The Author Online Book Forums are Moving

The Author Online Book Forums will soon redirect to Manning's liveBook and liveVideo. All book forum content will migrate to liveBook's discussion forum and all video forum content will migrate to liveVideo. Log in to liveBook or liveVideo with your Manning credentials to join the discussion!

Thank you for your engagement in the AoF over the years! We look forward to offering you a more enhanced forum experience.

461784 (3) [Avatar] Offline

First of all thanks for the great book! A real deal breaker! I've managed to setup the Authorization Service from Chapter 7.2! I can authorize my users and I get the token. However when I try to invoke my token details by using this POST command:

I get a 500 internal server error telling me that: "java.lang.NullPointerException" which I find is related to this piece of code.

@RequestMapping(value = { "/user" }, produces = "application/json")
    public Map<String, Object> user(OAuth2Authentication user) {
        Map<String, Object> userInfo = new HashMap<>();
        userInfo.put("user", user.getUserAuthentication().getPrincipal());
        userInfo.put("authorities", AuthorityUtils.authorityListToSet(user.getUserAuthentication().getAuthorities()));
        return userInfo;

More specifically I see that OAuth2Authentication is null. It seems to me that some configuration is missing in either the WebSecurityConfigurer or OAuth2Config classes.

I've checked everything and I see no errors on my side, because the code is copy pasted from your repo ex Master branch. Maybe there is something missing? In the book it states that this code should work.

Thanks in advance.
461784 (3) [Avatar] Offline
Ok I understood what went wrong, this was due to my setup in WebSecurityConfigurer class. I had to remove these two methods which were csrf related:

	private CsrfTokenRepository csrfTokenRepository() {
		HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
		return repository;

	protected void configure(HttpSecurity http) throws Exception {

But now instead of the user info json, I get this, when making a GET request to http://localhost:8999/auth/user

        <title>Login Page</title>
    <body onload='document.f.username.focus();'>
        <h3>Login with Username and Password</h3>
        <form name='f' action='/auth/login' method='POST'>
                        <input type='text' name='username' value=''>
                        <input type='password' name='password'/>
                    <td colspan='2'>
                        <input name="submit" type="submit" value="Login"/>
                <input name="_csrf" type="hidden" value="30e1316c-34ed-4731-b8b2-d405f11f7b78" />
joshuawhite929 (16) [Avatar] Offline
Help me understand where you are in this chapter. From the beginning, I can run the following without a problem. Note, I am using a Mac and I am using HTTPie (see: from the command line. I am able to execute the following using the "master" branch:

mvn clean package docker:build

docker-compose -f docker/common/docker-compose.yml up

For user: john.carnell
Get an "access_token" for john.carnell:
http -a eagleeye:thisissecret -f POST http://localhost:8901/auth/oauth/token grant_type=password scope=webclient username=john.carnell password=password1

Using the "access_token" returned from executing the above (note, yours will be different):
http :8901/auth/user 'Authorization:Bearer e710efc3-4ab5-4798-85d4-98eb4a5f2a81'

For user: william.woodward
Get an "access_token" for william.woodward:
http -a eagleeye:thisissecret -f POST http://localhost:8901/auth/oauth/token grant_type=password scope=webclient username=william.woodward password=password2

Using the "access_token" returned from executing the above (note, yours will be different):
http :8901/auth/user 'Authorization:Bearer 33b5b4ad-6271-49ca-a3d7-3e027f51f54d'

These seems to work fine. I noticed the port you are using is different. Can you double check that?
461784 (3) [Avatar] Offline

this is my stackoverflow question:

Minus the above two methods that I have commented out.