I am trying to get oauth2 to work with spring-boot and protect my rest method calls, sans much success.
I have tried using spring-security-oauth2-javaconfig:1.0.0.CI-SNAPSHOT with rg.springframework.boot:spring-boot-starter-security:1.0.0.RC1.
*gradle:
compile("org.springframework.boot:spring-boot-starter-security:1.0.0.RC1")
compile ('org.springframework.security.oauth:spring-security-oauth2-javaconfig:1.0.0.CI-SNAPSHOT'){
exclude module: 'spring-security-config'
exclude module: 'spring-security-core'
exclude module: 'spring-security-web'
}
For now I am just trying to get the authentication and resource server working. I have copied and tried to modify the existing sparklr2 sample from the spring-security-oauth2-javaconfig sample.
The last error I get is :"error":"invalid_client","error_description":"Bad client credentials
when I run curl -v –data "grant_type=password&username=marissa&password=koala&client_id=tonr&secret=secret" -X POST localhost:8100/oauth/token.
I understand oauth2 from a beginner's perspective and the paucity of resources with regard to oauth2 with spring-boot and rest make it hard. Any suggestions?
If someone could provide a cookbook like approach to configure oauth2 authentication and authorization to protect a rest api call along with the relevant curl commands, that would be awesome.,
Best Answer
Java config support for oauth2 is work in progress, but you might have more success with my fork. If I were you I'd stick to XML for the oauth2 bits for now. Here's a bootified sparklr2 with minimal XML. I haven't checked that it works recently but it shouldn't be in bad shape if you update the boot dependencies to 1.0.0.RC2.
Update: the
@Configurationstuff has moved to the main OAuth2 repo, so the fork and its parent are basically redundant now (and will probably be removed soon).Update: the bootified sample is now also using
@Configuration.