Add User Authentication to Your Spring Boot App in 15 Minutes

Add User Authentication to Your Spring Boot App in 15 Minutes

Spring Boot makes it fun and easy to build Java webapps. This blog post shows you how to add user authentication to a Spring Boot app.

Joko Andianto

Hai hello next to

lingang hou

got 400 error when click on retstricted button,

Identity Provider: Unknown
Error Code: invalid_request
Description: The ‘redirect_uri’ parameter must be an absolute URI that is whitelisted in the client app settings.

the screen layout looks different with developer.okta.com vs XXX.oktapreview.com, could that be the case

Matt Raible

You should be able to see the URL that your app is sending to Okta by copying it from your browser’s address bar. Paste it into a text editor to see what it is, then adjust your Okta app to use it as a Login Redirect URI.

Subashchandrabose Lingareddy

Hello, I need help in how two different users authenticate themselves using the okta configure method hosted on some machine.

Matt Raible

I don’t understand your question. If it pertains to this blog post, can you please re-phrase it and tell me what you’re trying to do? If it’s not related to this blog post, please ask your question on our developer forums.

Eric Williams

The single sign on instruction seems incomplete… How to enable those social logins on sign in page?

Matt Raible

We have a couple posts on social login with Spring Boot. Add Social Login to Your Spring Boot 2.0 App shows how to do it if you’re using our Sign-In Widget in your application. The second is Add Social Login to Your JHipster App. This one shows you how to customize the hosted sign-in widget to add social buttons.

We hope to make it possible to add social login buttons w/o customizing the widget, but we’re not there yet.

indika

I had the same problem, however once I put the absolute URI http://localhost:8080/login , I get the following now

"Firefox has detected that the server is redirecting the request for this address in a way that will never complete. This problem can sometimes be caused by disabling or refusing to accept cookies."

What could be the issue?

Matt Raible

I haven’t experienced this problem in the past, but I believe you. Does it work in Chrome?

indika

Thanks for the quick reply.
In chrome I get “localhost redirected you too many times” - ERR_TOO_MANY_REDIRECTS.
I downloaded the source from github, added my setting for the application in application.yaml and have configured the developer configs in okta side as you have mentioned.
I get the login credentials opened, but after I hit login with credentials, I get redirected to okta site , then land back at localhost:8080/login with the above mentioned error. Same in Firefox and chrome.

indika

When I troubleshoot through chrome - devtools, this is the path it takes after putting the credentials.
1. https://dev-589579.okta.com… key="">&redirectUrl=https%3A%2F%2Fdev-333.okta.com%2Foauth2%2Fv1%2Fauthorize%2Fredirect%<hash key="">

Response - 302

2. https://dev-589579.okta.com… key="">&redirectUrl=https%3A%2F%2Fdev-333.okta.com%2Foauth2%2Fv1%2Fauthorize%2Fredirect%<some hashkey="">

Response - 302

3. http://localhost:2203/login?code=&state=Bbh1of

Response - 401 ,

This keeps looping if I enable http.authorizeRequests().anyRequest().authenticated().

Not sure
1. Why I am getting a 401 ?
2. Why does it keep running in a loop

Brian Demers

Hey @disqus_5Uulaqhg5y:disqus !

Have you tried an incognito window? My guess is that Okta thinks you are logged in (so correct user/pass) but the redirect isn’t getting processed correctly by your spring app (which will assume you are not logged in, and redirect, and continue the cycle)

In your Okta admin console, what did you use for the redirect URI for your application?

indika

Hey Brian,
Thanks for the reply , I am trying in incognito , same issue. My redirect URL - http://localhost:8080/login.

I am now going to clear everything and start the process again fresh , Let me try that update if I find anything.

indika

Hey Brian,
I did everything from fresh and still getting the same issue.

I then enabled DEBUG tracing and I see the below “ClassNotFound” exception and “No applicable constraints defined” . I am trying to trouble shoot this now to see if that is causing this behavior.

----------------------------Output from logs--------------------------------------
FINE: Received [GET /login HTTP/1.1
Host: localhost:2203
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,ta;q=0.8
Cookie: JSESSIONID=68397D4885ECAF7AF6731555A2C0AE67

]
May 03, 2019 8:22:13 PM org.apache.tomcat.util.http.Rfc6265CookieProcessor parseCookieHeader
FINE: Cookies: Parsing b: JSESSIONID=68397D4885ECAF7AF6731555A2C0AE67
May 03, 2019 8:22:13 PM org.apache.catalina.connector.CoyoteAdapter parseSessionCookiesId
FINE: Requested cookie session id is 68397D4885ECAF7AF6731555A2C0AE67
May 03, 2019 8:22:13 PM org.apache.catalina.authenticator.AuthenticatorBase invoke
FINE: Security checking request GET /login
May 03, 2019 8:22:13 PM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: No applicable constraints defined

May 03, 2019 8:22:13 PM org.apache.catalina.authenticator.AuthenticatorBase invoke
FINE: Not subject to any constraint
May 03, 2019 8:22:13 PM org.apache.catalina.loader.WebappClassLoaderBase findClass
FINE: findClass(java.lang.ObjectCustomizer)
May 03, 2019 8:22:13 PM org.apache.catalina.loader.WebappClassLoaderBase findClass
FINE: → Returning ClassNotFoundException

Brian Demers

You could also have an invalid clientId, clientSecret, or issuer. I’m guessing you have done this already, but double check your config values in your application.yml/properties and the settings in your Okta admin console.

Matt Raible

You might try comparing your code to the example on GitHub. Note that the final code from the tutorial is in the “group-auth” branch. SmartSynchronize is a good tool for comparing directories, if you want to compare file-by-file.

5BJohn

I want to create a React Native/Spring Boot app that will basically be something along the lines of Tinder as far as functionality…find users based on your location, message users, etc. Would this blog post get me off to a good start? Would you recommend anything that would work better for a mobile app? I’m just having trouble figuring out my stack especially when it comes to authentication.

Brian Demers

Take a look at @mattraible 's post Build a Mobile App with React Native and Spring Boot
https://developer.okta.com/…

vinh

Hello. Can we handle the authorities (roles) of the user in the appliation (not in okta admin) ?