[SOLVED] Spring boot 2 with Spring Security OAUTH2 shows 403 error after successfull login

Spring boot 2 with Spring Security OAUTH2 shows 403 error after successfull login

I am using spring security oauth2 client and configured the app as follow

spring.security.oauth2.client.registration.google.client-id=abcd
spring.security.oauth2.client.registration.google.client-secret=password

As I start the application, I must login with login link which redirects user to google login page.
Once successfully authenticated with google, the user is redirected to the web page again
In this page I can check the Principale object successfully, which contains user data including access token
The problem is when I try to do ajax call to one of my controllers it always return

(403 Unauthorized)

I am stuck on this for more than a week and googled it many times with luck, since the autoconfiguration for oauth2 client is new in spring boot 2.

Update

I believe CORS is out of the reasons because the ajax calls are executed from within the web app itself, using same domain name, not from third party (like app)

Solution

After investigation, I found a solution. The solution is to override the security autoconfiguration in spring boot 2 for OAuth client. I wrote the following Security Config class

@Configuration
public class SecurityConfig  extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                    .anyRequest().permitAll()
                .and()

                    .oauth2Login();
    }

}

And thanks for every one who tried to help.