Spring boot with oauth pom version question

Hi all,

I've ran into a problem getting my oauth to work because I'm not getting being past the basic authentication.  I've been trying to setup my oauth authentication server following the demos on the spring site.  I've gotten the examples to work with no problems.  My problem is that even though I've tried copying configuration parts exactly, but I still can't get past the basic authentication.  One big difference between my pom file and the spring demos and even random demos pom files on the internet is that those don't have versions explicitly listed for the oauth dependency as far as I can see.   When I put my dependencies in my pom file as they are in the demos and tutorials, the IDE doesn't let me compile because it says the versions are missing. I'm thinking that because I'm using boot, if I put a version maybe spring boot is not auto configuring things that need to be configured in order for the oauth to be used out of the box.  Does that train of thought make any sense? I'm at a loss because I can't just look at a log file and find my problem.  

Ultimately my problem is I can't get past the basic authentication and I think it's because of my pom file.   I've tried so many different configurations with in memory, userdetailservices, and even just putting a user and password in the application.properties file.

What the demos' and tutorials' dependencies look like
       <dependency> <groupId>org.springframework.security.oauth</groupId> <artifactId>spring-security-oauth2</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-jwt</artifactId> </dependency>

What mine look like if I want to compile and run my program
       <dependency> <groupId>org.springframework.security.oauth</groupId> <artifactId>spring-security-oauth2</artifactId>                   <version>2.2.1.RELEASE</version> </dependency>                <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-jwt</artifactId>                   <version>1.0.9.RELEASE</version> </dependency>  

I'd appreciate any insight! I'm really stuck      

I think that you may be missing the security starter <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency>Do either of these samples work for you:
https://spring.io/guides/tutorials/spring-boot-oauth2/
https://spring.io/guides/gs/securing-web/

Which version of Spring Boot are you using? Recently the general release of Spring Boot 2 became available.

I definitely have the starter for security.  I decided I should take it one step at a time, so I am just trying to get my basic authentication right.  So the exception I was getting was 'no passwordencoder was mapped for the id' which has to do with a newer way of storing passwords in spring.   My new problem right now is that I manually added a user into the database that my userDetailsservice uses with an appropriate id.  I don't get any exceptions thrown but I am getting a bad credentials when I try to login with the good username/password.  But also, maybe this question is more straightforward, when I enter random letters into the login page it throws a userdetailsservice returns null which is a contract violation exception.  

thank you!!

PS I'm using the latest one.  I got my original project from the start spring page.

Okay, I fixed it so when the username/password are gibberish it throws an exception instead so that works now.

I think the problem is with my userdetails object or userdetailsservice, because when I remove all the security config, userdetails, and userdetails classes the default auto configuration works perfectly.  I'll put them here because there might be some glaring error to why my good username/password isn't letting me in.
public interface UserRepository extends JpaRepository<UserPrincipal, Long> {    UserPrincipal findOneByUsername(String username);     }  
@Entity @Table(name = "users") public class UserPrincipal implements UserDetails { static final long serialVersionUID = 1L; @Id @GeneratedValue(strategy = GenerationType.AUTO) @Column(name = "user_id", nullable = false, updatable = false) private Long id; @Column(name = "username", nullable = false, unique = true) private String username; @Column(name = "password", nullable = false) private String password; @Column(name = "enabled", nullable = false) private boolean enabled; @Override public Collection<? extends GrantedAuthority> getAuthorities() { List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); return authorities; } @Override public boolean isAccountNonExpired() { return true; } @Override public boolean isAccountNonLocked() { // we never lock accounts return true; } @Override public boolean isCredentialsNonExpired() { // credentials never expire return true; } @Override public boolean isEnabled() { return enabled; } @Override public String getPassword() { return password; } @Override public String getUsername() { return username; } }

@Service("userDetailsService") public class UserService implements UserDetailsService {        @Inject UserRepository userRepository;    @Override    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {        UserDetails user = userRepository.findOneByUsername(username);        if(user == null)            throw new UsernameNotFoundException(username);        return userRepository.findOneByUsername(username);    }     }
I was going to put my configuration up but it seems like whatever I do now for that doesn't work at all. Maybe there's something wrong there.

thanks!

Pete Letkeman wrote:
https://spring.io/guides/gs/securing-web/

So I changed my project to use a configuration like the one in that link except with HTTPbasic and it worked with the in memory userdatabase, so there must be something wrong with my userdetails or userdetailsservice.   Is it possible that because the userdetails has no authorities so it's not being authorized?

I figured out what my problem was. I knew that the datasource and service was at least getting the users and passwords from the database because it was throwing an exception about there being no id for the format password format.  After looking at my database, the database password column was BINARY instead of VARCHAR so after changing it and deleting all of the config it worked!!!
 I'm so happy. It took me like 20 hours to figure that out.
   

Isn't it great when you are able to figure something out like this with little to no help.
Sometimes all that you need to do is take a step back and rephrase the question/problem.

Keep up the good work and enjoy a cow.