403 error instead of okta login form (Spring Boot)

I’m trying to add authentication to my Spring Boot app, with this tutorial :

I created a “restricted” page, with this rule :
http.authorizeRequests() .antMatchers("/home").permitAll() .antMatchers("/restricted").authenticated();

But the restricted page do not go to okta login form. Instead, I have a 403 error (shown by my custom ErrorController)

Do you know how to investigate ?

What version of Spring Boot and the Okta Spring Boot starter are you using? The tutorial you’re referencing uses @EnableOAuth2Sso and uses Spring Boot v2.0.5.RELEASE.

The current version (1.4.0) of our Okta Spring Boot starter works with Spring Boot 2.2+. If you need support for Spring Boot 1.5.x, use version 0.6.

With Spring Boot 2.2, you’ll use Spring Security’s DSL to configure it to login with oauth2Login(). For example:

@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()
                .antMatchers("/home").permitAll()
                .anyRequest().authenticated()
            .and().oauth2Login();
    }
}

I use Spring Boot v1.5.4.RELEASE, so yes I took the v0.6.0 of Okta.

Here are the dependencies that I added :

<dependency>
        <groupId>com.okta.spring</groupId>
        <artifactId>okta-spring-boot-starter</artifactId>
        <version>0.6.0</version>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
        <version>2.4.0</version>
    </dependency>

    <dependency>
        <groupId>org.thymeleaf.extras</groupId>
        <artifactId>thymeleaf-extras-springsecurity4</artifactId>
        <version>2.1.2.RELEASE</version>
    </dependency>

    <dependency>
        <groupId>org.springframework.security.oauth.boot</groupId>
        <artifactId>spring-security-oauth2-autoconfigure</artifactId>
        <version>2.3.4.RELEASE</version>
    </dependency>

You don’t need spring-boot-starter-security as the Okta starter includes that. I believe you can remove the other Spring OAuth dependency too. If that doesn’t work, the Spring OAuth dependency probably needs to match your Spring Boot version.

The Spring OAuth dependency is no more available at version 1.5.4.RELEASE in the mvn repository

I can remove the two mentionned dependencies, but I still have the issue :neutral_face:

If you’re able to use Spring 2.2+, this tutorial is more recent and will likely work better for you.

Ok, I will try it later.
Thank you for your answers.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.