Oauth2 autoconfig Request method 'POST' not supported

[Diandson]

Overview of the issue

I generate a simple app and I want to use oauth2 whith client_credentials to authenticate others apps.
Since version 7.0 io.githhub.jhipster => tech.jhipster an spring version changed. I would like to know if this is in new jhipster dependancies cause thh error or is about spring version.

Motivation for or Use Case

Different config

@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@import(SecurityProblemSupport.class)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

private final JHipsterProperties jHipsterProperties;

private final TokenProvider tokenProvider;

private final CorsFilter corsFilter;
private final SecurityProblemSupport problemSupport;

@Autowired
private UserDetailsService userDetailsService;


@Bean
@Override
protected AuthenticationManager authenticationManager() throws Exception {
    return super.authenticationManager();
}


public SecurityConfiguration(
    TokenProvider tokenProvider,
    CorsFilter corsFilter,
    JHipsterProperties jHipsterProperties,
    SecurityProblemSupport problemSupport
) {
    this.tokenProvider = tokenProvider;
    this.corsFilter = corsFilter;
    this.problemSupport = problemSupport;
    this.jHipsterProperties = jHipsterProperties;
}

@Override
public void configure(WebSecurity web) {
    web
        .ignoring()
        .antMatchers(HttpMethod.OPTIONS, "/**")
        .antMatchers("/app/**/*.{js,html}")
        .antMatchers("/i18n/**")
        .antMatchers("/content/**")
        .antMatchers("/swagger-ui/**")
        .antMatchers("/test/**");
}

@Override
public void configure(HttpSecurity http) throws Exception {
    // @formatter:off
    http
        .csrf()
        .disable()
        .addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
        .exceptionHandling()
            .authenticationEntryPoint(problemSupport)
            .accessDeniedHandler(problemSupport)
    .and()
        .headers()
        .contentSecurityPolicy(jHipsterProperties.getSecurity().getContentSecurityPolicy())
    .and()
        .referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN)
    .and()
        .permissionsPolicy().policy("camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()")
    .and()
        .frameOptions()
        .deny()
    .and()
        .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
    .and()
        .authorizeRequests()
        .antMatchers("/api/authenticate").permitAll()
        .antMatchers("/api/register").permitAll()
        .antMatchers("/oauth/**").permitAll()
        .antMatchers("/api/activate").permitAll()
        .antMatchers("/api/account/reset-password/init").permitAll()
        .antMatchers("/api/account/reset-password/finish").permitAll()
        .antMatchers("/api/admin/**").hasAuthority(AuthoritiesConstants.ADMIN)
        .antMatchers("/api/**").authenticated()
        .antMatchers("/websocket/**").authenticated()
        .antMatchers("/management/health").permitAll()
        .antMatchers("/management/health/**").permitAll()
        .antMatchers("/management/info").permitAll()
        .antMatchers("/management/prometheus").permitAll()
        .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
    .and()
        .httpBasic()
    .and()
        .apply(securityConfigurerAdapter());
    // @formatter:on
}

private JWTConfigurer securityConfigurerAdapter() {
    return new JWTConfigurer(tokenProvider);
}

@Bean
public PasswordEncoder passwordEncoder() {
    return new NexctPasswordEncoder();
}
@Bean
public PasswordEncoder passwordEncoder2() {
    return new BCryptPasswordEncoder();
}

@Bean
public DaoAuthenticationProvider daoAuthenticationProvider(){
    DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
    daoAuthenticationProvider.setPasswordEncoder(passwordEncoder2());
    daoAuthenticationProvider.setUserDetailsService(userDetailsService);
    return daoAuthenticationProvider;
}

@Bean
public AjaxLogoutSuccessHandler ajaxLogoutSuccessHandler() {
    return new AjaxLogoutSuccessHandler();
}

}

@configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

@Autowired
private AuthenticationManager authenticationManager;

@Autowired
private UserDetailsService userDetailsService;

@Autowired
private JdbcTemplate jdbcTemplate;

@Autowired
private PasswordEncoder passwordEncoder;

@Value("${security.signing-key}")
private String signingKey;


@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
    JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
    converter.setSigningKey(signingKey);

    endpoints.tokenStore(tokenStore(jdbcTemplate))
            .reuseRefreshTokens(false)
            .accessTokenConverter(converter)
            .authenticationManager(authenticationManager)
            .userDetailsService(userDetailsService);
}

