication
@Configuration
@EnableAutoConfiguration
@ComponentScan
public class Application extends SpringBootServletInitializer {
public static void main(String args) {
SpringApplication.run(Application.class, args);
}
}
AuthorizationServerConfigurerAdapter(auth server) - com.company.config
@Configuration
@EnableAuthorizationServer
public class AuthorizationServer extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("my_client")
.secret("my_secret")
.autoApprove(true)
.authorizedGrantTypes("authorization_code", "refresh_token", "password")
.scopes("openid")
.accessTokenValiditySeconds(600);
}
}
WebSecurityConfigurerAdapter(security) - com.company.config
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password")
.roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
.and()
.httpBasic().disable()
.anonymous().disable()
.authorizeRequests().anyRequest().authenticated();
// disabled basic auth and configured to use dafault Spring Security form login.
}
}
So questions:
- What is that error and why am I seeing it?
- How do I customize the login page I am seeing? I'm desperately looking around in Spring documentation and I'm lost/overwhelmed. I don't have anything in the resources folder outside of the property file I have.
spring spring-security spring-security-oauth2
add a comment |
up vote
0
down vote
favorite
I'm green to both spring and OAuth, which makes this an exciting problem for me to be stuck on!
From what I gather, what I need to do is create a centralized authorization server with oauth and open ID.
We have a central database of users and we want all of our applications to make a call to the authorization server, login in, automatically approve (since the only traffic should be from our servers) and redirect them based on the URI they pass.
Ideally, we would give them the authorization token and the ID token (open ID) so they have information on the user logged in.
So I am working on setting up a Spring boot application where it acts just as the authorization server. So far, I see the login page - but every single login attempt ends with the following error:
Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.
Here is what I have so far for that server:
SpringBootServletInitializer (application initializer) - com.company
@SpringBootApplication
@Configuration
@EnableAutoConfiguration
@ComponentScan
public class Application extends SpringBootServletInitializer {
public static void main(String args) {
SpringApplication.run(Application.class, args);
}
}
AuthorizationServerConfigurerAdapter(auth server) - com.company.config
@Configuration
@EnableAuthorizationServer
public class AuthorizationServer extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("my_client")
.secret("my_secret")
.autoApprove(true)
.authorizedGrantTypes("authorization_code", "refresh_token", "password")
.scopes("openid")
.accessTokenValiditySeconds(600);
}
}
WebSecurityConfigurerAdapter(security) - com.company.config
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password")
.roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
.and()
.httpBasic().disable()
.anonymous().disable()
.authorizeRequests().anyRequest().authenticated();
// disabled basic auth and configured to use dafault Spring Security form login.
}
}
So questions:
- What is that error and why am I seeing it?
- How do I customize the login page I am seeing? I'm desperately looking around in Spring documentation and I'm lost/overwhelmed. I don't have anything in the resources folder outside of the property file I have.
spring spring-security spring-security-oauth2
You may enable verbose logging by setting the following in application.properties to see the exact error. logging.level.org.springframework.security=DEBUG
– Tuhin Kanti Sharma
5 hours ago
Will add - thank you!
– StaticMaine
5 hours ago
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm green to both spring and OAuth, which makes this an exciting problem for me to be stuck on!
From what I gather, what I need to do is create a centralized authorization server with oauth and open ID.
We have a central database of users and we want all of our applications to make a call to the authorization server, login in, automatically approve (since the only traffic should be from our servers) and redirect them based on the URI they pass.
Ideally, we would give them the authorization token and the ID token (open ID) so they have information on the user logged in.
So I am working on setting up a Spring boot application where it acts just as the authorization server. So far, I see the login page - but every single login attempt ends with the following error:
Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.
Here is what I have so far for that server:
SpringBootServletInitializer (application initializer) - com.company
@SpringBootApplication
@Configuration
@EnableAutoConfiguration
@ComponentScan
public class Application extends SpringBootServletInitializer {
public static void main(String args) {
SpringApplication.run(Application.class, args);
}
}
AuthorizationServerConfigurerAdapter(auth server) - com.company.config
@Configuration
@EnableAuthorizationServer
public class AuthorizationServer extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("my_client")
.secret("my_secret")
.autoApprove(true)
.authorizedGrantTypes("authorization_code", "refresh_token", "password")
.scopes("openid")
.accessTokenValiditySeconds(600);
}
}
WebSecurityConfigurerAdapter(security) - com.company.config
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password")
.roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
.and()
.httpBasic().disable()
.anonymous().disable()
.authorizeRequests().anyRequest().authenticated();
// disabled basic auth and configured to use dafault Spring Security form login.
}
}
So questions:
- What is that error and why am I seeing it?
- How do I customize the login page I am seeing? I'm desperately looking around in Spring documentation and I'm lost/overwhelmed. I don't have anything in the resources folder outside of the property file I have.
spring spring-security spring-security-oauth2
I'm green to both spring and OAuth, which makes this an exciting problem for me to be stuck on!
From what I gather, what I need to do is create a centralized authorization server with oauth and open ID.
We have a central database of users and we want all of our applications to make a call to the authorization server, login in, automatically approve (since the only traffic should be from our servers) and redirect them based on the URI they pass.
Ideally, we would give them the authorization token and the ID token (open ID) so they have information on the user logged in.
So I am working on setting up a Spring boot application where it acts just as the authorization server. So far, I see the login page - but every single login attempt ends with the following error:
Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.
