Hi,
I followed the Getting Started page from the REST API documentation, but I can’t get a token:
{"timestamp":"2025-05-21T06:54:05.276+00:00","status":403,"error":"Forbidden","path":"/oauth2/token"}
So I modified my Spring Security configuration:
@Configuration
public class MySecurityConfiguration {
@Bean
@Order(JmixSecurityFilterChainOrder.CUSTOM)
public SecurityFilterChain apiFilterChain(HttpSecurity http) throws Exception {
http.securityMatcher(new AntPathRequestMatcher("/oauth2/token")).csrf(csrf -> csrf.disable()).authorizeHttpRequests(auth -> auth.requestMatchers("/oauth2/token").permitAll());
return http.build();
}
@Bean
@Order(JmixSecurityFilterChainOrder.CUSTOM)
public SecurityFilterChain restFilterChain(HttpSecurity http) throws Exception {
http.securityMatcher(new AntPathRequestMatcher("/rest/**")).csrf(csrf -> csrf.disable()).authorizeHttpRequests(auth -> auth.requestMatchers("/rest/**").authenticated());
return http.build();
}
}
But now I’m getting VAADIN content instead:
curl -X POST http://localhost:8080/oauth2/token
--basic --user my-client:my-secret
-H "Content-Type: application/x-www-form-urlencoded"
-d "grant_type=client_credentials"
<!doctype html><!--
This file is auto-generated by Vaadin.
-->
<html lang="en">
<head>
<script initial="">window.Vaadin = window.Vaadin || {};window.Vaadin.VaadinLicenseChecker = { maybeCheck: (productInfo) => { }};window.Vaadin.devTools = window.Vaadin.devTools || {};window.Vaadin.devTools.createdCvdlElements = window.Vaadin.devTools.creat
build.gradle:
dependencies {
...
implementation 'io.jmix.rest:jmix-rest-starter'
implementation 'io.jmix.authserver:jmix-authserver-starter'
}
What’s going on ?
Best regards, Stéphane.
PS: IntelliJ, Linux, Last public release of JMIX and JMIX Studio.