It would have been great if you had provided a detailed explanation on why some methods are overridden from Spring and the use of it with different options. However, this video is a great starting point to analyze further ourselves.
hi , i want to know , do we need to use oauth2 if we want to login in our application through FB or other application credentials , or if we create our application where user needs to register and with those credential only need to login then alos we can use oauth2. Or just using jwt token we can achieve this without oauth2.Looking for your input
Nice informative video. I liked the way it is explained and coded simultaneously. One thing is i observed is, some of the configurations used are deprecated in the latest spring boot 2.X or later. Users need to note that the example demonstrated is in SpringBoot 1.5.6, which should have been the latest one at that moment :)
Hi, I am using same code but I am getting this error This XML file does not appear to have any style information associated with it. The document tree is shown below. Full authentication is required to access this resource unauthorized
Resource server application is having protected resources which can be accessed only through access token and that token has to be issued through separate application that is authorization server.
Awesome Video. I want call third party api using java code,which has implemented oAuth2.0 to secure the APIs. 1st I got the access_token from that Service. Secondly, I want to send a POST request to one api, by sending stringXML and access_token. So, which method of RestTemple should I use??? If there is any best approach please let me know.
Why I am getting error as "Consider revisiting the conditions above or defining a bean of type 'org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoRestTemplateFactory' in your configuration."
while access the url localhost:8082/ui then i am facing issue. org.springframework.security.oauth2.client.resource.UserRedirectRequiredException: A redirect is required to get the users approval.can any one help me. out
Given examples ....i tried in my local but unable to get the ouput...i am using this Url(localhost:8081/auth/ui/login) after login .. i am getting error like" Full authentication is required to access this resource unauthorized "...could you resolve this issue...
hi techprimers... thanks a ton for this video....i didn't get one thing...why it worked after adding the /principal and why it didn't work prior to that....
setting the token in the cookie is a major vulnerability !!! the correct implementation is that the auth code shall be sent to the server side by web redirect, and then it shall be used in a server to server call to acquire the access token. the access token shall only be used on the back channel, which is the server to server call. single page applications can utilize PKCE update on the auth code grant type.
While implementing the Oauth2 with your example I am getting the bean error: Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled. 2018-05-04 15:58:19.800 ERROR 8104 --- [ main] o.s.b.d.LoggingFailureAnalysisReporter : *************************** APPLICATION FAILED TO START *************************** Description: Field authenticationManager in com.nitin.oauth.security.springsecurityauthserver.config.ResourceServerConfig required a bean of type 'org.springframework.security.authentication.AuthenticationManager' that could not be found. Action: Consider defining a bean of type 'org.springframework.security.authentication.AuthenticationManager' in your configuration. Can you please help on this ?/
I'm having trouble follow the tutorial with spring boot 1.5.15 (not a snapshot), @EnableResourceServer tag does not exists, there is any way around that?
hummm using springboot 2 keep I am not able to reach login page... keep getting this url localhost:8081/auth/oauth/authorize?client_id=ClientId&redirect_uri=localhost:8082/login&response_type=code&state=u570aT
Thanks for the tutorial. How can I perform this authentication to protect my REST API and test it from the POSTMAN? How could I customize the login.html with css? The ClientId, Secret, those come from somewhere or do I define them?
on this request to ----------- > localhost:8082/ui i got this error. Whitelabel Error Page This application has no explicit mapping for /error, so you are seeing this as a fallback. Fri Jun 01 13:54:37 IST 2018 There was an unexpected error (type=Internal Server Error, status=500). Could not resolve view with name 'forward:/index' in servlet with name 'dispatcherServlet'
this error came when i compile server side application: Description: Failed to configure a DataSource: 'url' attribute is not specified and no embedded datasource could be configured. Reason: Failed to determine a suitable driver class and when i compile cilent side application then secret id genrated and after request to localhost:8082/ui this error came: Whitelabel Error Page This application has no explicit mapping for /error, so you are seeing this as a fallback. Mon Jun 04 11:29:49 IST 2018 There was an unexpected error (type=Internal Server Error, status=500). Could not resolve view with name 'forward:/index.html' in servlet with name 'dispatcherServlet'
Thank you. Could you also explain if client is web service instead of web page, which interface I have to implement on client side. I have to write rest web service client to consume oauth secure rest webservice
Nice video bro..i have one doubt,you explained about Authorizing secure URL etc..and where is the concept of access token and authorization code and where we are generating those.Can you tell how to test this in POSTMAN without that client project?
How can I make Spring Security OAuth2 work with load balancer? please help me regarding this issue Client sends request for the oauth token LB redirects the request to Box 1 Box 1 authenticates and returns a valid Bearer Token Client receives the token and store it for using through the sesion Client sends request for a service in the REST API adding the previously retrieved token to the headers LB redirects the request to Box 2 Box 2 fails to authenticate as it does not recognize the token and returns an Invalid Credentials response.
A pretty superb tutorial from tech primers.. Hope this could be helpful for some people.. Something to mention: For auth-server has some deprecated function for version 2 : application property should be : server.port=8081 server.servlet.context-path=/auth and there is a need to make CustomSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter to create bean function @Bean(name = BeanIds.AUTHENTICATION_MANAGER) @Override public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } because @Autowired authenticationManager is not being supported for th Spring version 2 while security.basic.enable=false already deprecated so we need to change things to disable http basic security by not using spring-security-starter.. For the client server: We need to change deprecated extends WebMvcConfigurerAdapter to just implement the WebMvcConfigurer Need to change application.yml configuration into: server: port: 8084 #for running behind proxy purpose use-forward-headers: true servlet: context-path: /ui session: cookie: path: UISESSION Adios and amigos.
i am able to do logout, but if i have multiple spring boot application i need to logout form each application.can i have single sign off also with oauth and spring boot?
I think AuthenticationManager is redundant in ResourceServerConfig.java. You already use the inMemoryAuthentication method. And also I have made a pull request for this from GitHub. Please check and return me back if i am right or not
Hi Did anyone got this error while starting the authentication server Description: Field authenticationManager in com.techprimer.security.springsecurityauthserver.config.AuthorizationServerConfig required a bean of type 'org.springframework.security.authentication.AuthenticationManager' that could not be found. The injection point has the following annotations: - @org.springframework.beans.factory.annotation.Autowired(required=true) Action: Consider defining a bean of type 'org.springframework.security.authentication.AuthenticationManager' in your configuration.
Hi Ajay, I was looking for integration of spring boot with keycloack. Without using keycloak adapter . I want to use oauth2 and keycloak for rest api. I dont need any login screen just rest api which takes access token
This example will not work in Spring Boot > 2.0.0.M4. Looks like the @EnableOAuth2Sso have been moved to : 'org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure:2.0.0.RELEASE' also problems with AuthenticationManager in Spring Boot > 2.0.0.M4 are discussed here: github.com/spring-projects/spring-boot/issues/11136
Hi. Nice explanation. I have one question for you. I have my authorization server set up and running. I want to build open Id connect upon it. Can't we build a custom provider ourself without relying another party? Is there any good reference or sample available?
Hi Ajay, I've one requirement, I will need to get the access token using OAuth2.0 first, I don't need to redirect after getting the token, what I'll need to do is, based on this token, I will need to invoke multiple REST API's. Currently I'm stuck how to get the token alone first?. Please help me out, what changes I will need to do in properties file and in any java component file?.
Hi Ajay, Excellent explanation. Very well done. May I ask one question. We can restrict API access inside a resource server based on Role. In your video you have mentioned that Auth Service can be from google and resource server can be on local machine. If validation happens at Google then how role will be assigned. Google role may not be relevant for our local resource server . Thanks, Vivek
Thanks for the video. I have one question How the access token which is provided by Authentication server is getting validated at Resource server. Because without validating if some one changes the access token then also it will work.
Perfect, but How can I implement this AUTH on Client side using @RestController, because I configured a server auth with port:8098 and other other project like microservice with port:8092 and when I tried to call an rest-api in port:8092 and it didn't redirect to me to port:8098, just showed me a login interface but my credentials from mysql database didn't work. All the time said me "Your login attempt was not successful, try again.", Can you show us how to implement Auth2 with Client using @RestController instance of index.html?
can i expect login and registration APIs with BcryptpasswordEncoder and Oauth2 with access ans refresh token, authentication based on password and role
Thanks for this video...But I need a Combination of Angular+ Springboot with Oauth2. I have searched in youtube but I didn't find any reference with the combination of these. I am new to the Spring boot and Oauth2.
