Develop Reference

Micronaut oauth2 result interceptor

I'm including micronaut oauth2 authentication in my project calling Amazon cognito feature.
It is working fine but I want to include metrics about authentication errors/success so I need something like an interceptor class to be called so I can save the success and errors inside the authentication.
Any suggestion?
Regards

Override Spring Boot Security

Spring Boot Security,
My Application is already running using Spring Security. Now I want to authenticate the users through OAuth. Is there any way to build a custom servlet to achieve this?

You can add a new Filter to intercept and authenticate OAuth requests in which it should call the authenticationManager.authenticate method and save the result of the authentication token in the SecurityContextHolder. This way the user is fully authenticated.
Note, that this way you don't "override" or "bypass" the Spring Security. You just use it to perform a different authentication.

Developing webapi in Grails using jaxrs plugin Spring Security settings needed

I am developing the webapi using jaxrs plugin in a Grails project (existing) in which there is Spring Security configured which is not allowing me to access the api urls i.e /api/**
I am getting You are not authorised to access this page though I have logged in as Admin but I am not able to configure the access to this path with/without authentication.

I guess you're using spring security?
Authentication is generally handled a little differently when implementing a rest api. Check out the excellent Spring Security REST Plugin. There's some really nice documentation here that explains the authentication lifecycle.

Redirecting not logged requests to external URL with Spring Security

I have a web application using spring mvc and spring security.
Not-logged requests must be redirected to a external legacy system for authentication. The external system doesn't need any parameter from the spring webapp. The legacy system would (or not) authenticate the user and put a cookie/header/parameter on a new request. Then this request will be authenticated using this cookie, header or parameter against the spring webapp.
Is there a 'right' way to do this redirection? I am thinking of implementing a completely new AuthenticationEntryPoint that simply sendRedirect the request to the external system.
I'm unsure about which is the 'right' way to authenticate the already authenticated request against the spring webapp. Should I use the pre-authentication framework or am I right just implementing a filter that extract the credential and authenticates it?
Thanks in advance.

How to set scope to client application in wso2

I have set the wso2 api manager 1.6 and I have a rest api at the backend to which this is calling.
I know that wso2 provides Oauth 2.0 support. but I am not able to find out how scopes are handled.
This is my specific scenario:
I have a client application to which i want to assign scope view Photos. And another client application with a scope to delete photos.
Now in the Api manager I want to restrict access to the delete api only to the client application which has the delete photos scope.
How can this be handled in wso2?.

One approach is to explicitly get information about scopes in your application and perform manual validation (or through some framework, like Spring Security in Java world).
Scope information for oauth token can be found by sending request to validation web service at Identity Server (or Api Manager server, if you do not have separate IS).
Validation service endpoint is: services/OAuth2TokenValidationService/
WSDL file for this SOAP service can be found in their repository
EDIT:
Since Api Manager 1.7 you can define this security settings in manager itself. Check out this blogpost for details: http://nuwanzone.blogspot.ru/2014/06/oauth-20-scopes-with-wso2-api-manager.html