ResourceServerProperties DEFAULT filterOrder is not 0. #993
Comments
@MysteryAngle |
@MysteryAngle @frankskywalker The default order for the Resource Server filter chain has been changed in Spring Boot 1.5.0. It's documented here. To restore the previous order, take a look at this comment. Essentially, add this configuration in your
I'm going to close this issue as this should solve it for you. |
@jgrandja I'm struggling to understand the overall structure and design of the Spring Oauth after I've gone through all the official docs. Should I read from the source code, or any other material I should look at first ? With 1.4.3 I have Oauth2AuthenticationProcessingFilter in the Filter Chain |
@frankskywalker Do you have a custom |
It's work for me thanks. |
@jgrandja Thanks for the explanation. |
@frankskywalker Do you have form login enabled? Do you have a working example that I can take a look at? I am also trying to combine auth and resource server and when I change filter order as suggested I can't get to the login page. |
For latest release of Spring boot 2.5.1 and corresponding spring security starter which I am working on right now - the property security.oauth2.resource.filter-order=3 is not exist. So you can use below annotation on top of resource server config class @order(value = 3) |
Spring Boot 1.5.1
spring-cloud-dependencies:Camden.SR5
ResourceServerProperties is activated when I use both the authorization service and the resource service on the same server at the same time, but filterOrder default value is SecurityProperties.ACCESS_OVERRIDE_ORDER - 1, which will cause the AnyRequestMatcher of the custom WebSecurityConfigurerAdapter. OAuth2AuthenticationProcessingFilter will never be used.
The text was updated successfully, but these errors were encountered: