I try to use Google SSO with a Spring Boot application.
I've added this dependency:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
and these properties:
spring.security.oauth2.client.registration.google.client-id=...
spring.security.oauth2.client.registration.google.client-secret=...
and it works. When trying to use an endpoint, I'm redirected to Google login screen, and after that I'm able to retrieve the user id on the server side.
Now, when I try to remove authentication for public endpoints, notably Swagger, I do that:
@Configuration
public class SecurityConfiguration {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests((authz) -> authz
.mvcMatchers("/foo",
"/bar",
"/v3/api-docs/**",
"/swagger-ui/**",
"/swagger-ui.html")
.permitAll()
.anyRequest().authenticated())
.oauth2Client();
return http.csrf().disable().build();
}
}
I can then access public endpoints, but for protected endpoints I get an HTTP 403 without being redirected to the login page! My writing might not be correct, most of docs out there use the deprecated WebSecurityConfigurerAdapter
.
In my understanding, I should get a token from Google before calling a secured endpoint. How could I add a "login with Google" button to Swagger and use the token to call a secured endpoint?
The log says:
2022-08-07 11:10:52.122 DEBUG 2830 --- [nio-8080-exec-7] o.a.coyote.http11.Http11InputBuffer : Before fill(): parsingHeader: [true], parsingRequestLine: [true], parsingRequestLinePhase: [0], parsingRequestLineStart: [0], byteBuffer.position(): [0], byteBuffer.limit(): [0], end: [613]
2022-08-07 11:10:52.122 DEBUG 2830 --- [nio-8080-exec-7] o.a.tomcat.util.net.SocketWrapperBase : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@1a16ddaf:org.apache.tomcat.util.net.NioChannel@14d1309d:java.nio.channels.SocketChannel[connected local=/[0:0:0:0:0:0:0:1]:8080 remote=/[0:0:0:0:0:0:0:1]:50920]], Read from buffer: [0]
2022-08-07 11:10:52.122 DEBUG 2830 --- [nio-8080-exec-7] org.apache.tomcat.util.net.NioEndpoint : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@1a16ddaf:org.apache.tomcat.util.net.NioChannel@14d1309d:java.nio.channels.SocketChannel[connected local=/[0:0:0:0:0:0:0:1]:8080 remote=/[0:0:0:0:0:0:0:1]:50920]], Read direct from socket: [613]
2022-08-07 11:10:52.122 DEBUG 2830 --- [nio-8080-exec-7] o.a.coyote.http11.Http11InputBuffer : Received [GET /foo/ HTTP/1.1
Host: localhost:8080
Connection: keep-alive
sec-ch-ua: ".Not/A)Brand";v="99", "Google Chrome";v="103", "Chromium";v="103"
accept: */*
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
sec-ch-ua-platform: "macOS"
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:8080/swagger-ui/index.html
Accept-Encoding: gzip, deflate, br
Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: JSESSIONID=D2C74B3FC7E65CB64D4E6BD87B1172E2
]
2022-08-07 11:10:52.123 DEBUG 2830 --- [nio-8080-exec-7] o.a.t.util.http.Rfc6265CookieProcessor : Cookies: Parsing b[]: JSESSIONID=D2C74B3FC7E65CB64D4E6BD87B1172E2
2022-08-07 11:10:52.123 DEBUG 2830 --- [nio-8080-exec-7] o.a.catalina.connector.CoyoteAdapter : Requested cookie session id is D2C74B3FC7E65CB64D4E6BD87B1172E2
2022-08-07 11:10:52.123 DEBUG 2830 --- [nio-8080-exec-7] o.a.c.authenticator.AuthenticatorBase : Security checking request GET /foo/
2022-08-07 11:10:52.124 DEBUG 2830 --- [nio-8080-exec-7] org.apache.catalina.realm.RealmBase : No applicable constraints defined
2022-08-07 11:10:52.124 DEBUG 2830 --- [nio-8080-exec-7] o.a.c.authenticator.AuthenticatorBase : Not subject to any constraint
2022-08-07 11:10:52.124 DEBUG 2830 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Securing GET /foo/
2022-08-07 11:10:52.124 DEBUG 2830 --- [nio-8080-exec-7] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2022-08-07 11:10:52.124 DEBUG 2830 --- [nio-8080-exec-7] o.s.s.w.s.HttpSessionRequestCache : Loaded matching saved request http://localhost:8080/foo/
2022-08-07 11:10:52.127 DEBUG 2830 --- [nio-8080-exec-7] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2022-08-07 11:10:52.128 DEBUG 2830 --- [nio-8080-exec-7] org.apache.tomcat.util.http.Parameters : Set encoding to UTF-8
2022-08-07 11:10:52.128 DEBUG 2830 --- [nio-8080-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to tools.t.s.FooController#helloWorld()
2022-08-07 11:10:52.129 DEBUG 2830 --- [nio-8080-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to tools.t.s.FooController#helloWorld()
