oauth2-resource | oauth2-resource | OAuth library

I want to implement security on my Spring cloud gateway server by making it an oAuth2 resource server. The requests are getting authenticated against my spring security authorization server. For some requests I want to pass the userId of the authenticated user as a request header to my downstream services.

Here's my route:

Hi I'm using the Which azure-spring-boot-sample-active-directory example to use to validate access token in a Spring Boot application coming from a Vue.js application? 03-resource-server code to validate the token. But I'm getting an 401 response all the time while using Postman and no Body in response. what might be the issue? I'm stuck on this for last few days Please do help

Configuration:

When using simple spring boot configuration with normal spring parent in pom.xml I have no problem configuring oauth2 resource server.

However with JHipster dependency management by no means i can configure it. I was trying to do it just by adding

I'm trying to implement opaque token validation for my resource server, which runs on Spring Boot 2.4.5 with the dependencies spring-boot-starter-oauth2-resource-server and oauth2-oidc-sdk, and I am struggling to make the call to the introspection endpoint work.

The authorization server is WSO2 Identity Server.

Here's my code:

I have small project in spring boot with oauth2, i want to run resource server

settings:

• Java 17
• spring-boot-starter-parent version 2.5.6
• spring-cloud-dependencies version 2020.0.4
• spring-boot-starter-oauth2-resource-server
• spring-security-oauth2-autoconfigure

When i want to run my app i have exception:

I need to run on Linux on AWS EC2 me jar file. I have a multi-project on Gradle. I know that there are many analogs of my problem, but I did not find anything with the multi-project.

The structure of my project is as follows

I'm configuring spring cloud api gateway to support several security chains. To do that I'm using several security filter chains which triggered on specific security header presence:

1. The legacy one which already use Authorization header
2. And new implementation, that integrated with external idp. This solution utilize resource service capabilities. And for this chain I'd like to use, lets say "New-Auth" header.

In case I tune my current setup to trigger second (idp) chain on Authorization header presence (and make call with IDP token), then everything works fine. This way security chain validates token that it expect in Authorization header against idp jwk. But this header is already reserved for legacy auth.

I guess I need a way to point spring resource server chain a new header name to look for.

My security dependencies:

So I'm working on a Resource Server (a Spring Boot app), and I would like to leverage the goodies of Spring Security OAuth2 Resource Server library.

The problem I'm facing right now is that the Authorization Server (another Spring Boot app) signs JWTs with a symmetric key, that was set to a pretty short string a long time ago, and I that cannot change.

I tried this, following the Spring Security documentation:

I am trying to familiarize myself with Spring Security, in particular migrating from Spring Security OAuth to Soring Security (as in the following example/guide https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide).

However, I am seeming to only get 403 Forbidden errors. I am accessing from Postman and am using my company's existing OAuth server. I am able to get a token from the auth server, so I know I have those credentials correct and I have verified what roles the OAuth user has.

I am using the following dependencies: