Failure when defining a custom ClientDetailsService in AuthorizationServerConfigurerAdapter

[imod]

This is a copy of https://jira.spring.io/browse/SECOAUTH-451

While configuring a AuthorizationServer with @EnableAuthorizationServerand AuthorizationServerConfigurerAdapter I have the need to define a custom implementation of a ClientDetailsService which I tried like this:

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
    ClientDetailsService clientDetailsService = getCustomClientDetailsService();
    endpoints.clientDetailsService(clientDetailsService);
}

although this seems work in the first place, one still also has to override:

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients.inMemory().withClient()....
}

if not, the the following error will be thrown.
This makes it impossible to define a custom implementation of a ClientDetailsService.

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'scopedTarget.clientDetailsService' defined in class path resource [org/springframework/security/oauth2/config/annotation/configuration/ClientDetailsServiceConfiguration.class]: Instantiation of bean failed;
nested exception is org.springframework.beans.factory.BeanDefinitionStoreException: Factory method [public org.springframework.security.oauth2.provider.ClientDetailsService org.springframework.security.oauth2.config.annotation.configuration.ClientDetailsServiceConfiguration.clientDetailsService() throws java.lang.Exception] threw exception;
nested exception is java.lang.UnsupportedOperationException: Cannot build client services (maybe use inMemory() or jdbc()).

[dsyer]

Can't you just

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients.withClientDetails(getCustomClientDetailsService());
}

(which begs the question why we need AuthorizationServerEndpointsConfigurer.clientDetailsService() at all)?

[imod]

No sorry, but that does not work, please also have a look at the comments in https://jira.spring.io/browse/SECOAUTH-451

although not tested yet, I think you change now made it even more impossible.

[dsyer]

I saw the comments, but there isn't enough detail. Can you create a minimal test project with 2.0.5 and show what actually goes wrong?

[danielfariati]

I tried the solution provided by @dsyer and it worked just fine.

[xiejx618]

org.springframework.security.oauth2.config.annotation.configuration.ClientDetailsServiceConfiguration#clientDetailsService . it creates a bean with name "clientDetailsService ". And I custom my ClientDetailsService, and I use @Autowired private ClientDetailsService clientDetailsService to inject to AuthorizationServerConfigurerAdapter. I found that it inject ClientDetailsServiceConfiguration#clientDetailsService Bean instead of my custom clientDetailsService .so I have to use @qualifier("clientDetailsServiceImpl") to inject my custom clientDetailsService.

@dsyer Can you improve it? for example,to change ClientDetailsServiceConfiguration#clientDetailsService bean default name "clientDetailsService".

[maciejmiklas]

The clients-solution works, just do not Inject into your code classes like AuthorizationEndpoint, because this will change initialization order and configuerer will be ignored. Spring will create AuthorizationEndpoint in first place with InMemoryClientDetailsService and after that the configurer will get created, but it's too late.