Announcement Announcement Module
No announcement yet.
OAuth2 - sample app Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • OAuth2 - sample app

    I've got my OAuth2 server and client running.
    My client is able to get a valid access token from the server as well.

    The issue arises when I send a rest request to get the response from the server.

    If I use firefox, I get the expected response, where as using chrome/curl/java to make the webrequest, the "principal" ends up being null in my handler.
    Taking a look at the http calls using wireshark, for the request:

    I got the following:



    GET /optimal-security/users/me?format=json&access_token=6e984103-e38f-4e5b-a652-d3419b8bab54
    HTTP/1.1..Host: localhost:8080..
    User-Agent:Mozilla /5.0 (Macintosh; U; Intel Mac OS X 10.6;en-US; rv: Gecko/20101026 Fire fox/3.6.12..
    Accept: text/html,application/xhtml+ xml,application/ xml;q=0.9,*/*;q= 0.8..
    Accept-Language: en-us,en;q =0.5..
    Accept-Encoding: gzip,deflate..
    Accept-Charset: ISO-8859-1, utf-8;q=0.7,*;q= 0.7..
    Keep-Alive: 115..Connection : keep-alive..
    Cookie: JSESSIONID =1e9qxdzom44fr1t brdcjlts 9yw; JSESSIONID=238244B4 C0DAB2311794E4BC A2833E5C


    GET /optimal-security/users/me?format=json&access_token=6e984103-e38f-4e5b-a652-d3419b8bab54
    HTTP/1.1..Host: localhost:8080..Connection:keep-alive..
    User-Agent: Mozilla/5.0 (Macintosh;Intel M ac OS X 10_6_8) AppleWebKit/535. 11 (KHTML, like Gecko) Chrome/17 .0.963.56 Safari /535.11..
    Accept: text/html,application/xhtml+xml ,application/xml ;q=0.9,*/*;q=0.8 ..
    Accept-Language: en-US,en; q=0.8..
    Accept-Encoding: gzip,deflate, sdch..
    Accept-Charset: ISO-8859- 1,utf-8;q=0.7,*; q=0.3..
    Cookie: JSESSIONID=9cguv6 hkgeknzlxelqm1py ux....

    I've been trying to step through the code, but the layers upon layers of calls being made makes the task quite difficult. Any ideas/thoughts on what might be going on?

  • #2
    Ok...figured out part of the problem. It was due to the fact that when a request was being made to the OAuth server for the token, the server would set a cookie with the JSESSIONID in Firefox, which was being used to authenticate any subsequent requests. But the problem still remains, how to use Spring OAuth2 to respond to a request that has a valid access token? The request fails at the anonymousAuthenticationFilter check. How do I setup a request to get past that?


    • #3
      If I were you I'd disable the anonymous filter on the oauth endpoints. The spec seays that a token request must be authenticated.