Spring Security Authorization Server OAuth2 / oauth / token - 500 No adapter for handler

I am trying to implement Spring Security OAuth2 Authorization Server. When you try to access the token endpoint (/ oauth / token), I get a 404. I am assuming that something is missing, but for the life of me, I can't see it.

I am using Java config for:

  • Spring Security 4.0.1
  • Spring Security OAuth2 2.0.7

My configuration looks like this:

ApplicationSecurityConfig.java

Used to register config files with WAR

public class ApplicationSecurityConfig extends 
    AbstractSecurityWebApplicationInitializer {

    public ApplicationSecurityConfig() {
        super(SecurityConfig.class, AuthorizationServerConfig.class);
    }
}

      

SpringSecurityConfig.java

Configuring HTTP Authentication for All Endpoints Matching the URL Pattern /

@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
            .withUser("user")
            .password("password")
            .roles("USER");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http
            .authorizeRequests()
            .antMatchers("/")
            .authenticated()
        .and()
            .httpBasic();
    }
}

      

OauthAuthorizationServerConfig.java

Used to configure the authorization server

@Configuration
@EnableAuthorizationServer
public class OauthAuthorizationServerConfig extends 
    AuthorizationServerConfigurerAdapter{

    @Autowired
    private TokenStore tokenStore;  

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception{

        clients
            .inMemory()
            .withClient("testClient")
            .scopes("read", "write")
            .authorities("ROLE_CLIENT")
            .authorizedGrantTypes("password", "refresh_token")
            .accessTokenValiditySeconds(60)
            .refreshTokenValiditySeconds(3600); 
    }

    @Bean
    public TokenStore tokenStore(){
        return new InMemoryTokenStore();
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception{
        endpoints.tokenStore(tokenStore);
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception{
        oauthServer.allowFormAuthenticationForClients();
    }

 }

      

Sorry if this is a "school boy bug", but I've spent some time on the documentation and samples that Spring has posted on Github, but I'm obviously not understanding something.

- EDIT -

I replaced ApplicationSecurityConfig.java with SpringApplicationInit.java

public class SpringApplicationInit extends 
    AbstractAnnotationConfigDispatcherServletInitializer {

    @Override
    protected Class<?>[] getRootConfigClasses() {

        return null;
    }

    @Override
    protected Class<?>[] getServletConfigClasses() {
        return new Class[]{
            SpringSecurityConfig.class,
            OauthAuthorizationServerConfig.class
        };
    }

    @Override
    protected String[] getServletMappings() {
        return new String[]{"/"};
    }

}

      

This gives different results. Now I am getting a 500 Server error status code:

javax.servlet.ServletException: No adapter for handler [public org.springframework.http.ResponseEntity<org.springframework.security.oauth2.common.OAuth2AccessToken> org.springframework.security.oauth2.provider.endpoint.TokenEndpoint.getAccessToken(java.security.Principal,java.util.Map<java.lang.String, java.lang.String>) throws org.springframework.web.HttpRequestMethodNotSupportedException]: The DispatcherServlet configuration needs to include a HandlerAdapter that supports this handler
    org.springframework.web.servlet.DispatcherServlet.getHandlerAdapter(DispatchrServlet.java:1163)
    org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:939)
    org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)
    org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:966)
    org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:857)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
    org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:842)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
    org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)

      

I pushed the code to the git repository if it made it easier to execute.

+3


source to share


2 answers


As far as I can see you are trying to submit a request GET

for /oauth/token

which is the wrong approach. This endpoint must accept the request POST

, so just send it with the same fields.



+1


source


0


source







All Articles