Announcement Announcement Module
Collapse
No announcement yet.
Spring Security OAuth 2 Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security OAuth 2

    Hi Folks,
    I am trying to learn how to use oauth.I downloaded the tonr and sparklr apps and deployed them.Its working fine.Following is the problem
    1.When user clicks on the link "/sparklr/photos.jsp" user is rediredted to the authorization page.Where exactly does the tonr app comes to know that it has to reditect the user to sparklr web app for authentication.
    I can only see
    <prop key="/sparklr/photos.jsp">sparklrController</prop>
    <oauth:resource id="sparklr" type="authorization_code" clientId="tonr"
    accessTokenUri="http://localhost:8080/sparklr/oauth/authorize"
    userAuthorizationUri="http://localhost:8080/sparklr/oauth/user/authorize"/>
    Please give your inputs for the same.
    Regards,
    Rinesh.

  • #2
    That url is access-controlled by spring security. So when spring security sees the request for /sparklr/photos.jsp, the controller throws an exception saying that the user needs an access token, spring security intercepts catches that exception and redirects the user accordingly.

    Comment


    • #3
      thanks for the response stoicflame. yes the url is secured. I am trying to find out where is it written on tonr web app that when user requests for /sparklr/photos.jsp it has to be redirect to sparkle web app for authentication.

      Comment


      • #4
        The SparklrServiceImpl class makes a call to get the sparklr photos using the OAuth2RestTemplate. If the user don't have an oauth token, and exception is thrown by the OAuth2RestTemplate, which is eventually caught by spring security and the user is redirected.

        Comment


        • #5
          Thanks Stoicflame. now i understand the client side. I had some more queries.
          Spring security redirects to the followng url .. .

          http://localhost:8080/sparklr/oauth/...onse_type=code
          1.This shows the login.jsp page in the UI.
          2.After adding the login details and submitting if the credentials are correct,request is redirected to
          http://localhost:8080/sparklr/oauth/confirm_access
          This is written in the bean
          <oauthrovider client-details-service-ref="clientDetails"
          token-services-ref="tokenServices">
          <oauth:verification-code user-approval-page="/oauth/confirm_access" />
          </oauthrovider>

          Where is it mentioned in the sparklr application that /oauth/authorize needs to be redirected to /oauth/confirm_access after successul authentication.
          Regards,
          Rinesh

          Comment


          • #6
            For the case of sparklr, it's hard-coded in org.springframework.security.oauth.examples.sparkl r.mvc.AccessConfirmationController.

            Comment

            Working...
            X