How to get custom user info from OAuth2 authorization server /user endpoint

The solution is the implementation of a custom UserInfoTokenServices Just Provide your custom implementation as a Bean and it will be used instead of the default one. Inside this UserInfoTokenServices you can build the principal like you want to. This UserInfoTokenServices is used to extract the UserDetails out of the response of the /usersendpoint … Read more

Can I make a custom controller mirror the formatting of Spring-Data-Rest / Spring-Hateoas generated classes?

I’ve found a way to imitate the behavior of Spring Data Rest completely. The trick lies in using a combination of the PagedResourcesAssembler and an argument-injected instance of PersistentEntityResourceAssembler. Simply define your controller as follows… @RepositoryRestController @RequestMapping(“…”) public class ThingController { @Autowired private PagedResourcesAssembler pagedResourcesAssembler; @SuppressWarnings(“unchecked”) // optional – ignores warning on return statement below… … Read more

spring PropertyPlaceholderConfigurer and context:property-placeholder

<context:property-placeholder … /> is the XML equivalent to the PropertyPlaceholderConfigurer. So, prefer that. The <util:properties/> simply factories a java.util.Properties instance that you can inject. In Spring 3.1 (not 3.0…) you can do something like this: @Configuration @PropertySource(“/foo/bar/”) public class ServiceConfiguration { @Autowired Environment environment; @Bean public javax.sql.DataSource dataSource( ){ String user = this.environment.getProperty(“ds.user”); … } … Read more

Why use service layer?

Having the service layer be a wrapper around the DAO is a common anti-pattern. In the example you give it is certainly not very useful. Using a service layer means you get several benefits: you get to make a clear distinction between web type activity best done in the controller and generic business logic that … Read more

Neither BindingResult nor plain target object for bean name available as request attr [duplicate]

Make sure that your Spring form mentions the modelAttribute=”<Model Name”. Example: @Controller @RequestMapping(“/greeting.html”) public class GreetingController { @ModelAttribute(“greeting”) public Greeting getGreetingObject() { return new Greeting(); } /** * GET * * */ @RequestMapping(method = RequestMethod.GET) public String handleRequest() { return “greeting”; } /** * POST * * */ @RequestMapping(method = RequestMethod.POST) public ModelAndView processSubmit(@ModelAttribute(“greeting”) Greeting … Read more

How to access Spring-boot JMX remotely

By default JMX is automatically accessible locally, so running jconsole locally would detect all your local java apps without port exposure. To access an app via JMX remotely you have to specify an RMI Registry port. The thing to know is that when connecting, JMX initializes on that port and then establishes a data connection … Read more

Spring Security: mapping OAuth2 claims with roles to secure Resource Server endpoints

After messing around a bit more, I was able to find a solution implementing a custom jwtAuthenticationConverter, which is able to append resource-specific roles to the authorities collection. http.oauth2ResourceServer() .jwt() .jwtAuthenticationConverter(new JwtAuthenticationConverter() { @Override protected Collection<GrantedAuthority> extractAuthorities(final Jwt jwt) { Collection<GrantedAuthority> authorities = super.extractAuthorities(jwt); Map<String, Object> resourceAccess = jwt.getClaim(“resource_access”); Map<String, Object> resource = null; Collection<String> … Read more

URL encoding using the new Spring UriComponentsBuilder

UriComponentsBuilder is encoding your URI in accordance with RFC 3986, with section 3.4 about the ‘query’ component of a URI being of particular note. Within the ‘query’ component, the characters / and : are permitted, and do not need escaping. To take the / character for example: the ‘query’ component (which is clearly delimited by … Read more

Spring MVC Annotated Controller Interface with @PathVariable

Apparently, when a request pattern is mapped to a method via the @RequestMapping annotation, it is mapped to to the concrete method implementation. So a request that matches the declaration will invoke GoalServiceImpl.removeGoal() directly rather than the method that originally declared the @RequestMapping ie GoalService.removeGoal(). Since an annotation on an interface, interface method, or interface … Read more