I am getting the same error : "Failed authenticationManager in AuthorizationServerConfig required a bean of type 'org.apringframework.security.authentication.AuthenticationManager'
Can you help me with this Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; just downloaded whole project from github and run on intelliJ
thanks for the video.. I have one question. Generally we have 2 tokens in oAuth: Auth code token and Access token. In this tutorial we have Access token. I think Auth code token is generated after authorization. where is that in our example?How and where it is used... please explain. thanks in advance.
Access Token is used for accessing the Authorization Server. ID Token/Code Token is used for accessing your Resource Server (Eg. accessing User's data post authentication and authorization)
@@TechPrimers Thanks for reply...... I saw 'What is OAuth2? How does OAuth2 work?' video. according to that, 1. first client will request for Authorization, we get a token in return. 2. next client will again request for access token by sending the above token. 3. we get access token in the above step... that token is used for accessing the resource server (eg: for getting account details). My question is: we are saving the access token in cookie(ui-session), but how can I get the token which we got in step 1? Is there any way to get it ?
Thank you for the presentation. quick question, if I am declaring client details(client-id, client-secret, password) in application.yml, how can we auto populate the same details in code and pass the same to OAuth2RestTemplate while calling exchange function to call API.
In fact its good way to share knowledge and that too practical.Really Appreciate your efforts and knowledge. Dont know your location, any plans to work in the UK then let know, please.
Just a quick question How to expose rest api with spring boot standalone app with 2 curl-able endpoints. • Endpoint 1 - GET /sayHai public endpoint running on port 80 that will return a json payload with the message “Hello World”. • Endpoint 2 - GET /manager will be a management endpoint on port 8080 that will return a json payload “Hello Management”
Check this thread which is related to the same question you asked: stackoverflow.com/questions/36357135/configure-spring-boot-with-two-ports Out of curiosity - why do you need to expose them in 2 different ports? Are you targetting any specific usecase?
Hi, I am getting an error while running the server project. It is giving "Failed authenticationManager in AuthorizationServerConfig required a bean of type 'org.apringframework.security.authentication.AuthenticationManager'
I am using spring-boot version 2.0.0 When I use 1.5.6, it gives me error in the pom file in parent tag And I have given all the configuration as it is, but I am getting the same error for Authentication Manager bean
Hi .. Thank you very much for this video ... this is very enlightning .... btw can you also show how to use this oAuth server using Postman (or any rest client) instead of a client app ... I am trying to do it but not able to see any responses in dev tools ..
I think this is just authentication. You have not done any authorization here. The principal you are displaying is returned during authentication. Authorization would involve making a call to the auth server with grant_type= authorization_code and code=. That call will return an access token, which will then be used to call a protected resource. That flow is called Grant type: Authorization Code There is another one called Grant Type: Client credentials, where you pass client id and client secret to the auth server and directly get access token (the call to get auth code is skipped).
Is there not a way of creating an endpoint like /api/v1/login (without using .formLogin().loginPage("/login")) that can deal with authentication? And I call it on a different front end React application (preferably running in Docker) that can call that end point? Return a 200 {success: true} if successful along with session details saved in a cookie or a 400 {success: false, error_code: 'x', message: 'x'} if login failed for whatever reason. Similar process for /api/v1/register?
Okay, please make a video if you can after learning. I have this problem in angular {error: "invalid_grant", error_description: "Bad credentials"}, could you guess, what could be the error?
Awesome video, thank you very much. I need a bit of help though, I have been back & forth with the video and your GitHub & I don't see any differences with any of my code. After I login I come to a 404 page "There was an unexpected error (type=Not Found, status=404). /ui/secure.html" do you know what I could've done wrong? I have all dependencies, & have secure.html in templates package.
