StackOverflowError in spring oauth2 with custom ClientDetailsService

I made my own implementation of ClientDetailsService:

@Service
public class JpaClientDetailsService implements ClientDetailsService {
    @Autowired
    private ClientRepository clientRepositoy;

    @Override
    public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
        ClientDetails client = clientRepositoy.findOne(clientId);
        if (client == null) {
            throw new ClientRegistrationException(String.format("Client with id %s not found", clientId));
        }
        return client;
    }
}

ClientRepository is a standard JpaRepository.

I configured an AuthorizationServerConfigurerAdapter like this:

@Configuration
@EnableAuthorizationServer
@EnableResourceServer
public class OAuth2ServerConfig extends AuthorizationServerConfigurerAdapter {
    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private ClientDetailsService clientDetailsService;

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.authenticationManager(authenticationManager);
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.withClientDetails(clientDetailsService);
    }
}

But when I go to http://localhost:9999/oauth/authorize?response_type=code&client_id=lipton, I get a

java.lang.StackOverflowError: null. Spring loops on com.sun.proxy.$Proxy81.loadClientByClientId(Unknown Source).

I don't understand why.


I do not understand why, but if I inject my bean directly instead of injecting the interface, it works :

public class OAuth2ServerConfig extends AuthorizationServerConfigurerAdapter {
...
  @Autowired
  private JpaClientDetailsService clientDetailsService;
...

it also works if I annotate my service with @Primary annotation:

@Service
@Primary
public class JpaClientDetailsService implements ClientDetailsService {

spring-projects/spring-security-oauth, I made my own implementation of ClientDetailsService: @Service public class JpaClientDetailsService implements ClientDetailsService { @Autowired private  public interface ClientDetailsService A service that provides the details about an OAuth2 client. loadClientByClientId(String clientId) Load a client by the client id. Method Detail loadClientByClientId ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException Load a client by the client id.


I had similar problem. Finally I resolved bug when I gave my clientDetailsService another name i.e. myClientDetailsService and then injected this by name in AuthorizationServerConfig class:

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    @Resource(name = "myClientDetailsService")
    private ClientDetailsService clientDetailsService;
...

I think that if my own implementation of ClientDetailsService wasn't yet created Spring inject into AuthorizationServerConfig some kind of proxy.

So, if you want to resolve this kind of bug you must be sure that Spring inject proper ClientDetailsService in AuthorizationServerConfig. You can achieve this if you:

  1. give spring information about preference of your own ClientDetailsService (Arnaud answer), or
  2. inject this service by name

[#SECOAUTH-451] defining a custom ClientDetailsService in , I don't understand why, but if I insert my bean directly and not insert the interface, it works: public class OAuth2ServerConfig extends  dsyer changed the title defining a custom ClientDetailsService in AuthorizationServerConfigurerAdapter failes Failure when defining a custom ClientDetailsService in


What ended up working for me was adding the ClientDetailsService @Bean to the @EnableAuthorizationServer class:

@Configuration @EnableAuthorizationServer public class AuthorizationServerConfiguration implements AuthorizationServerConfigurer { ... @Autowired ClientDetailsService clientDetailsService; ... @Bean public ClientDetailsService clientDetailsService() { return new CustomClientDetailsServiceImpl(); } ... }

User Arnaud, StackOverflowError: recursive proxy creates a stack overflow when creating a custom `ClientDetailsService` component #832. Open. While configuring a AuthorizationServer with `@EnableAuthorizationServer`and `AuthorizationServerConfigurerAdapter` I have the need to define a custom implementation


I would say that the best solution is to be explicit - if you are autowiring a clientDetailsService - then say so.

@Autowired
ClientDetailsService myClientDetailsService;

@Override
public void configure(final AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

        endpoints.setClientDetailsService(myClientDetailsService);
       ....
}

However, My problem was slightly different and the above solutions did not work. Here are the conditions that created it. I created a CustomTokenEndpointAuthenticationFilter - which required an instance of OAuth2RequestFactory. I created my instance of OAuth2RequestFactory with a call to endpoints.getOAuth2RequestFactory(); before the clientDetailsService had been set.

If The OAuth2RequestFactory gets created this way, DefaultOAuth2RequestFactory gets created with a default clientDetailsService, so even if you set the clientDetailsService later explicitly in the AuthorizationServerEndpointsConfigurer it will not be in the OAuth2RequestFactory used by your custom Filter.

So in sum in this edge case

public void configure(final AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
     oAuth2RequestFactory = endpoints.getOAuth2RequestFactory();
     endpoints.setClientDetailsService(myClientDetailsService);
    ...
    }

wont work but

public void configure(final AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.setClientDetailsService(myClientDetailsService);
 oAuth2RequestFactory = endpoints.getOAuth2RequestFactory();
...
}

will.

Another way to be sure is to create your own OAuth2RequestFatory

  oauth2RequestFactory = new DefaultTokenRequestFactory(myClientDetailsService);

I made my own implementation of ClientDetailsService: #Service public class JpaClientDetailsService implements ClientDetailsService { #Autowired private  Packages that use ClientDetailsService ; Package Description; org.springframework.security.oauth2.config.annotation.builders : org.springframework.security.oauth2


[SECOAUTH-451] defining a custom ClientDetailsService in Project: Spring Security OAuth ClientDetailsService` which I tried like this: @Override through both causes an infinite loop which throws a StackOverflowError. The following are top voted examples for showing how to use org.springframework.security.oauth2.provider.ClientDetailsService. These examples are extracted from open source projects. You can vote up the examples you like and your votes will be used in our system to generate more good examples.


12 StackOverflowError in spring oauth2 with custom ClientDetailsService · 10 Delete old artifact version before copy dependencies · 9 StackOverflowError in  Builder for OAuth2 client details service. Can be used to construct either an in-memory or a JDBC implementation of the ClientDetailsService and populate it with data.


While configuring a AuthorizationServer with `@EnableAuthorizationServer`and `AuthorizationServerConfigurerAdapter` I have the need to define a custom implementation