When I spin up the security version of Appl

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Running security version doesn't grant me access about tut-rest HOT 7 CLOSED

spring-guides commented on August 14, 2024

Running security version doesn't grant me access

from tut-rest.

Comments (7)

dsyer commented on August 14, 2024

When you say "spin up" you mean "run the main method"? So the app is just broken?

It might be the client credentials that don't match (you can tell by setting logging.level.org.springframework.security=DEBUG), or it might be that the default Spring Boot authentication manager (user/password) is being used for password grants (we had an issue in Spring OAuth about that - there is a workaround, if we confirm that's the problem here).

from tut-rest.

gregturn commented on August 14, 2024

I turned up the log levels as you suggested and then saw it fail inside DaoAuthenticationProvider. I set a break point and ran it again. I saw it succeed when supplying the clientid/secret credentials, but then later it failed when trying to authentication jlong/password. I snapshotted the state right before jlong is failed as shown below:

this = {org.springframework.security.authentication.dao.DaoAuthenticationProvider@9610}
    passwordEncoder = {org.springframework.security.authentication.encoding.PlaintextPasswordEncoder@9623}
    userNotFoundEncodedPassword = {java.lang.String@9602}"userNotFoundPassword"
    saltSource = null
    userDetailsService = {org.springframework.security.provisioning.InMemoryUserDetailsManager@9624}
        logger = {org.apache.commons.logging.impl.SLF4JLocationAwareLog@9639}
        users = {java.util.HashMap@9640} size = 1
            [0] = {java.util.HashMap$Node@9643}"user" -> {org.springframework.security.provisioning.MutableUser@9645}
                key: java.lang.String = {java.lang.String@9644}"user"
                value: org.springframework.security.provisioning.MutableUser = {org.springframework.security.provisioning.MutableUser@9645}
                     password = {java.lang.String@9646}"8b609cdb-b9ae-473c-b172-156146c3ea4a"
                     delegate = {org.springframework.security.core.userdetails.User@9647}"org.springframework.security.core.userdetails.User@36ebcb: Username: user; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER"
username = {java.lang.String@9618}"jlong"
authentication = {org.springframework.security.authentication.UsernamePasswordAuthenticationToken@9619}"org.springframework.security.authentication.UsernamePasswordAuthenticationToken@4e813b62: Principal: jlong; Credentials: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities"
    principal = {java.lang.String@9618}"jlong"
    credentials = {java.lang.String@9651}"password"
    details = null
    authorities = {java.util.Collections$EmptyList@9652} size = 0
    authenticated = false

from tut-rest.

bxqgit commented on August 14, 2024

I confirm, UserDetails returned from userDetailsService() method are never queried during request. Something is misconfigured.

Switching to fresh spring-security-oauth2:2.0.3.RELEASE also doesn't solve anything.

from tut-rest.