Hi , perfect tutorial . thanks a lot . Could you pls let us know or post a tutorial on " OAuth 2.0 Authorization server using LDAP authentication" .It is not present anywhere around the internet.
Hello. I did this same project but with spring-boot 2.1.2.RELEASE. I cannot get the server part to run: Field authManager in com.test.oauth.springbootoauthtest1.config.ResourceServerConfig required a bean of type 'org.springframework.security.authentication.AuthenticationManager' that could not be found. The injection point has the following annotations: - @org.springframework.beans.factory.annotation.Autowired(required=true) Action: Consider defining a bean of type 'org.springframework.security.authentication.AuthenticationManager' in your configuration. There are many confusing answers on SO about what to do. Can you help with this, maybe do this with the 2.0+ release?
Hey..great job...very informative....i was searching over the net to find an oauth2 with zuul implementation where all requests to authorization and resource servers go through a zuul proxy...it will be very helpful if you can add zuul feature to this tutorial...
You are doing a great job. I did in the same way in which you are doing but getting error after clicking url : localhost:8082/ui. Error : Full authentication is required to access this resourceunauthorized . Can you please guide ....:)
It would have been great if you had provided a detailed explanation on why some methods are overridden from Spring and the use of it with different options. However, this video is a great starting point to analyze further ourselves.
thanks. I had done that in my other video on Spring security authentication using DB. hence didnot want to repeat stuff
Great content; the best, simplified explanation of oAuth2 with Spring Boot I've come across. Keep up the good work!
thanks Tom
how to implement authorization in swagger can you prepare that video please
hi , i want to know , do we need to use oauth2 if we want to login in our application through FB or other application credentials , or if we create our application where user needs to register and with those credential only need to login then alos we can use oauth2. Or just using jwt token we can achieve this without oauth2.Looking for your input
Hi. Awesome video. But I am getting error while click on 'Login to OAuth here'. The error is
Full authentication is required to access this resource
unauthorized
Please help.
same issue here. Can anyone help please?
I have the same issue as well, any help?
Same problem, the login page doesn't display. It is something to do with spring boot 2
Nice informative video. I liked the way it is explained and coded simultaneously. One thing is i observed is, some of the configurations used are deprecated in the latest spring boot 2.X or later. Users need to note that the example demonstrated is in SpringBoot 1.5.6, which should have been the latest one at that moment :)
Thank you for providing this
Hi, I am using same code but I am getting this error This XML file does not appear to have any style information associated with it. The document tree is shown below.
Full authentication is required to access this resource
unauthorized
Nice Explanation Sir.....
Would this still work currently? I followed this 100% but currently it critizies me for missing authentication and does not load the pages
Resource server application is having protected resources which can be accessed only through access token and that token has to be issued through separate application that is authorization server.
When I am entering as "localhost:8082/ui/" it is redirecting me directly to "localhost:8081/auth/login" . I am not getting what could be the problem?
@ 30:13 resource->userInfoUri is just allowing hello resource. How do I allow multiple resources like hello, user, other?
Awesome Video. I want call third party api using java code,which has implemented oAuth2.0 to secure the APIs.
1st I got the access_token from that Service.
Secondly, I want to send a POST request to one api, by sending stringXML and access_token. So, which method of RestTemple should I use??? If there is any best approach please let me know.
Why I am getting error as "Consider revisiting the conditions above or defining a bean of type 'org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoRestTemplateFactory' in your configuration."
Doesn't work following this tutorial. It throws AuthenticationManager authowired bean exception while starting up the authorization server
May i know what is the Oauth2 version in this video?
the one i tried, seem like no more "@EnableOAuth2Sso"
while access the url localhost:8082/ui then i am facing issue. org.springframework.security.oauth2.client.resource.UserRedirectRequiredException: A redirect is required to get the users approval.can any one help me. out
The spring started you added is missing while i was working
Given examples ....i tried in my local but unable to get the ouput...i am using this Url(localhost:8081/auth/ui/login) after login .. i am getting error like"
Full authentication is required to access this resource
unauthorized
"...could you resolve this issue...
thks. But How to make a cal for my rest services from my client using the users credentials ?
hi techprimers... thanks a ton for this video....i didn't get one thing...why it worked after adding the /principal and why it didn't work prior to that....
