Spring Boot Migration from 1.5.X to 2.1

Hi there,

I´m a little bit lost: I´m trying to migrate my project (I´ts just an API serving JSON) to Spring Boot 2.1 from 1.5.X and somehow the biggest challenge to me is okta. I cannot get it to work.

I think I looked at almost every tutorial, quickstart or something that has to do with spring boot 2, but it gets much more worser, since everything is using different dependencies and settings.

I tried this readme first https://github.com/okta/okta-spring-boot

I added
<dependency> <groupId>com.okta.spring</groupId> <artifactId>okta-spring-boot-starter</artifactId> <version>${okta-spring-boot-starter.version}</version> </dependency>

to my pom, added a @Configuration class “OktaOAuth2WebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter” with

    @Override
protected void configure(HttpSecurity http) throws Exception {
	 http
     .authorizeRequests().anyRequest().authenticated()
     .and()
     .oauth2ResourceServer().jwt();
}

to spring boot and gave it a shot: Basically it´s doing nothing - I just got an error stack trace complaining that a database relation does not exists. This is right, because I´m setting the schema based on the token. But there´s no token anymore in the request.

From debugging I can see, that classes like OktaOAuth2ResourceServerAutoConfig are called and its stepping into my “OktaOAuth2WebSecurityConfigurerAdapter” configure class as well.

What am I doing wrong here? Some quickstarts are using oauth2 autoconfigure and enableResourceServe - I used this in 1.5 as well - but then I´m getting “invalid_token” at any time. On the other hand using the oauthautoconfigure and enableResourceServer is not mentioned here: https://github.com/okta/okta-spring-boot but there: https://developer.okta.com/blog/2018/08/16/secure-api-spring-boot-graphql

Can someone clarify this a little bit up?

Best regards
Marius

Hey @mhornung!

They OAuth changes between Boot 1.5 and 2.1 are significant (though a great change IMHO). Previously, the OAuth module was separate from Spring Security, now it has been pulled into the project proper.

One of the biggest changes is with how resource servers are configured. You can take a look at this example: https://github.com/okta/samples-java-spring/blob/master/resource-server/src/main/java/com/okta/spring/example/ResourceServerExampleApplication.java

Take a look at the ‘configure’ and ‘getUserProfile’ methods.

Let me know if I can answer any other questions!