Spring Oauth2. Password encoder is not set in DaoAuthenticationProvider

gajos Published at Java

gajos :

I'm quite new to Spring Oauth and Spring Security. I'm trying to use the client_credentials flow in my project. For now i managed to user my own CustomDetailsService in order to fetch client_id and password (secret) from a database that already exists in my system. The only problem is that I cannot change the password encoder in DaoAuthenticationProvider that is used by AuthorizationServer - it is set by default to PlaintextPasswordEncoder. I wasn't able to configure it the way, that it would use for example SHAPasswordEncoder. It always uses the plaintext encoder. I probably don't understand the flow well enough, as I am a newbie in Spring.

Here's some code of mine (with not working configuration of DaoAuthenticationProvider):

SecurityConfig.java

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

private static final String RESOURCE_ID = "restservice";

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/register/**");

}

@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.authenticationProvider(daoAuthenticationProvider());
}

@Bean
public DaoAuthenticationProvider daoAuthenticationProvider() {
    DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
    daoAuthenticationProvider.setUserDetailsService(userDetailsService());
    daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
    return daoAuthenticationProvider;
}

@Bean
public PasswordEncoder passwordEncoder() {
    return new ShaPasswordEncoder();
}

@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private MyCustomClientDetailsService myCustomClientDetailsService;

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints)
            throws Exception {
        endpoints.tokenStore(tokenStore());
    }

    @Bean
    public ResourceServerTokenServices defaultTokenServices() {
        final DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setSupportRefreshToken(true);
        defaultTokenServices.setTokenStore(tokenStore());
        return defaultTokenServices;
    }

    @Bean
    public TokenStore tokenStore() {
        return new InMemoryTokenStore();
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.withClientDetails(myCustomClientDetailsService);
    }

    @Bean
    public MyCustomClientDetailsService detailsService() {
        return new MyCustomClientDetailsService();
    }
}

@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

    ...
}
}

And the custom ClientDetailsService class:

public class MyCustomClientDetailsService implements ClientDetailsService {

@Autowired
private UserService userService;

@Override
public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {

    User fan = userService.getFan(clientId);

    if (fan == null) {
        throw new NoSuchClientException("No client with requested id: " + clientId);
    } 

    BaseClientDetails details = new BaseClientDetails(clientId, restservice, "write", "client_credentials", "USER");

    details.setClientSecret(fan.getEncodedPassword()); 

    return details;
}
}

The encodedPassword that is taken from my UserService is always a bad Credential, as DaoAuthenticationProvider has a PlaintextPasswordEncoder set by default.

What am i missing there? Is it possible to set the password encoder in the DaoAuthenticationProvider that is used for checking the credentials here? Or do I have to write my own AuthenticationProvider, that would check it the way i want?

Leon :

The solution I found to the problem is to override configure on AuthorizationServerConfigurerAdapter

@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
    oauthServer.passwordEncoder(passwordEncoder);
}

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at2020-06-24

Comments

0 comments

How to set proxy on spring oauth2 OAuth2AccessToken request or How to override OAuth2AccessTokenSupport restTemplate variable?

TOP Ranking

Article

Spring Oauth2. Password encoder is not set in DaoAuthenticationProvider

Spring Oauth2. Password encoder is not set in DaoAuthenticationProvider

Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background

Failed to listen on localhost:8000 (reason: Cannot assign requested address)

pump.io port in URL

Loopback Error: connect ECONNREFUSED 127.0.0.1:3306 (MAMP)

How to import an asset in swift using Bundle.main.path() in a react-native native module

Spring Boot JPA PostgreSQL Web App - Internal Authentication Error

3D Touch Peek Swipe Like Mail

BigQuery - concatenate ignoring NULL

How to how increase/decrease compared to adjacent cell

Make a B+ Tree concurrent thread safe

Emulator wrong screen resolution in Android Studio 1.3

Can a 32-bit antivirus program protect you from 64-bit threats

Svchost high CPU from Microsoft.BingWeather app errors

Double spacing in rmarkdown pdf

Unable to use switch toggle for dark mode in material-ui

java.lang.NullPointerException: Cannot read the array length because "<local3>" is null

Google Chrome Translate Page Does Not Work

How to fix "pickle_module.load(f, **pickle_load_args) _pickle.UnpicklingError: invalid load key, '<'" using YOLOv3?

Using Response.Redirect with Friendly URLS in ASP.NET

Bootstrap 5 Static Modal Still Closes when I Click Outside

SSIS setting column with data in Script Component