@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
    oauthServer.passwordEncoder(passwordEncoder);
    oauthServer.tokenKeyAccess("hasAuthority('ROLE_TRUSTED_CLIENT')")
            .checkTokenAccess("hasAuthority('ROLE_TRUSTED_CLIENT')");
    oauthServer.allowFormAuthenticationForClients();
}

@Override
public void configure(ClientDetailsServiceConfigurer config) throws Exception {
    config.jdbc(jdbcTemplate.getDataSource());
}


@Bean
public TokenStore tokenStore(JdbcTemplate jdbcTemplate) {
    return new JdbcTokenStore(Objects.requireNonNull(jdbcTemplate.getDataSource()));
}

@Bean
@Primary
public DefaultTokenServices tokenServices() {
    DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
    defaultTokenServices.setTokenStore(tokenStore(jdbcTemplate));
    defaultTokenServices.setSupportRefreshToken(true);
    return defaultTokenServices;
}

}

Reproduce the error

2023-02-11 02:00:29.547 DEBUG 24249 --- [ restartedMain] c.a.JHipsterSpringDocGroupsConfiguration : Initializing JHipster OpenApi customizer
2023-02-11 02:00:30.289 DEBUG 24249 --- [ restartedMain] c.a.JHipsterSpringDocGroupsConfiguration : Initializing JHipster OpenApi default group
2023-02-11 02:00:30.291 DEBUG 24249 --- [ restartedMain] c.a.JHipsterSpringDocGroupsConfiguration : Initializing JHipster OpenApi management group
2023-02-11 02:00:30.981 INFO 24249 --- [ restartedMain] org.jboss.threads : JBoss Threads version 3.1.0.Final
2023-02-11 02:00:31.051 INFO 24249 --- [ restartedMain] com.m2i.authmanager.AuthManagerApp : Started AuthManagerApp in 8.71 seconds (JVM running for 10.054)
2023-02-11 02:00:31.056 INFO 24249 --- [ restartedMain] com.m2i.authmanager.AuthManagerApp :

Application 'AuthManager' is running! Access URLs:
Local: 		http://localhost:8080/
External: 	http://127.0.0.1:8080/
Profile(s): 	[dev, api-docs]

---

en$2a$10$bQVczQTY.Pe9ZcJ/V4r1Le1Py4D1HqTGNLvNR6vv8VyOTNlh0Dms2
arg0$2a$10$bQVczQTY.Pe9ZcJ/V4r1Le1Py4D1HqTGNLvNR6vv8VyOTNlh0Dms2
2023-02-11 02:00:37.168 WARN 24249 --- [ XNIO-1 task-1] o.z.problem.spring.common.AdviceTraits : Method Not Allowed: Request method 'POST' not supported
2023-02-11 02:00:37.223 WARN 24249 --- [ XNIO-1 task-1] .m.m.a.ExceptionHandlerExceptionResolver : Resolved [org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not supported]
en$2a$10$bQVczQTY.Pe9ZcJ/V4r1Le1Py4D1HqTGNLvNR6vv8VyOTNlh0Dms2
arg0$2a$10$bQVczQTY.Pe9ZcJ/V4r1Le1Py4D1HqTGNLvNR6vv8VyOTNlh0Dms2
2023-02-11 02:00:45.468 WARN 24249 --- [ XNIO-1 task-1] o.z.problem.spring.common.AdviceTraits : Method Not Allowed: Request method 'POST' not supported
2023-02-11 02:00:45.470 WARN 24249 --- [ XNIO-1 task-1] .m.m.a.ExceptionHandlerExceptionResolver : Resolved [org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not supported]

Related issues

Suggest a Fix

JHipster Version(s)

JHipster configuration

Entity configuration(s) entityName.json files generated in the .jhipster directory

Browsers and Operating System

• Checking this box is mandatory (this is just to show you read everything)

[Diandson]

I notice that in a springboot simple app this is working find with the same version of spring.

Somme one help please #21076 #20869 @mraible @jdigger @jkutner @gunnarahlberg

[mraible]

It looks like you're using JWT authentication. I believe you need to choose OAuth to use client credentials.

[Diandson]

Yes I keep jwt cause event if I remove it the problem till exist.
The thing is that I don't want redirection login i want to login the application using oauth2 client credentials in background and login user again with jwt.
/oauth/token return always method post not supported.

[github-actions]

This issue is stale because it has been open for too long without any activity.
Due to the moving nature of jhipster generated application, bugs can become invalid.
If this issue still applies please comment otherwise it will be closed in 7 days

[mshima]

We need jhipster info output of the application to reproduce.
Since you have customized code, please post at stackoverflow.