bxqgit commented on August 14, 2024

2014-10-25 01:01:49.469 INFO 3648 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring FrameworkServlet 'dispatcherServlet'
2014-10-25 01:01:49.469 INFO 3648 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization started
2014-10-25 01:01:49.481 INFO 3648 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization completed in 12 ms
2014-10-25 01:01:49.489 DEBUG 3648 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/css/'
2014-10-25 01:01:49.490 DEBUG 3648 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/js/'
2014-10-25 01:01:49.490 DEBUG 3648 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/images/'
2014-10-25 01:01:49.490 DEBUG 3648 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '//favicon.ico'
2014-10-25 01:01:49.490 DEBUG 3648 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/error'
2014-10-25 01:01:49.490 DEBUG 3648 --- [nio-8080-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/token']
2014-10-25 01:01:49.490 DEBUG 3648 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/oauth/token'
2014-10-25 01:01:49.490 DEBUG 3648 --- [nio-8080-exec-1] o.s.s.web.util.matcher.OrRequestMatcher : matched
2014-10-25 01:01:49.490 DEBUG 3648 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /oauth/token at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2014-10-25 01:01:49.491 DEBUG 3648 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /oauth/token at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2014-10-25 01:01:49.491 DEBUG 3648 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /oauth/token at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2014-10-25 01:01:49.491 DEBUG 3648 --- [nio-8080-exec-1] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@e475215
2014-10-25 01:01:49.492 DEBUG 3648 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /oauth/token at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2014-10-25 01:01:49.492 DEBUG 3648 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/logout'
2014-10-25 01:01:49.492 DEBUG 3648 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /oauth/token at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2014-10-25 01:01:49.494 DEBUG 3648 --- [nio-8080-exec-1] o.s.s.w.a.www.BasicAuthenticationFilter : Basic Authentication Authorization header found for user 'android-bookmarks'
2014-10-25 01:01:49.495 DEBUG 3648 --- [nio-8080-exec-1] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2014-10-25 01:01:49.501 DEBUG 3648 --- [nio-8080-exec-1] o.s.s.w.a.www.BasicAuthenticationFilter : Authentication success: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@15c1ad4b: Principal: org.springframework.security.core.userdetails.User@51dc1c1f: Username: android-bookmarks; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_USER
2014-10-25 01:01:49.501 DEBUG 3648 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /oauth/token at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2014-10-25 01:01:49.501 DEBUG 3648 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /oauth/token at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2014-10-25 01:01:49.502 DEBUG 3648 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /oauth/token at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2014-10-25 01:01:49.502 DEBUG 3648 --- [nio-8080-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter : SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@15c1ad4b: Principal: org.springframework.security.core.userdetails.User@51dc1c1f: Username: android-bookmarks; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_USER'
2014-10-25 01:01:49.502 DEBUG 3648 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /oauth/token at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
2014-10-25 01:01:49.502 DEBUG 3648 --- [nio-8080-exec-1] s.CompositeSessionAuthenticationStrategy : Delegating to org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy@afbd831
2014-10-25 01:01:49.502 DEBUG 3648 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /oauth/token at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2014-10-25 01:01:49.503 DEBUG 3648 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /oauth/token at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2014-10-25 01:01:49.503 DEBUG 3648 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/oauth/token'
2014-10-25 01:01:49.503 DEBUG 3648 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /oauth/token; Attributes: [fullyAuthenticated]
2014-10-25 01:01:49.503 DEBUG 3648 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@15c1ad4b: Principal: org.springframework.security.core.userdetails.User@51dc1c1f: Username: android-bookmarks; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_USER
2014-10-25 01:01:49.506 DEBUG 3648 --- [nio-8080-exec-1] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@43d1ea2d, returned: 1
2014-10-25 01:01:49.506 DEBUG 3648 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Authorization successful
2014-10-25 01:01:49.506 DEBUG 3648 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : RunAsManager did not change Authentication object
2014-10-25 01:01:49.507 DEBUG 3648 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /oauth/token reached end of additional filter chain; proceeding with original chain
2014-10-25 01:01:49.511 DEBUG 3648 --- [nio-8080-exec-1] .s.o.p.e.FrameworkEndpointHandlerMapping : Looking up handler method for path /oauth/token
2014-10-25 01:01:49.512 DEBUG 3648 --- [nio-8080-exec-1] .s.o.p.e.FrameworkEndpointHandlerMapping : Returning handler method [public org.springframework.http.ResponseEntity<org.springframework.security.oauth2.common.OAuth2AccessToken> org.springframework.security.oauth2.provider.endpoint.TokenEndpoint.getAccessToken(java.security.Principal,java.util.Map<java.lang.String, java.lang.String>)]
2014-10-25 01:01:49.522 DEBUG 3648 --- [nio-8080-exec-1] .o.p.p.ResourceOwnerPasswordTokenGranter : Getting access token for: android-bookmarks
2014-10-25 01:01:49.522 DEBUG 3648 --- [nio-8080-exec-1] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2014-10-25 01:01:49.523 DEBUG 3648 --- [nio-8080-exec-1] o.s.s.a.dao.DaoAuthenticationProvider : User 'jlong' not found
2014-10-25 01:01:49.525 INFO 3648 --- [nio-8080-exec-1] o.s.s.o.provider.endpoint.TokenEndpoint : Handling error: InvalidGrantException, Bad credentials
2014-10-25 01:01:49.569 DEBUG 3648 --- [nio-8080-exec-1] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
2014-10-25 01:01:49.570 DEBUG 3648 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed

from tut-rest.

jdoyle65 commented on August 14, 2024

After some time playing around I eventually found a way to get this to work by replacing this part of the code in Application.java:

@Configuration
class WebSecurityConfiguration extends GlobalAuthenticationConfigurerAdapter {

    @Autowired
    AccountRepository accountRepository;

    @Override
    public void init(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService());
    }

    @Bean
    UserDetailsService userDetailsService() {
        return (username) ->
                accountRepository.findByUsername(username)
                        .map(a -> new User(a.username, a.password, true, true, true, true, AuthorityUtils.createAuthorityList("USER", "write")))
                        .orElseThrow(() -> new UsernameNotFoundException("could not find the user '" + username + "'"));
    }
}

with this:

@Configuration
class WebSecurityConfig {

    @Autowired
    AccountRepository accountRepository;

    @Bean
    public AuthenticationManager authenticationManager() throws Exception {
        return new AuthenticationManagerBuilder(new NopPostProcessor())
                .userDetailsService(new UserDetailsService() {
                    @Override
                    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
                        return accountRepository.findByUsername(username)
                                .map(a -> new User(a.username, a.password, true, true, true, true, AuthorityUtils.createAuthorityList("USER", "write")))
                                .orElseThrow(() -> new UsernameNotFoundException("could not find the user '" + username + "'"));
                    }
                }).and().build();
    }

    private static class NopPostProcessor implements ObjectPostProcessor {
        @Override
        @SuppressWarnings("unchecked")
        public Object postProcess(Object object) {
            return object;
        }
    };
}

There's a good chance this may not be best practice, so please scrutinize!

from tut-rest.

dsyer commented on August 14, 2024

@jdoyle65 that was useful thanks. My workaround is slightly different than yours, but neither should be necessary once we get to Boot 1.1.9 (or 1.2).

from tut-rest.

gregturn commented on August 14, 2024

@dsyer can you open a separate issue on this tutorial so we can track making the necessary update?

from tut-rest.

Running security version doesn't grant me access about tut-rest HOT 7 CLOSED

Comments (7)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent