Spring-security-oauth: How to change default TokenEndpoint to a new TokenEndPoint?

Created on 8 Apr 2017  路  11Comments  路  Source: spring-projects/spring-security-oauth

I have been trying to override the default TokenEndpoint and create a new TokenEndPoint to write my custom logic. But even after mapping to my CustomTokenEndpoint class, the request doesn't comes here. Can you please help me to make it work?

Please find my code below.

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter { 

  @Autowired private AuthenticationManager authenticationManager; 

  @Override
  public void configure(final AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
    oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
  }

  @Override
  public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {        
          endpoints.authenticationManager(this.authenticationManager).pathMapping("/oauth/token", "/external/oauth/token"); 
  }
}

 public class CustomTokenEndpoint extends AbstractEndpoint {

   @RequestMapping(value = "/external/oauth/token", method=RequestMethod.GET)
   public ResponseEntity<OAuth2AccessToken> getAccessToken(Principal principal, @RequestParam Map<String, String> parameters) throws                        HttpRequestMethodNotSupportedException {
       if (!allowedRequestMethods.contains(HttpMethod.GET)) {
                   throw new HttpRequestMethodNotSupportedException("GET");
       }
     return postAccessToken(principal, parameters);
}


  @RequestMapping(value = "/external/oauth/token", method=RequestMethod.POST)
  public ResponseEntity<OAuth2AccessToken> postAccessToken(Principal principal, @RequestParam Map<String, String> parameters) throws                      HttpRequestMethodNotSupportedException {

    // SOME CUSTOM LOGIC HERE...................

  }
}

I have also tried giving @FrameworkEndpoint to CustomTokenEndPoint. But it says cannot create a Bean.

waiting-for-triage

Most helpful comment

Hi,Have you solved the problem?

All 11 comments

Try to override endpoint in your Authorization server configuration class that extends AuthorizationServerConfigurerAdapter

see the code below:
/****code-start********/
@Configuration
@EnableAuthorizationServer
protected static class CustomAuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter implements EnvironmentAware {

//your other code here...
//

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.pathMapping("/oauth/token", "/external/oauth/token");
}
}

/****code-end*********/

Hi,Have you solved the problem?

Any update?

I tried

@RestController
@RequestMapping(value = "/oauth/token")
public class IdentityTokenEndpoint extends TokenEndpoint {

    private Boolean allowQueryString = null;

    public boolean isAllowQueryString() {
        return allowQueryString == null ? true : allowQueryString;
    }

    @RequestMapping(value = "**", method = GET)
    public ResponseEntity<OAuth2AccessToken> doDelegateGet(Principal principal,
                                                           @RequestParam Map<String, String> parameters) throws HttpRequestMethodNotSupportedException {
        return getAccessToken(principal, parameters);
    }

    @RequestMapping(value = "**", method = POST)
    public ResponseEntity<OAuth2AccessToken> doDelegatePost(Principal principal,
                                                            @RequestParam Map<String, String> parameters,
                                                            HttpServletRequest request) throws HttpRequestMethodNotSupportedException {
        return postAccessToken(principal, parameters);
    }

    @RequestMapping(value = "**")
    public void methodsNotAllowed(HttpServletRequest request) throws HttpRequestMethodNotSupportedException {
        throw new HttpRequestMethodNotSupportedException(request.getMethod());
    }

    @ExceptionHandler(Exception.class)
    @Override
    public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception {
        logger.error("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage(), e);
        return getExceptionTranslator().translate(e);
    }

    @Override
    public void setAllowedRequestMethods(Set<HttpMethod> allowedRequestMethods) {
        if (isAllowQueryString()) {
            super.setAllowedRequestMethods(allowedRequestMethods);
        } else {
            super.setAllowedRequestMethods(Collections.singleton(HttpMethod.POST));
        }
    }

}

And then register it as a bean

    @Bean
    public IdentityTokenEndpoint tokenEndpoint() throws Exception {
        IdentityTokenEndpoint tokenEndpoint = new IdentityTokenEndpoint();
        tokenEndpoint.setClientDetailsService(oAuthClientService);
//        tokenEndpoint.setProviderExceptionHandler(exceptionTranslator());
        tokenEndpoint.setTokenGranter(tokenGranter());
//        tokenEndpoint.setOAuth2RequestFactory(oauth2RequestFactory());
//        tokenEndpoint.setOAuth2RequestValidator(oauth2RequestValidator());
//        tokenEndpoint.setAllowedRequestMethods(allowedTokenEndpointRequestMethods());
        return tokenEndpoint;
    }

@mrshawn191 does it work?

@praveengithub19 did you solve this issue, I am also trying same but not able to create bean

@DharaSingh55 Have you found the solution for this issue ?

Custom endpoint with @FrameworkEndpoint works after adding path mapping
endpoints.pathMapping("/requestmapping/path", "/external/access/path");

you need to use frameworkEndpoint otherwise path mapping wont work, as it only looks at the framework endpoints. you can access the endpoint using custom path /external/access/path and it is be mapped into internal /requestmapping/path, or else you can use this endpoint directly from outside as well.

Hi,Is there any update on this ?

@mrshawn191 does it work??? #

@praveengithub19 did you solve this issue?

@praveengithub19 did you solve this issue?

work with overriding endpoints

import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;

@Configuration
public class CustomAuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.pathMapping("/oauth/token", "/login");
    }
}
Was this page helpful?
0 / 5 - 0 ratings