It's very nice video thanks lot, can you please post video with JWT and with out form authentication of oauth2
Hi, When we need to go for OAuth2 and we need to go for JWT, and in which scenario goes for the certificates in the app server.
setting the token in the cookie is a major vulnerability !!! the correct implementation is that the auth code shall be sent to the server side by web redirect, and then it shall be used in a server to server call to acquire the access token. the access token shall only be used on the back channel, which is the server to server call. single page applications can utilize PKCE update on the auth code grant type.
While implementing the Oauth2 with your example I am getting the bean error:
Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2018-05-04 15:58:19.800 ERROR 8104 --- [ main] o.s.b.d.LoggingFailureAnalysisReporter :
***************************
APPLICATION FAILED TO START
***************************
Description:
Field authenticationManager in com.nitin.oauth.security.springsecurityauthserver.config.ResourceServerConfig required a bean of type 'org.springframework.security.authentication.AuthenticationManager' that could not be found.
Action:
Consider defining a bean of type 'org.springframework.security.authentication.AuthenticationManager' in your configuration.
Can you please help on this ?/
I'm having trouble follow the tutorial with spring boot 1.5.15 (not a snapshot), @EnableResourceServer tag does not exists, there is any way around that?
Thanks Buddy for sharing your experience and knowledge...
Nice video, good explanation, I have a question, can I implement OAuth2 authorization with code flow to call an API from another API?
hummm using springboot 2 keep I am not able to reach login page... keep getting this url localhost:8081/auth/oauth/authorize?client_id=ClientId&redirect_uri=localhost:8082/login&response_type=code&state=u570aT
Is there any PDF while for code or link
Thanks for the tutorial.
How can I perform this authentication to protect my REST API and test it from the POSTMAN?
How could I customize the login.html with css?
The ClientId, Secret, those come from somewhere or do I define them?
Oauth basic auth from postman
on this request to ----------- > localhost:8082/ui
i got this error.
Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.
Fri Jun 01 13:54:37 IST 2018
There was an unexpected error (type=Internal Server Error, status=500).
Could not resolve view with name 'forward:/index' in servlet with name 'dispatcherServlet'
are there more errors? Can you paste the exact stack trace pls?
this error came when i compile server side application:
Description:
Failed to configure a DataSource: 'url' attribute is not specified and no embedded datasource could be configured.
Reason: Failed to determine a suitable driver class
and when i compile cilent side application then secret id genrated and after request to localhost:8082/ui
this error came:
Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.
Mon Jun 04 11:29:49 IST 2018
There was an unexpected error (type=Internal Server Error, status=500).
Could not resolve view with name 'forward:/index.html' in servlet with name 'dispatcherServlet'
Thank you. Could you also explain if client is web service instead of web page, which interface I have to implement on client side. I have to write rest web service client to consume oauth secure rest webservice
Hi, How Request is Redirecting to Login Page? And Where is the code for Login Page? .jsp or .html?
It is mentioned in the SecurityConfiguration file
Nice video bro..i have one doubt,you explained about Authorizing secure URL etc..and where is the concept of access token and authorization code and where we are generating those.Can you tell how to test this in POSTMAN without that client project?
How can I make Spring Security OAuth2 work with load balancer? please help me regarding this issue
Client sends request for the oauth token
LB redirects the request to Box 1
Box 1 authenticates and returns a valid Bearer Token
Client receives the token and store it for using through the sesion
Client sends request for a service in the REST API adding the previously retrieved token to the headers
LB redirects the request to Box 2
Box 2 fails to authenticate as it does not recognize the token and returns an Invalid Credentials response.
A pretty superb tutorial from tech primers..
Hope this could be helpful for some people..
Something to mention:
For auth-server has some deprecated function for version 2 :
application property should be :
server.port=8081
server.servlet.context-path=/auth
and there is a need to make CustomSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter
to create bean function
@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
because @Autowired authenticationManager is not being supported for th Spring version 2
while security.basic.enable=false already deprecated so we need to change things to disable http basic security by not using spring-security-starter..
