Announcement Announcement Module
Collapse
No announcement yet.
Multiple <http> (Spring 3.1.0) with OAuth (1.0.0) Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Multiple <http> (Spring 3.1.0) with OAuth (1.0.0)

    Hi!

    I have an API Rest with Oauth that works OK. Buy I'm trying to use multiple <http> elements (added on Spring 3.1.0) and i can't make the oauth work (It doesn't find the request and secret token)

    I have this (working)

    web.xml
    Code:
    (...)
            <filter>
    		<filter-name>springSecurityFilterChain</filter-name>
    		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    	</filter>
    
    	<filter-mapping>
    		<filter-name>springSecurityFilterChain</filter-name>
    		<url-pattern>/*</url-pattern>
    	</filter-mapping>
    (..)
    applicationContext.xml
    Code:
    	<http auto-config='false'  pattern="/myapp1/**" access-denied-page="/myapp1/login"  >
    		<intercept-url pattern="/myapp1/v1/users/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    		<intercept-url pattern="/myapp1/oauth/**" access="ROLE_USER" />
    		<intercept-url pattern="/myapp1/login**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    		<intercept-url pattern="/myapp1/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />	
    
    		<form-login authentication-failure-url="/myapp1/login" 
    			default-target-url="/myapp1/login" login-page="/myapp1/login"
    			login-processing-url="/myapp1/login.do" />
    		<logout logout-success-url="/myapp1/login" logout-url="/myapp1/logout.do" />
    	</http>
    
    (...)
    
    	<oauth:provider 
    		consumer-details-service-ref="consumerDetails" 
    		token-services-ref="tokenServices" 
    		request-token-url="/myapp1/oauth/request_token"
    		authenticate-token-url="/myapp1/oauth/authorize" 
    		authentication-failed-url="/myapp1/oauth/confirm_access"
    		access-granted-url="/request_token_authorized.jsp" 
    		access-token-url="/myapp1/oauth/access_token"
    		require10a="false" />
    
    	<oauth:consumer-details-service id="consumerDetails">
    		<oauth:consumer name="myapp1.com" key="oauth-myapp1-consumer-key"
    			secret="ASFmkJHuiLpnJfWqFfBKoNfasdaASDDS" resourceName="MyApp1 Account"
    			resourceDescription="Access for your App 1 account" 
    			/>

    But if I change for this,nothing work (invoking myapp1 or myapp2)

    Code:
    	<http auto-config='false'  pattern="/myapp1/**" access-denied-page="/myapp1/login"  >
    		<intercept-url pattern="/myapp1/v1/users/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    		<intercept-url pattern="/myapp1/oauth/**" access="ROLE_USER" />
    		<intercept-url pattern="/myapp1/login**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    		<intercept-url pattern="/myapp1/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    		
    
    		<form-login authentication-failure-url="/myapp1/login" 
    			default-target-url="/myapp1/login" login-page="/myapp1/login"
    			login-processing-url="/myapp1/login.do" />
    		<logout logout-success-url="/myapp1/login" logout-url="/myapp1/logout.do" />
    	</http>
    
    	<http auto-config='false'  pattern="/myapp2/**" access-denied-page="/myapp2/login"  >
    		<intercept-url pattern="/myapp2/v1/queues/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    		<intercept-url pattern="/myapp2/oauth/**" access="ROLE_USER" />
    		<intercept-url pattern="/myapp2/login**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    		<intercept-url pattern="/myapp2/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    		
    
    		<form-login authentication-failure-url="/myapp2/login" 
    			default-target-url="/myapp2/login" login-page="/myapp2/login"
    			login-processing-url="/myapp2/login.do" />
    		<logout logout-success-url="/myapp2/login" logout-url="/myapp2/logout.do" />
    	</http>
    
    (...)
    
    	<oauth:provider 
    		consumer-details-service-ref="consumerDetailsApp1" 
    		token-services-ref="tokenServices" 
    		request-token-url="/myapp1/oauth/request_token"
    		authenticate-token-url="/myapp1/oauth/authorize" 
    		authentication-failed-url="/myapp1/oauth/confirm_access"
    		access-token-url="/myapp1/oauth/access_token"
    		require10a="false" />
    
    	<oauth:consumer-details-service id="consumerDetailsApp1">
    		<oauth:consumer name="myapp1.com" key="oauth-myapp1-consumer-key"
    			secret="ASFmkJHuiLpnJfWqFfBKoNfasdaASDDS" resourceName="MyApp1 Account"
    			resourceDescription="Access for your App 1 account" 
    			/>
    
