问题:

I am trying to implement Spring Boot Oauth2 using JDBC token store. When I use the following url:

http://localhost:8080/oauth/token

I am getting following output:

{ "error": "server_error", "error_description": "This object has not been built" }

Please find below my concerned configuration classes:

1. AuthorizationServerConfig

@Configuration @EnableAuthorizationServer public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

public static final String CHECK_TOKEN_ACCESS_IS_AUTHENTICATED = "isAuthenticated()";
public static final String CLIENT_ID = "my-sh-client";
public static final String GRANT_TYPE_PASSWORD = "password";
public static final String GRANT_TYPE_AUTHORIZATION_CODE = "authorization_code";
public static final String GRANT_TYPE_REFRESH_TOKEN = "refresh_token";
public static final String GRANT_TYPE_IMPLICIT = "implicit";
public static final String GRANT_TYPE_CLIENT_CREDENTIALS = "client_credentials";
public static final String AUTHORITIES_ROLE_CLIENT = "ROLE_CLIENT";
public static final String AUTHORITIES_ROLE_TRUSTED_CLIENT = "ROLE_TRUSTED_CLIENT";
public static final String SCOPE_READ = "read";
public static final String SCOPE_WRITE = "write";
public static final String SCOPE_TRUST = "trust";
public static final String RESOURCE_ID = "oauth2-resource";
public static final Integer ACCESS_TOKEN_VALIDITY_SECONDS = 5000;
public static final Integer REFRESH_TOKEN_VALIDITY_SECONDS = 6000;
public static final String CLIENT_SECRET = "secret";

@Autowired
private AuthenticationManager authenticationManager;

@Autowired
private DataSource dataSource;

@Bean
public JdbcTokenStore tokenStore() {
    return new JdbcTokenStore(dataSource);
}

@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
    security.checkTokenAccess(CHECK_TOKEN_ACCESS_IS_AUTHENTICATED);
}

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients.inMemory().withClient(CLIENT_ID).authorizedGrantTypes(GRANT_TYPE_PASSWORD, GRANT_TYPE_AUTHORIZATION_CODE,
            GRANT_TYPE_REFRESH_TOKEN, GRANT_TYPE_IMPLICIT, GRANT_TYPE_CLIENT_CREDENTIALS).authorities(AUTHORITIES_ROLE_CLIENT,
                    AUTHORITIES_ROLE_TRUSTED_CLIENT).scopes(SCOPE_READ, SCOPE_WRITE, SCOPE_TRUST).resourceIds(
                            RESOURCE_ID).accessTokenValiditySeconds(
                                    ACCESS_TOKEN_VALIDITY_SECONDS).refreshTokenValiditySeconds(
                                            REFRESH_TOKEN_VALIDITY_SECONDS).secret(CLIENT_SECRET);
}

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
    endpoints.authenticationManager(authenticationManager);
    endpoints.tokenStore(tokenStore());
}}

2 ResourceServerConfig

@Configuration @EnableResourceServer public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

@Autowired
private DataSource dataSource;

@Override
public void configure(ResourceServerSecurityConfigurer resources)
        throws Exception {
    resources.resourceId(AuthorizationServerConfig.RESOURCE_ID).tokenStore(tokenStore());
}

@Bean
public TokenStore tokenStore() {
    return new JdbcTokenStore(dataSource);
}

@Override
public void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers(
            SecurityRestEndPoints.SECURITY_BASE_V1 + "/**").hasAuthority("ADMIN");
}}

3 SecurityConfiguration

@Configuration @EnableWebSecurity public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

@Autowired
UserService userservice;

@Override
public void init(WebSecurity web) {
    web.ignoring().antMatchers("/");
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    for (User user : userservice.getAllUsers()) {
        if (user.getLoginId() != null && user.getPassword() != null) {
            for (Role role : user.getRole()) {
                auth.jdbcAuthentication().withUser(user.getLoginId()).password(user.getPassword()).roles(
                        role.getRoleName().toUpperCase());
            }
        }
    }
}

@Bean
@Override
public AuthenticationManager authenticationManagerBean()
        throws Exception {
    return super.authenticationManagerBean();
}}

4 Application Class

@SuppressWarnings("deprecation") @SpringBootApplication @ComponentScan({ "com.sh" }) @EntityScan("com.sh.security.entity") @EnableJpaRepositories("com.sh.security.repository") public class Application extends WebMvcConfigurerAdapter {

public static void main(String[] args) {
    SpringApplication.run(Application.class, args);
}

@Override
public void addCorsMappings(CorsRegistry registry) {
    registry.addMapping("/**").allowedOrigins("*").allowedMethods("*");
}}

The following is the database schema I have used which created my oauth tables:

create table oauth_client_details (
  client_id VARCHAR(256) PRIMARY KEY,
  resource_ids VARCHAR(256),
  client_secret VARCHAR(256),
  scope VARCHAR(256),
  authorized_grant_types VARCHAR(256),
  web_server_redirect_uri VARCHAR(256),
  authorities VARCHAR(256),
  access_token_validity INTEGER,
  refresh_token_validity INTEGER,
  additional_information VARCHAR(4096),
  autoapprove VARCHAR(256)
);

create table oauth_client_token (
  token_id VARCHAR(256),
  token LONGVARBINARY,
  authentication_id VARCHAR(256),
  user_name VARCHAR(256),
  client_id VARCHAR(256)
);

create table oauth_access_token (
  token_id VARCHAR(256),
  token LONGVARBINARY,
  authentication_id VARCHAR(256),
  user_name VARCHAR(256),
  client_id VARCHAR(256),
  authentication LONGVARBINARY,
  refresh_token VARCHAR(256)
);

create table oauth_refresh_token (
  token_id VARCHAR(256),
  token LONGVARBINARY,
  authentication LONGVARBINARY
);

create table oauth_code (
  code VARCHAR(256), authentication LONGVARBINARY
);

How should I persist the oauth2 access token and how should I resolve this issue