For the client server:
We need to change deprecated extends WebMvcConfigurerAdapter to just implement the WebMvcConfigurer
Need to change application.yml configuration into:
server:
port: 8084
#for running behind proxy purpose
use-forward-headers: true
servlet:
context-path: /ui
session:
cookie:
path: UISESSION
Adios and amigos.
please share client , server code details
I m still getting that authentication manager bean error can you please explain how to solve ot
i am able to do logout, but if i have multiple spring boot application i need to logout form each application.can i have single sign off also with oauth and spring boot?
I think AuthenticationManager is redundant in ResourceServerConfig.java. You already use the inMemoryAuthentication method. And also I have made a pull request for this from GitHub. Please check and return me back if i am right or not
Hi Did anyone got this error while starting the authentication server
Description:
Field authenticationManager in com.techprimer.security.springsecurityauthserver.config.AuthorizationServerConfig required a bean of type 'org.springframework.security.authentication.AuthenticationManager' that could not be found.
The injection point has the following annotations:
- @org.springframework.beans.factory.annotation.Autowired(required=true)
Action:
Consider defining a bean of type 'org.springframework.security.authentication.AuthenticationManager' in your configuration.
Hi Ajay,
I was looking for integration of spring boot with keycloack. Without using keycloak adapter . I want to use oauth2 and keycloak for rest api. I dont need any login screen just rest api which takes access token
Can I get example to access third party like Facebook or google..
Very good tutorial..thank you so much. Could you please explain why was the oAuth extra dependency required?
This example will not work in Spring Boot > 2.0.0.M4.
Looks like the @EnableOAuth2Sso have been moved to :
'org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure:2.0.0.RELEASE'
also problems with AuthenticationManager in Spring Boot > 2.0.0.M4 are discussed here:
github.com/spring-projects/spring-boot/issues/11136
Hi, is it possible to have two different oauth providers in the same application. And use them conditionally based on the requested url?
Thanks man, just saved my life. live long
Hi. Nice explanation. I have one question for you. I have my authorization server set up and running. I want to build open Id connect upon it. Can't we build a custom provider ourself without relying another party? Is there any good reference or sample available?
Can you provide oauth with only rest api example
After successful login I am again getting redirected to localhost:8081/login. I am not able to view secure page. Anyone facing same issue?
I want to integrate google fit into my application and get data from there. How can i do this?
Hi Ajay,
I've one requirement, I will need to get the access token using OAuth2.0 first, I don't need to redirect after getting the token, what I'll need to do is, based on this token, I will need to invoke multiple REST API's. Currently I'm stuck how to get the token alone first?. Please help me out, what changes I will need to do in properties file and in any java component file?.
Hi Ajay,
Excellent explanation. Very well done.
May I ask one question. We can restrict API access inside a resource server based on Role. In your video you have mentioned that Auth Service can be from google and resource server can be on local machine. If validation happens at Google then how role will be assigned. Google role may not be relevant for our local resource server .
Thanks,
Vivek
Nice Video. When I run the example cloned from github I get "403 Forbidden" error. What could be the issue?
Thanks for the video. I have one question
How the access token which is provided by Authentication server is getting validated at Resource server. Because without validating if some one changes the access token then also it will work.
Perfect, but How can I implement this AUTH on Client side using @RestController, because I configured a server auth with port:8098 and other other project like microservice with port:8092 and when I tried to call an rest-api in port:8092 and it didn't redirect to me to port:8098, just showed me a login interface but my credentials from mysql database didn't work. All the time said me "Your login attempt was not successful, try again.", Can you show us how to implement Auth2 with Client using @RestController instance of index.html?
can i expect login and registration APIs with BcryptpasswordEncoder and Oauth2 with access ans refresh token, authentication based on password and role
Hi can you explain how can we add our custom login page instead of by default OAuth2 login page.
just wanted to understand if the Oauth authorization along with authentication that you have shown in your code - is it covering OIDC flow as well?
Thanks for this video...But I need a Combination of Angular+ Springboot with Oauth2. I have searched in youtube but I didn't find any reference with the combination of these. I am new to the Spring boot and Oauth2.
Hi @venkatesh veduri
Did you find any videos for the above issue?