2022-08-07 11:10:52.129 DEBUG 2830 --- [nio-8080-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to tools.t.s.FooController#helloWorld()
2022-08-07 11:10:52.129 DEBUG 2830 --- [nio-8080-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to tools.t.s.FooController#helloWorld()
2022-08-07 11:10:52.129 DEBUG 2830 --- [nio-8080-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to tools.t.s.FooController#helloWorld()
2022-08-07 11:10:52.129 DEBUG 2830 --- [nio-8080-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to tools.t.s.FooController#helloWorld()
2022-08-07 11:10:52.129 DEBUG 2830 --- [nio-8080-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to tools.t.s.FooController#helloWorld()
2022-08-07 11:10:52.130 DEBUG 2830 --- [nio-8080-exec-7] o.s.s.w.s.HttpSessionRequestCache : Saved request http://localhost:8080/foo/ to session
2022-08-07 11:10:52.130 DEBUG 2830 --- [nio-8080-exec-7] o.s.s.w.a.Http403ForbiddenEntryPoint : Pre-authenticated entry point called. Rejecting access
2022-08-07 11:10:52.130 DEBUG 2830 --- [nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-08-07 11:10:52.130 DEBUG 2830 --- [nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-08-07 11:10:52.131 DEBUG 2830 --- [nio-8080-exec-7] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2022-08-07 11:10:52.131 DEBUG 2830 --- [nio-8080-exec-7] o.a.c.c.C.[Tomcat].[localhost] : Processing ErrorPage[errorCode=0, location=/error]
2022-08-07 11:10:52.131 DEBUG 2830 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Securing GET /error
2022-08-07 11:10:52.131 DEBUG 2830 --- [nio-8080-exec-7] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2022-08-07 11:10:52.131 DEBUG 2830 --- [nio-8080-exec-7] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2022-08-07 11:10:52.131 DEBUG 2830 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : Secured GET /error
2022-08-07 11:10:52.132 DEBUG 2830 --- [nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2022-08-07 11:10:52.132 DEBUG 2830 --- [nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2022-08-07 11:10:52.132 DEBUG 2830 --- [nio-8080-exec-7] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2022-08-07 11:10:52.132 DEBUG 2830 --- [nio-8080-exec-7] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Disabling the response for further output
2022-08-07 11:10:52.133 DEBUG 2830 --- [nio-8080-exec-7] o.a.coyote.http11.Http11InputBuffer : Before fill(): parsingHeader: [true], parsingRequestLine: [true], parsingRequestLinePhase: [0], parsingRequestLineStart: [0], byteBuffer.position(): [0], byteBuffer.limit(): [0], end: [613]
2022-08-07 11:10:52.133 DEBUG 2830 --- [nio-8080-exec-7] o.a.tomcat.util.net.SocketWrapperBase : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@1a16ddaf:org.apache.tomcat.util.net.NioChannel@14d1309d:java.nio.channels.SocketChannel[connected local=/[0:0:0:0:0:0:0:1]:8080 remote=/[0:0:0:0:0:0:0:1]:50920]], Read from buffer: [0]
2022-08-07 11:10:52.133 DEBUG 2830 --- [nio-8080-exec-7] org.apache.tomcat.util.net.NioEndpoint : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@1a16ddaf:org.apache.tomcat.util.net.NioChannel@14d1309d:java.nio.channels.SocketChannel[connected local=/[0:0:0:0:0:0:0:1]:8080 remote=/[0:0:0:0:0:0:0:1]:50920]], Read direct from socket: [0]
2022-08-07 11:10:52.133 DEBUG 2830 --- [nio-8080-exec-7] o.a.coyote.http11.Http11InputBuffer : Received []
2022-08-07 11:10:52.133 DEBUG 2830 --- [nio-8080-exec-7] o.apache.coyote.http11.Http11Processor : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@1a16ddaf:org.apache.tomcat.util.net.NioChannel@14d1309d:java.nio.channels.SocketChannel[connected local=/[0:0:0:0:0:0:0:1]:8080 remote=/[0:0:0:0:0:0:0:1]:50920]], Status in: [OPEN_READ], State out: [OPEN]
2022-08-07 11:10:52.133 DEBUG 2830 --- [nio-8080-exec-7] org.apache.tomcat.util.net.NioEndpoint : Registered read interest for [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@1a16ddaf:org.apache.tomcat.util.net.NioChannel@14d1309d:java.nio.channels.SocketChannel[connected local=/[0:0:0:0:0:0:0:1]:8080 remote=/[0:0:0:0:0:0:0:1]:50920]]
2022-08-07 11:11:10.393 DEBUG 2830 --- [l-1 housekeeper] com.zaxxer.hikari.pool.HikariPool : HikariPool-1 - Pool stats (total=10, active=0, idle=10, waiting=0)
2022-08-07 11:11:10.393 DEBUG 2830 --- [l-1 housekeeper] com.zaxxer.hikari.pool.HikariPool : HikariPool-1 - Fill pool skipped, pool is at sufficient level.
CodePudding user response:
I've changed .oauth2Client();
to .oauth2Login();
and it works.