Home > Enterprise >  Spring Boot Resource Server Invalid Access Token
Spring Boot Resource Server Invalid Access Token

Time:11-16

My configuration for the Spring Boot resource server is provided:

@Configuration
public class OAuth2SecurityConfig extends WebSecurityConfigurerAdapter {


    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {

        return new BCryptPasswordEncoder();
    }
}





@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {


    private static final String RESOURCE_ID = "couponservice";


    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.resourceId(RESOURCE_ID);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()
                .mvcMatchers(HttpMethod.GET, "/couponapi/coupons/{code:^[A-Z]*$}").hasAnyRole("USER", "ADMIN")
                .mvcMatchers(HttpMethod.POST, "/couponapi/coupons").hasRole("ADMIN")
                .anyRequest().denyAll().and().csrf().disable();
    }


//  @Bean
//  public TokenStore tokenStore() {
//      return new JwtTokenStore(jwtAccessTokenConverter());
//  }
//
//  @Bean
//  public JwtAccessTokenConverter jwtAccessTokenConverter() {
//
//      JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
//      jwtAccessTokenConverter.setVerifierKey(publicKey);
//
//      return jwtAccessTokenConverter;
//  }

}

The application.properties file is provided:

spring.datasource.url=jdbc:mysql://localhost:3306/mydb
spring.datasource.username=testuser
spring.datasource.password=testpassword

server.port=9091

spring.thymeleaf.cache=false
spring.main.allow-bean-definition-overriding=true


spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://localhost:9092/oauth/token_key
# security.oauth2.resource.jwt.key-uri=http://localhost:9092/oauth/token_key

If I keep the JwtAccessTokenConverter and use the correct public key, the code is working. But, I would like to connect using the auth URL provided in the properties files.

Now, when I make the GET request, I see the invalid access toekn. Whats the issue here and how do I resolve it?

CodePudding user response:

Looks like you need to tell Spring WHAT MECHANISM to use to authorize. Maybe compare to this Curity example - hope it provides enough clues to overcome your problem:

@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Value("${spring.security.oauth2.resourceserver.jwt.issuer-uri}")
    String issuerUri;

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http
                .authorizeRequests(authorizeRequests ->
                        authorizeRequests
                                .antMatchers("/services").hasAuthority("SCOPE_services:read")
                                .anyRequest().authenticated()
                )
                .oauth2ResourceServer(oauth2ResourceServer ->
                        oauth2ResourceServer
                                .jwt(jwt ->
                                        jwt.decoder(JwtDecoders.fromIssuerLocation(issuerUri))
                                )
                );
    }
}
  • Related