If so please do share here.
Thanks in advance.
I am getting the same error : "Failed authenticationManager in AuthorizationServerConfig required a bean of type 'org.apringframework.security.authentication.AuthenticationManager'
Can you help me with this
Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception;
just downloaded whole project from github and run on intelliJ
can you check if the jars are downloaded and ports are not used by other processes?
The problem was with java version 1.9, i degraded it 1.8 now it`s working
Thanks anyway
Kindly provide a video in how oauth delegates authentication to AD/LDAP. Will be so helpful
At 34.55, my project didn't build untill i specified the version for thymeleaf security -
org.thymeleaf.extras
thymeleaf-extras-springsecurity4
2.1.2.RELEASE
found the solution. i was using java 11. changed to java 8.
Nice video with In depth understanding of concept
Can anyone help me understand the usage of scope in authorization server config, since I can't find any related usage in this demo, thx
thanks for the video.. I have one question. Generally we have 2 tokens in oAuth: Auth code token and Access token. In this tutorial we have Access token. I think Auth code token is generated after authorization. where is that in our example?How and where it is used... please explain. thanks in advance.
Access Token is used for accessing the Authorization Server. ID Token/Code Token is used for accessing your Resource Server (Eg. accessing User's data post authentication and authorization)
@@TechPrimers Thanks for reply...... I saw 'What is OAuth2? How does OAuth2 work?' video. according to that,
1. first client will request for Authorization, we get a token in return.
2. next client will again request for access token by sending the above token.
3. we get access token in the above step... that token is used for accessing the resource server (eg: for getting account details).
My question is: we are saving the access token in cookie(ui-session), but how can I get the token which we got in step 1? Is there any way to get it ?
Hi for the resourceserver didn't you need to extend the RespurceServerConfigurerAdapter?
since i did not override any config there, i did not extend it
Thank you for the presentation. quick question, if I am declaring client details(client-id, client-secret, password) in application.yml, how can we auto populate the same details in code and pass the same to OAuth2RestTemplate while calling exchange function to call API.
you can get it via Spring config like @Value("${client.id}")
Simple and straight forward, Very good indeed. Thank you.
my pleasure Praveen. Glad that was useful
In fact its good way to share knowledge and that too practical.Really Appreciate your efforts and knowledge.
Dont know your location, any plans to work in the UK then let know, please.
Just a quick question
How to expose rest api with spring boot standalone app with 2 curl-able endpoints.
• Endpoint 1 - GET /sayHai public endpoint running on port 80 that will return a json payload with the message “Hello World”.
• Endpoint 2 - GET /manager will be a management endpoint on port 8080 that will return a json payload “Hello Management”
Thanks Praveen. I'm in Bangalore.
Check this thread which is related to the same question you asked: stackoverflow.com/questions/36357135/configure-spring-boot-with-two-ports
Out of curiosity - why do you need to expose them in 2 different ports? Are you targetting any specific usecase?
Hi bro, can you please explain how can we login jenkins from url which is there at outlook email
Awesome tutorial. Unfortunately Spring don't provider a clear exception when his return a 404 status. Anyway, thanks for shared!
same.
You have not shown on how to access "HelloResource" rest API? localhost:8081/auth//rest/hello when I access it says 401 unauthorized.
Hi, Are you able to resolve this ? I ma also facing the same error
Can you please make the same video using database authentication and let it also include registering a new user, please.
you can check my video on Spring Security with DB authentication. You can integrate that piece here
also very nice work with editing the video, gives a professional feel to it
thanks amine
WebMVConfigurerAdaptor is deprecated :(
I have resolved every issue : stackoverflow.com/questions/63900106/spring-framework-security-bean-authenticationmanager-not-found/63924197#63924197
Hi,
I am getting an error while running the server project. It is giving "Failed authenticationManager in AuthorizationServerConfig required a bean of type 'org.apringframework.security.authentication.AuthenticationManager'
can you check if the Config class has @Configuration added. Checkout my code from GitHub for reference (link in the description of the video)
I am using spring-boot version 2.0.0
When I use 1.5.6, it gives me error in the pom file in parent tag
And I have given all the configuration as it is, but I am getting the same error for Authentication Manager bean
Same problem. Can you please help @Tech Primers
Can you demo this using Postman?
