Friday 15 August 2014

Spring OAuth2 not redirecting to Access Token -



Spring OAuth2 not redirecting to Access Token -

i have been trying configure spring oauth2. have been partially successful.

in order test have been using soapui , setting redirect-uri "urn:ietf:wg:oauth:2.0:oob".

the issue scheme can go authorization code not redirect authorization server access code. have been looking @ logs , see url not defined there, not doing /app/oauth/token?code=ob05cb instead ?code=ob05cb on url

debug: org.springframework.web.servlet.dispatcherservlet - rendering view [org.springframework.web.servlet.view.redirectview: unnamed; url [urn:?code=ob05cb]]

then shows page not found on soapui , stops workflow.

i believe missing interceptor not doing it. have no thought why not moving forward. can give me hints on it? thanks!

i using spring oauth2 version 2.0.3.release 4.0.5.release 3.2.5.release

here's configuration file.

<?xml version="1.0" encoding="utf-8"?> <beans:beans xmlns:sec="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:oauth2="http://www.springframework.org/schema/security/oauth2" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xsi:schemalocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd"> <beans:bean id="tokenstore" class="com.nando.api.service.cassandratokenstore" /> <beans:bean id="codes" class="com.nando.api.service.cassandraauthorizationcodeservice" /> <beans:bean id="tokenservices" class="org.springframework.security.oauth2.provider.token.defaulttokenservices"> <beans:property name="tokenstore" ref="tokenstore"/> </beans:bean> <!-- added --> <beans:bean id="authenticationmanager" class="org.springframework.security.oauth2.provider.authentication.oauth2authenticationmanager"> <beans:property name="resourceid" value="nando"/> <beans:property name="tokenservices" ref="tokenservices"/> </beans:bean> <beans:bean id="tokenextractor" class="org.springframework.security.oauth2.provider.authentication.bearertokenextractor"/> <beans:bean id="userservice" class="com.nando.api.service.defaultuserservice" /> <beans:bean id="webserviceclientservice" class="com.nando.api.service.defaultwebserviceclientservice" /> <beans:bean id="clientdetailsuserservice" class="org.springframework.security.oauth2.provider.client.clientdetailsuserdetailsservice"> <beans:constructor-arg ref="webserviceclientservice" /> <!-- might need or not set passwordencoder --> <!-- <beans:property name="passwordencoder" ref="passwordencoder" /> --> </beans:bean> <beans:bean id="oauthrequestfactory" class="org.springframework.security.oauth2.provider.request.defaultoauth2requestfactory"> <!-- added --> <beans:property name="checkuserscopes" value="true" /> <!-- todo arguments here --> <beans:constructor-arg name="clientdetailsservice" ref="webserviceclientservice" /> </beans:bean> <beans:bean id="userapprovalhandler" class="org.springframework.security.oauth2.provider.approval.tokenstoreuserapprovalhandler"> <!-- todo here --> <beans:property name="requestfactory" ref="oauthrequestfactory" /> <beans:property name="tokenstore" ref="tokenstore" /> <beans:property name="clientdetailsservice" ref="webserviceclientservice" /> </beans:bean> <beans:bean id="resolver" class="org.springframework.security.oauth2.provider.endpoint.defaultredirectresolver" /> <beans:bean id="requestvalidator" class="org.springframework.security.oauth2.provider.request.defaultoauth2requestvalidator" /> <oauth2:authorization-server client-details-service-ref="webserviceclientservice" token-services-ref="tokenservices" user-approval-page="/oauth/userapproval" error-page="/oauth/error" authorization-endpoint-url="/oauth/authorize" token-endpoint-url="/oauth/token" user-approval-handler-ref="userapprovalhandler"> <oauth2:authorization-code authorization-code-services-ref="codes" /> <oauth2:refresh-token/> <oauth2:password/> </oauth2:authorization-server> <!