-
-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
get java.lang.RuntimeException: OAuthentication details are immutable on authenticated requests #86
Comments
I am aware of that and I am very sorry: I thought that my fix to this issue (merged a month ago) was in last spring-security version, but it will actually be available only from 6.1.0 (and not 6.0.1 ...). I will rollback the change throwing the exception you face this week and until spring 6.1.0 is published. As a hot-fix until then, you might override the @Configuration
@EnableMethodSecurity
public static class SecurityConfig {
@Bean
OAuth2AuthenticationFactory authenticationFactory(Converter<Map<String, Object>, Collection<? extends GrantedAuthority>> authoritiesConverter) {
return (bearerString, claims) -> new MyAuth(
new OpenidClaimSet(claims),
authoritiesConverter.convert(claims),
bearerString);
}
static class MyAuth extends OAuthentication<OpenidClaimSet> {
public MyAuth(OpenidClaimSet claims, Collection<? extends GrantedAuthority> authorities, String tokenString) {
super(claims, authorities, tokenString);
}
// This is the fix
@Override
public void setDetails(Object details) {
}
}
} I like the idea of Authentication instance to be sealed after being instantiated, but I'll have to wait a bit more. Once again, sorry for inconvenience and hope it won't discourage you from experimenting As you seem to be going through the tutorials, you might bump on the same obstacle in the next one. Same fix: override |
Fixed with 6.0.11 released just now. |
Describe the bug
When using spring-addons-webmvc-jwt-resource-server ( version 6.0.10 or 6.0.11-SNAPSHOT) with spring 3.0.1, the resource server throws exception when securing a request with a valid token ( Stack Trace provided under additional context if relevant ).
Code sample
Can be reproduced using ressource-server_with_oauthentication sample provided in this repository ( i only edited the issuer location in application.properties to match my local issuer ( i used keycloak 20.0.2 )
No tests provided in this sample failed
Expected behavior
Expect that the request is normally processed without throwing exception
Additional context
Stack Trace :
The text was updated successfully, but these errors were encountered: