Announcement Announcement Module
Collapse
No announcement yet.
OAuth2 as AuthenticationProvider? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    you can solve it for example with spring-social and a custom adapter for your Oauth-provider app.
    see https://github.com/socialsignin/spring-social-security

    otherwise it's maybe a good point to get startet with your own solution.
    Last edited by adrian.hoehn; Jun 1st, 2012, 11:34 AM.

    Comment


    • #17
      Hi,
      I already find spring-social-security project and tried it, but does not solve the problem. A need to use Oauth2RestTemplate to access protected resources not only to for authentication (i have services which are using protected resources). If I use spring social for authentication then when calling the service method from controller the user will be redirected back to oauth2 provider login page. So I must use spring security oauth2 client. I'm I wrong?

      Best regards,
      Marko

      Comment


      • #18
        It's also possible to access the pretected resources with spring-social. Have a look at FacebookTemplate (spring-socila-facebook) to get an example. They do the login with spring-social and accessing the resources as well with spring-social.
        But i think it's also possible to implement that without spring-social directly with spring-security-oauth.

        Comment


        • #19
          Hi Marko,
          What is the alternative you used to overcome the problem ( where spring-security-oauth requires user to be authenticated before making any calls to oauth provider using Oauth2Rest template)?

          Please do let me know.

          Thanks,
          Pravin

          Comment


          • #20
            I don't think that should be a problem with the latest codebase. What version are you using?

            Comment


            • #21
              Hi Dave, I am using spring-security-oauth 1.0.0.M6a.
              When I say authenticated, I mean authenticated in spring-security.
              I get the error page like Authentication is required...anonymous not allowed.

              Dave,
              do you see any easy way of supporting this?
              There is spring-security-social http://code.google.com/p/spring-security-social/ developed for this, but seems its not compatible now.
              Was it the case that in previous version, there was provision to get the access-token before authentication is formed?

              Thanks,
              Pravin
              Last edited by pravin_bansod; Jun 25th, 2012, 04:27 PM.

              Comment


              • #22
                Originally posted by pravin_bansod View Post
                do you see any easy way of supporting this?
                Authentication with OAuth2 should be possible. What the original poster was trying to do with password grants may not be (it doesn't seem very sensible to me). I use OAuth2 for authentication and single sign on a lot. E.g. see https://github.com/cloudfoundry/uaa/...entFilter.java (changed link since the original post) - it's not an authentication manager, and it's not really OpenId Connect (yet) either, but it works.

                Comment


                • #23
                  Thanks Dave. I tried but it didn't work.
                  It is the same flow from RestTemplate-->OAuth2RestTemplate(createRequst)--> AccessTokenProviderChain and
                  I get
                  org.springframework.security.authentication.Insuff icientAuthenticationException: Authentication is required to store an access token (anonymous not allowed)
                  for which we don't redirect.

                  Can you please check and let me know if I am missing something obvious?

                  Thanks,
                  Pravin

                  Comment


                  • #24
                    Check what, sorry. What did you try? Did you see the sample app at https://github.com/cloudfoundry/uaa/...r/samples/app? It uses the filter I linked to before, so maybe if you look at the Spring Security config for that and pay attention to the filter chain (in particular where the anonymous filter is disabled) you will get some hints.

                    Comment


                    • #25
                      Thanks Dave. I will try that.

                      Comment

                      Working...
                      X