Here is what I have so far for that server:
SpringBootServletInitializer (application initializer) - com.company
@SpringBootApplication
@Configuration
@EnableAutoConfiguration
@ComponentScan
public class Application extends SpringBootServletInitializer {
public static void main(String args) {
SpringApplication.run(Application.class, args);
}
}
AuthorizationServerConfigurerAdapter(auth server) - com.company.config
@Configuration
@EnableAuthorizationServer
public class AuthorizationServer extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("my_client")
.secret("my_secret")
.autoApprove(true)
.authorizedGrantTypes("authorization_code", "refresh_token", "password")
.scopes("openid")
.accessTokenValiditySeconds(600);
}
}
WebSecurityConfigurerAdapter(security) - com.company.config
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password")
.roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin()
.and()
.httpBasic().disable()
.anonymous().disable()
.authorizeRequests().anyRequest().authenticated();
// disabled basic auth and configured to use dafault Spring Security form login.
}
}
So questions:
- What is that error and why am I seeing it?
- How do I customize the login page I am seeing? I'm desperately looking around in Spring documentation and I'm lost/overwhelmed. I don't have anything in the resources folder outside of the property file I have.
spring spring-security spring-security-oauth2
spring spring-security spring-security-oauth2
asked 6 hours ago
StaticMaine
154
154
You may enable verbose logging by setting the following in application.properties to see the exact error. logging.level.org.springframework.security=DEBUG
– Tuhin Kanti Sharma
5 hours ago
Will add - thank you!
– StaticMaine
5 hours ago
add a comment |
You may enable verbose logging by setting the following in application.properties to see the exact error. logging.level.org.springframework.security=DEBUG
– Tuhin Kanti Sharma
5 hours ago
Will add - thank you!
– StaticMaine
5 hours ago
You may enable verbose logging by setting the following in application.properties to see the exact error. logging.level.org.springframework.security=DEBUG
– Tuhin Kanti Sharma
5 hours ago
You may enable verbose logging by setting the following in application.properties to see the exact error. logging.level.org.springframework.security=DEBUG
– Tuhin Kanti Sharma
5 hours ago
Will add - thank you!
– StaticMaine
5 hours ago
Will add - thank you!
– StaticMaine
5 hours ago
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
the error it's from spring being enable to map to an error page, that's because there is an Exception.
you can specify your own login page as follow:
.formLogin()
.loginPage("/login.html") //your custom login page
.defaultSuccessUrl("/homepage.html", true) //welcome page after login success
.failureUrl("/login.html?error=true") // when AccessDenied happens
New contributor
So question about oauth and the flow with Spring. Ideally, I want the success URL to be whatever the redirect URI is. How do I pass that and configure that in my formLogin Spring configuration? Thank you for help - I see how this makes sense and am trying it now
– StaticMaine
5 hours ago
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
the error it's from spring being enable to map to an error page, that's because there is an Exception.
you can specify your own login page as follow:
.formLogin()
.loginPage("/login.html") //your custom login page
.defaultSuccessUrl("/homepage.html", true) //welcome page after login success
.failureUrl("/login.html?error=true") // when AccessDenied happens
New contributor
So question about oauth and the flow with Spring. Ideally, I want the success URL to be whatever the redirect URI is. How do I pass that and configure that in my formLogin Spring configuration? Thank you for help - I see how this makes sense and am trying it now
– StaticMaine
5 hours ago
add a comment |
up vote
0
down vote
the error it's from spring being enable to map to an error page, that's because there is an Exception.
you can specify your own login page as follow:
.formLogin()
.loginPage("/login.html") //your custom login page
.defaultSuccessUrl("/homepage.html", true) //welcome page after login success
.failureUrl("/login.html?error=true") // when AccessDenied happens
New contributor
So question about oauth and the flow with Spring. Ideally, I want the success URL to be whatever the redirect URI is. How do I pass that and configure that in my formLogin Spring configuration? Thank you for help - I see how this makes sense and am trying it now
– StaticMaine
5 hours ago
add a comment |
up vote
0
down vote
up vote
0
down vote
the error it's from spring being enable to map to an error page, that's because there is an Exception.
you can specify your own login page as follow:
.formLogin()
.loginPage("/login.html") //your custom login page
.defaultSuccessUrl("/homepage.html", true) //welcome page after login success
.failureUrl("/login.html?error=true") // when AccessDenied happens
New contributor
the error it's from spring being enable to map to an error page, that's because there is an Exception.
you can specify your own login page as follow:
.formLogin()
.loginPage("/login.html") //your custom login page
.defaultSuccessUrl("/homepage.html", true) //welcome page after login success
.failureUrl("/login.html?error=true") // when AccessDenied happens
New contributor
New contributor
answered 5 hours ago
slimane
2644
2644
New contributor
New contributor
So question about oauth and the flow with Spring. Ideally, I want the success URL to be whatever the redirect URI is. How do I pass that and configure that in my formLogin Spring configuration? Thank you for help - I see how this makes sense and am trying it now
– StaticMaine
5 hours ago
add a comment |
So question about oauth and the flow with Spring. Ideally, I want the success URL to be whatever the redirect URI is. How do I pass that and configure that in my formLogin Spring configuration? Thank you for help - I see how this makes sense and am trying it now
– StaticMaine
5 hours ago
So question about oauth and the flow with Spring. Ideally, I want the success URL to be whatever the redirect URI is. How do I pass that and configure that in my formLogin Spring configuration? Thank you for help - I see how this makes sense and am trying it now
– StaticMaine
5 hours ago
So question about oauth and the flow with Spring. Ideally, I want the success URL to be whatever the redirect URI is. How do I pass that and configure that in my formLogin Spring configuration? Thank you for help - I see how this makes sense and am trying it now
– StaticMaine
5 hours ago
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53400762%2fspring-custom-centralized-authorization-server-oauth-error-authenticating-an%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
You may enable verbose logging by setting the following in application.properties to see the exact error. logging.level.org.springframework.security=DEBUG
– Tuhin Kanti Sharma
5 hours ago
Will add - thank you!
– StaticMaine
5 hours ago