Hi .. Thank you very much for this video ... this is very enlightning .... btw can you also show how to use this oAuth server using Postman (or any rest client) instead of a client app ... I am trying to do it but not able to see any responses in dev tools ..
Did you get the solution for accessing it with postman. I also need it.
I think this is just authentication. You have not done any authorization here. The principal you are displaying is returned during authentication.
Authorization would involve making a call to the auth server with grant_type= authorization_code and code=. That call will return an access token, which will then be used to call a protected resource. That flow is called Grant type: Authorization Code
There is another one called Grant Type: Client credentials, where you pass client id and client secret to the auth server and directly get access token (the call to get auth code is skipped).
I liked your problem-solving skills, Thank you.
Very good tutorial. I would like to know can we create a custom login page.
Yes Carlos, you can create a custom login page and use it as well.
Is there not a way of creating an endpoint like /api/v1/login (without using .formLogin().loginPage("/login")) that can deal with authentication? And I call it on a different front end React application (preferably running in Docker) that can call that end point? Return a 200 {success: true} if successful along with session details saved in a cookie or a 400 {success: false, error_code: 'x', message: 'x'} if login failed for whatever reason. Similar process for /api/v1/register?
In that case, you have to write custom interceptors and filters to redirect and handle a different workflow.
Great video! Do you have a vdo of this with angular(2,4,5)? or can share some link from where I can get it?
+Ratikanta Pradhan nope. I'm yet to learn TypeScript
Okay, please make a video if you can after learning.
I have this problem in angular {error: "invalid_grant", error_description: "Bad credentials"}, could you guess, what could be the error?
can you show us how to add more details in principal
Awesome video, thank you very much. I need a bit of help though, I have been back & forth with the video and your GitHub & I don't see any differences with any of my code. After I login I come to a 404 page "There was an unexpected error (type=Not Found, status=404).
/ui/secure.html" do you know what I could've done wrong? I have all dependencies, & have secure.html in templates package.
Hi Dan, either the tomcat is not UP or the path is incorrect. can you verify them
Hi Tech Primers,
could you please explain Oauth2 with angular4 ??
Great video bruh
Hi , perfect tutorial . thanks a lot . Could you pls let us know or post a tutorial on " OAuth 2.0 Authorization server using LDAP authentication" .It is not present anywhere around the internet.
+rathin maheswaran thanks. Sure. Will try mate
Great Job , Thank you So much !!
Thank you So much !!
is it the smae for client credentials grant type aswell ?
Hello. I did this same project but with spring-boot 2.1.2.RELEASE. I cannot get the server part to run:
Field authManager in com.test.oauth.springbootoauthtest1.config.ResourceServerConfig required a bean of type 'org.springframework.security.authentication.AuthenticationManager' that could not be found.
The injection point has the following annotations:
- @org.springframework.beans.factory.annotation.Autowired(required=true)
Action:
Consider defining a bean of type 'org.springframework.security.authentication.AuthenticationManager' in your configuration.
There are many confusing answers on SO about what to do. Can you help with this, maybe do this with the 2.0+ release?
You got the solution?
Hi can i check why is your user credentials peter peter stored at the resource server? Is this method of OAuth 2.0 using local login?
Resource Server has the User info, eg Google server.
It's very nice
but dont u make video about client in dynamic one more?
Hi, I downloaded from github when I am hitting login in localhost:8082/ui/, I am getting "403 Forbidden".
Hey..great job...very informative....i was searching over the net to find an oauth2 with zuul implementation where all requests to authorization and resource servers go through a zuul proxy...it will be very helpful if you can add zuul feature to this tutorial...
good job sir
You are doing a great job.
I did in the same way in which you are doing but getting error after clicking url : localhost:8082/ui.
Error : Full authentication is required to access this resourceunauthorized .
Can you please guide ....:)
You need to disable the security for /ui path
@@TechPrimers Yes for used resources.
Thank you very much, very good tutorial on OAuth2
Thank you so much Ajay..Its of great help to me :) God bless you