We recently migrated our app spring boot 3 /http5 and see the error ,
rror=”access_denied”, error_description=”Error requesting access token.”
I am able to hit the base url of our endpoint. The error happens when our service makes a call to another service. It works fine with the previous spring version.
org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException: Error requesting access token.
at org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport.retrieveToken(OAuth2AccessTokenSupport.java:149)
at com.fmr.fit.apigee.XtracTokenProvider.retrieveToken(XtracTokenProvider.java:34)
at org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsAccessTokenProvider.obtainAccessToken(ClientCredentialsAccessTokenProvider.java:49)
at org.springframework.security.oauth2.client.token.AccessTokenProviderChain.obtainNewAccessTokenInternal(AccessTokenProviderChain.java:155)
at org.springframework.security.oauth2.client.token.AccessTokenProviderChain.obtainAccessToken(AccessTokenProviderChain.java:128)
at org.springframework.security.oauth2.client.OAuth2RestTemplate.acquireAccessToken(OAuth2RestTemplate.java:241)
at org.springframework.security.oauth2.client.OAuth2RestTemplate.getAccessToken(OAuth2RestTemplate.java:183)
Are there any oauth related changes that needs to be updated in spring boot 3. The earlier version used to work fine.
Thanks
SecurityConfig file :
@Configuration
@EnableWebSecurity
@EnableMethodSecurity
class SecurityConfiguration {
@Bean
UserService emptyService() {
return username -> {
throw new UsernameNotFoundException("no local users");
};
}
/*
* @Bean
*
* @Order(Ordered.HIGHEST_PRECEDENCE + 1) public SecurityFilterChain
* actuatorSecurityFilterChain(final HttpSecurity httpSecurity) throws Exception
* {
*
* httpSecurity.securityMatcher("/actuator/**") .authorizeHttpRequests(authorize
* -> authorize.anyRequest().permitAll());
*
* httpSecurity.csrf(csrf -> csrf.disable());
*
* return httpSecurity.build(); }
*
*
*
* @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws
* Exception { http .authorizeHttpRequests((authz) -> authz
* .anyRequest().authenticated() ).httpBasic(withDefaults());
*
* return http.build(); }
*/
@Configuration
public class DisableSecurityConfiguration {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf(AbstractHttpConfigurer::disable);
http.authorizeHttpRequests(auth -> auth
.anyRequest()
.permitAll()
);
return http.build();
}
}
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Autowired
JwtAuthentication auth;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(auth).addPathPatterns("/abc/*"); }
}