-- spring security authentication managers --> <beans:bean id="passwordencoder" class="org.springframework.security.crypto.bcrypt.bcryptpasswordencoder" /> <sec:authentication-manager alias="userauthenticationmanager"> <sec:authentication-provider user-service-ref="userservice"> <sec:password-encoder ref="passwordencoder"/> </sec:authentication-provider> </sec:authentication-manager> <sec:authentication-manager id="clientauthenticationmanager" xmlns="http://www.springframework.org/schema/security"> <sec:authentication-provider user-service-ref="clientdetailsuserservice"/> </sec:authentication-manager> <oauth2:resource-server id="oauth2providerfilter" authentication-manager-ref="authenticationmanager" token-extractor-ref="tokenextractor" token-services-ref="tokenservices"/> <beans:bean id="sessionregistry" class="org.springframework.security.core.session.sessionregistryimpl" /> <beans:bean id="websecurityexpressionhandler" class="org.springframework.security.oauth2.provider.expression.oauth2websecurityexpressionhandler" /> <beans:bean id="methodsecurityexpressionhandler" class="org.springframework.security.oauth2.provider.expression.oauth2methodsecurityexpressionhandler" /> <beans:bean id="oauthaccessdeniedhandler" class="org.springframework.security.oauth2.provider.error.oauth2accessdeniedhandler" /> <beans:bean id="oauthauthenticationentrypoint" class="org.springframework.security.oauth2.provider.error.oauth2authenticationentrypoint" /> <sec:global-method-security pre-post-annotations="enabled" order="0" proxy-target-class="true"> <sec:expression-handler ref="methodsecurityexpressionhandler" /> </sec:global-method-security> <sec:http security="none" pattern="/resource/**" /> <sec:http security="none" pattern="/favicon.ico" /> <beans:bean id="corsfilter" class="com.nando.api.filters.springcrossoriginresourcesharingfilter"/> <!-- maybe alter create-session here --> <sec:http use-expressions="true" create-session="stateless" authentication-manager-ref="userauthenticationmanager" entry-point-ref="oauthauthenticationentrypoint" pattern="/oauth/token"> <sec:intercept-url pattern="/oauth/token" access="hasauthority('oauth_client')" /> <sec:http-basic /> <sec:access-denied-handler ref="oauthaccessdeniedhandler" /> <sec:expression-handler ref="websecurityexpressionhandler" /> <sec:custom-filter ref="corsfilter" after="last"/> </sec:http> <!-- here services endpoints secured --> <sec:http use-expressions="true" create-session="never" entry-point-ref="oauthauthenticationentrypoint" pattern="/services/**"> <sec:intercept-url pattern="/services/**" access="hasauthority('use_web_services')" /> <sec:custom-filter ref="oauth2providerfilter" before="pre_auth_filter" /> <sec:access-denied-handler ref="oauthaccessdeniedhandler" /> <sec:expression-handler ref="websecurityexpressionhandler" /> </sec:http> <!-- general security --> <sec:http use-expressions="true"> <sec:intercept-url pattern="/session/list" access="hasauthority('view_user_sessions')" /> <sec:intercept-url pattern="/oauth/**" access="hasauthority('use_web_services')" /> <sec:intercept-url pattern="/login/**" access="permitall()" /> <sec:intercept-url pattern="/login" access="permitall()" /> <sec:intercept-url pattern="/scope/**" access="permitall()" /> <sec:intercept-url pattern="/scope" access="permitall()" /> <sec:intercept-url pattern="/logout" access="permitall()" /> <sec:form-login default-target-url="/" login-page="/login" login-processing-url="/login/submit" authentication-failure-url="/login?loginfailed" username-parameter="username" password-parameter="password" /> <sec:logout logout-url="/logout" logout-success-url="/login?loggedout" delete-cookies="jsessionid" invalidate-session="true" /> <sec:session-management invalid-session-url="/login" session-fixation-protection="changesessionid"> <sec:concurrency-control error-if-maximum-exceeded="true" max-sessions="1" session-registry-ref="sessionregistry" /> </sec:session-management> <sec:csrf /> <sec:expression-handler ref="websecurityexpressionhandler" /> </sec:http> </beans:beans>

spring-mvc spring-security oauth-2.0 spring-security-oauth2

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)