    	<oauth:provider 
    		consumer-details-service-ref="consumerDetailsApp2" 
    		token-services-ref="tokenServices" 
    		request-token-url="/myapp2/oauth/request_token"
    		authenticate-token-url="/myapp2/oauth/authorize" 
    		authentication-failed-url="/myapp2/oauth/confirm_access"
    		access-token-url="/myapp2/oauth/access_token"
    		require10a="false" />
    
    	<oauth:consumer-details-service id="consumerDetailsApp2">
    		<oauth:consumer name="myapp2.com" key="oauth-myapp1-consumer-key"
    			secret="ASFmkJHuiLpnJfWqFfBKoNfasdaASDDS" resourceName="MyApp2 Queues"
    			resourceDescription="Access for your App 2 queues" 
    			/>
    Some idea?. How can I make explicit the relaction between <http> and the <oauth:consumer >?

    A lot of thanks

  • #2
    I'm sorry. I found my omission

    In the filter chain <http> can specify a name, and in the oauth provider can specify a filter-chain-ref . With that, http and oauthrovider is connected

    Comment


    • #3
      I'm stuck again.

      Using name and filter-chain-ref work, but only with the last oauthrovider defined (It seems to was overwritten)

      Is possible to have many oauthroviders?

      Comment


      • #4
        It's rather brittle, I agree. I think you can set a filter-chain-ref="..." attribute on the provider element and fix the provider to a particular filter chain.

        Comment


        • #5
          Thanks for your reply

          Doesn't work using name in the filter chain <http> and filter-chain-ref with many <http> . Always survives the last <oauth: provider configuration.

          I think that is a bug.

          Each <http> filter chain calls an OAuthProviderBeanDefinitionParser, and i found

          Code:
          public BeanDefinition parse(Element element, ParserContext parserContext) {
          (...)
              List<BeanMetadataElement> filterChain = ConfigUtils.findFilterChain(parserContext, element.getAttribute("filter-chain-ref"));
              int index = insertIndex(filterChain);
              parserContext.getRegistry().registerBeanDefinition("oauthRequestTokenFilter", requestTokenFilterBean.getBeanDefinition());
              filterChain.add(index++, new RuntimeBeanReference("oauthRequestTokenFilter"));
              parserContext.getRegistry().registerBeanDefinition("oauthAuthenticateTokenFilter", authenticateTokenFilterBean.getBeanDefinition());
              filterChain.add(index++, new RuntimeBeanReference("oauthAuthenticateTokenFilter"));
              parserContext.getRegistry().registerBeanDefinition("oauthAccessTokenFilter", accessTokenFilterBean.getBeanDefinition());
              filterChain.add(index++, new RuntimeBeanReference("oauthAccessTokenFilter"));
              parserContext.getRegistry().registerBeanDefinition("oauthProtectedResourceFilter", protectedResourceFilterBean.getBeanDefinition());
              filterChain.add(index++, new RuntimeBeanReference("oauthProtectedResourceFilter"));
          
              return null;
            }
          I seem to it's always the same beanName

          I changed the last part for this code

          Code:
              
             String attribute = element.getAttribute("filter-chain-ref");
             List<BeanMetadataElement> filterChain = ConfigUtils.findFilterChain(parserContext, element.getAttribute("filter-chain-ref"));
              int index = insertIndex(filterChain);
              parserContext.getRegistry().registerBeanDefinition("oauthRequestTokenFilter_" + attribute, requestTokenFilterBean.getBeanDefinition());
              filterChain.add(index++, new RuntimeBeanReference("oauthRequestTokenFilter_" + attribute));
              parserContext.getRegistry().registerBeanDefinition("oauthAuthenticateTokenFilter_" + attribute, authenticateTokenFilterBean.getBeanDefinition());
              filterChain.add(index++, new RuntimeBeanReference("oauthAuthenticateTokenFilter_" + attribute));
              parserContext.getRegistry().registerBeanDefinition("oauthAccessTokenFilter_" + attribute, accessTokenFilterBean.getBeanDefinition());
              filterChain.add(index++, new RuntimeBeanReference("oauthAccessTokenFilter_" + attribute));
              parserContext.getRegistry().registerBeanDefinition("oauthProtectedResourceFilter_" + attribute, protectedResourceFilterBean.getBeanDefinition());
              filterChain.add(index++, new RuntimeBeanReference("oauthProtectedResourceFilter_" + attribute));
          
              return null;
            }
          And seems to work

          I'm going to open a Jira ticket
          Last edited by mvega; Feb 22nd, 2012, 02:01 PM.

          Comment

          Working...
          X