I'm trying to create a corporate starter, based on our company's standards and best practices. Among other things, the starter should include OAuth2 configuration, that is currently causing problems.
Let's take a look at the code.
So, in starter I create a configuration that looks like this:
@Configuration
// @AutoConfigureBefore(OAuth2ResourceServerConfiguration::class)
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Profile("!test")
class ResourceServerConfig(
@Value("${security.oauth2.resource.id}")
val resourceId: String,
val tokenServices: ResourceServerTokenServices
) : ResourceServerConfigurerAdapter() {
override fun configure(resources: ResourceServerSecurityConfigurer) {
...
}
override fun configure(http: HttpSecurity) {
...
}
}
So, that's the exact code that is working in multiple projects. Now, in META-INF/spring.factories I add this config to list of autoconfigurations:
org.springframework.boot.autoconfigure.EnableAutoConfiguration=
com.wavesplatform.we.starter.ResourceServerConfig,
... other configurations that works!
In starter's dependencies I declare the following spring libraries among others:
implementation("org.springframework.boot:spring-boot-starter-security")
implementation("org.springframework.cloud:spring-cloud-security")
implementation("org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure:$oauth2SecurityVersion")
Now I declare dependency to the starter - and looks like it should work, but it doesn't.
I'm getting some Autowiring errors, but the root cause of them is obvious in --debug mode:
OAuth2ResourceServerConfiguration:
Did not match:
- @ConditionalOnBean (types: org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration; SearchStrategy: all) did not find any beans of type org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration (OnBeanCondition)
Matched:
- @ConditionalOnClass found required classes 'org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer', 'org.springframework.boot.autoconfigure.security.SecurityProperties' (OnClassCondition)
- @ConditionalOnWebApplication (required) found 'session' scope (OnWebApplicationCondition)
- OAuth ResourceServer Condition found client-id property (OAuth2ResourceServerConfiguration.ResourceServerCondition)
In short - there is no ResourceServerConfiguration bean in context. Which is extremely strange, because my ResourceServerConfig is annotated with @EnableResourceServer, which in turn is just a meta-annotation for @Import(ResourceServerConfiguration.class)
Also, in --debug, I'm seeing my auto configuration class getting picked up
Unconditional classes:
----------------------
[corporate-package].starter.ResourceServerConfig
What kind of strange (or not) is that it's listed first in Unconditional classes.
Ok, I've tried to add @EnableResourceServer on application main class - and things got even more weird.
Now my class is loading, and configuration methods are called, but I'm getting the following error:
Can't configure antMatchers after anyRequest
In my ResourceServerConfig configure(http: HttpSecurity) method. Weird' I don't have anyRequest() call here. I've debugged, and found that it's configured by OAuth2ResourceServerConfiguration.ResourceSecurityConfigurer class.
@Bean
@ConditionalOnMissingBean(ResourceServerConfigurer.class)
public ResourceServerConfigurer resourceServer() {
return new ResourceSecurityConfigurer(this.resource);
}
What's weird, is that it's created only when no other bean of type ResourceServerConfigurer is created, but my bean is implementing this interface (indirectly, via ResourceServerConfigurerAdapter) and is getting added to the context and gettings invoked.
I've tried adding @AutoConfigureBefore(OAuth2ResourceServerConfiguration::class) on my class, but with no success.
I'm stuck and looks like I fundamentally misunderstand some obvious thing.
Any help on getting OAuth2 configuration to work from custom starter is greatly appreciated! Thanks in advance and merry Xmas!
