Announcement Announcement Module
Collapse
No announcement yet.
Oauth2: User approval forward loses model attribute? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Oauth2: User approval forward loses model attribute?

    Hi all,

    I'm setting up a configuration with the Oauth2-module.

    After authorization, the request should be forwarded to the user-consent page.
    However, this forward fails with the message:
    Code:
    2012-03-23 09:09:46.987:WARN:oejs.ServletHandler:/oauth/authorize
    org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.oauth2.provider.AuthorizationRequest]: No default constructor found; nested exception is java.lang.NoSuchMethodException: org.springframework.security.oauth2.provider.AuthorizationRequest.<init>()
    	at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:107)
    	at org.springframework.web.method.annotation.ModelAttributeMethodProcessor.createAttribute(ModelAttributeMethodProcessor.java:131)
    	at org.springframework.web.servlet.mvc.method.annotation.ServletModelAttributeMethodProcessor.createAttribute(ServletModelAttributeMethodProcessor.java:81)
    	at org.springframework.web.method.annotation.ModelAttributeMethodProcessor.resolveArgument(ModelAttributeMethodProcessor.java:102)
    	at org.springframework.web.method.support.HandlerMethodArgumentResolverComposite.resolveArgument(HandlerMethodArgumentResolverComposite.java:74)
    	at org.springframework.web.method.support.InvocableHandlerMethod.getMethodArgumentValues(InvocableHandlerMethod.java:155)
    ...
    ...
    Caused by: 
    java.lang.NoSuchMethodException: org.springframework.security.oauth2.provider.AuthorizationRequest.<init>()
    	at java.lang.Class.getConstructor0(Class.java:2706)
    	at java.lang.Class.getDeclaredConstructor(Class.java:1985)
    	at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:104)
    	at org.springframework.web.method.annotation.ModelAttributeMethodProcessor.createAttribute(ModelAttributeMethodProcessor.java:131)
    	at org.springframework.web.servlet.mvc.method.annotation.ServletModelAttributeMethodProcessor.createAttribute(ServletModelAttributeMethodProcessor.java:81)
    	at org.springframework.web.method.annotation.ModelAttributeMethodProcessor.resolveArgument(ModelAttributeMethodProcessor.java:102)
    	at org.springframework.web.method.support.HandlerMethodArgumentResolverComposite.resolveArgument(HandlerMethodArgumentResolverComposite.java:74)
    	at org.springframework.web.method.support.InvocableHandlerMethod.getMethodArgumentValues(InvocableHandlerMethod.java:155)
    	at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:117)
    ...
    If I step through the code, I can see the AuthorizationRequest that is put onto the model (at AuthorizationEndpoint.java:135) is a real one and it's actually forwarded.
    But then it's lost down the forward-track: in RequestMappingHandlerAdapter.invokeHandlerMethod a ModelAndViewContainer is created and populated but the AuthorizationRequest is not put into it there.

    This makes the "@ModelAttribute AuthorizationRequest" in AccessConfirmationController think that a new one should be created.
    However, no default constructor exists for AuthorizationRequest, so this fails with the error above.

    Did I miss something here?

    Regards,
    Geert
    Last edited by geertp; Mar 23rd, 2012, 06:57 AM. Reason: clarification

  • #2
    Since Spring 3.1 the AccessConfirmationController has to explicitly declare the method parameter as a @ModelAttribute. The sparklr2 sample should be doing that now, otherwise it wouldn't work.

    Comment


    • #3
      Dave,

      Thanks for replying.

      I indeed used the sparklr2 sample as a source of inspiration, and therefore added the @ModelAttribute as well to my controller.
      (Actually, it just is the same controller code)
      But apparently there's still something missing..

      Comment


      • #4
        If you copied the AccessConfirmationController byte-for-byte it should work. Did you keep all the annotations? The ModelFactory.findSessionAttributeArguments should find the AuthorizationRequest in the session, unless you have switched off session creation or something.

        Comment


        • #5
          Thank you for searching along with me.
          It seems that ModelFactory.findSessionAttributeArguments (actually, HandlerMethod.getMethodParameters()) does not see the @ModelAttribute annotation.
          So the line
          Code:
          if (param.hasParameterAnnotation(ModelAttribute.class)) {
          is false for my method parameter :-(

          The retention policy of ModelAttribute.class is RUNTIME so that should not be possible, right?
          Weird...

          According to the actual error (in my original post), later on the annotation is found indeed. Because in the end they try to instantiate the AuthorizationRequest class, from within a ModelAttributeMethodProcessor...

          Comment


          • #6
            It's not the @ModelAttribute I'm worried about now, since we seem convinced it is there. We need to make sure that the attribute is in the session, and that seems to be what has failed, so that's why I asked about the annotations. Did you keep the @SessionAttributes from the sparklr2 sample?

            Comment


            • #7
              Wow!
              spot on, Dave!

              You were right from the start, to doubt my copying of the AccessConfirmationController 'byte for byte': I indeed did not see the @SessionAttributes annotation.
              Now it works like a charm.
              Thanks again.

              Geert

              Comment

              Working...
              X