Announcement Announcement Module
Collapse
No announcement yet.
OAuth change the default authorize token and token end point URLs Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • OAuth change the default authorize token and token end point URLs

    Hi,

    My application name is 'oauth', when use the default end point URLs, my (for example) authorization URL becomes '<protocol>:<host>/oauth/oauth/authorize'. I want to remove the extra 'oauth' here, '<protocol>:<host>/oauth/authorize'.

    I tried this via authorization-server tag:
    <oauth:authorization-server client-details-service-ref="clientDetailsService" token-services-ref="tokenServices" authorization-endpoint-url="/authorize" token-endpoint-url="/token"

    But this doesn't seem to work. Rather following classes are mapped to static/hardcoded path '/oauth/authorize' and '/oauth/token':
    org.springframework.security.oauth2.provider.endpo int.AuthorizationEndpoint
    org.springframework.security.oauth2.provider.endpo int.TokenEndpoint
    org.springframework.security.oauth2.provider.filte r.EndpointValidationFilter


    Is it not possible to modify the default end points path? If yes, how?

    Thanks for your attention to this post!

  • #2
    You need to add an additional filter (see the section "Configuring the Endpoint URLs" in the user guide: https://github.com/SpringSource/spri...th/wiki/oauth2).

    Comment


    • #3
      Hi Dave, Thanks for your reply!

      I added the filter but it still doesn't seem to work. I tired the same with tonr-sparklr apps and that doesn't work either. I have attached the screen shots of the files I modified to make it work.

      Comment


      • #4
        Those screenshots are hopeless (too small). Please paste text in [code][/code] tags.

        Comment


        • #5
          I pulled out the code from here https://github.com/SpringSource/spring-security-oauth and modified following files:

          1. oauth/samples/oauth2/sparklr/src/main/webapp/WEB-INF/spring-servlet.xml

          Code:
          <oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices"
          		user-approval-handler-ref="userApprovalHandler"   authorization-endpoint-url="/authorize" token-endpoint-url="/token">
          		<oauth:authorization-code />
          		<oauth:implicit />
          		<oauth:refresh-token />
          		<oauth:client-credentials />
          		<oauth:password />
          	</oauth:authorization-server>
          2. /oauth/samples/oauth2/tonr/src/main/resources/sparklr.properties
          Code:
          sparklrPhotoListURL=http://localhost:8080/sparklr2/photos?format=xml
          sparklrPhotoURLPattern=http://localhost:8080/sparklr2/photos/%s
          sparklrTrustedMessageURL=http://localhost:8080/sparklr2/photos/trusted/message
          accessTokenUri=http://localhost:8080/sparklr2/token
          userAuthorizationUri=http://localhost:8080/sparklr2/authorize

          3. oauth/samples/oauth2/sparklr/src/main/webapp/WEB-INF/web.xml

          Code:
          <?xml version="1.0" encoding="ISO-8859-1"?>
          
          <!DOCTYPE web-app PUBLIC
            "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
            "http://java.sun.com/dtd/web-app_2_3.dtd">
          
          <web-app>
          
          	<filter>
          		<filter-name>springSecurityFilterChain</filter-name>
          		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
          		<init-param>
          			<param-name>contextAttribute</param-name>
          			<param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
          		</init-param>
          	</filter>
          
          	<filter>
          		<filter-name>oauth2EndpointUrlFilter</filter-name>
          		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
          		<init-param>
          			<param-name>contextAttribute</param-name>
          			<param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
          		</init-param>
          	</filter>
          
          	<filter-mapping>
          		<filter-name>springSecurityFilterChain</filter-name>
          		<url-pattern>/*</url-pattern>
          	</filter-mapping>
          
          	<filter-mapping>
          		<filter-name>oauth2EndpointUrlFilter</filter-name>
          		<url-pattern>/*</url-pattern>
          	</filter-mapping>
          
          	<servlet>
          		<servlet-name>spring</servlet-name>
          		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
          		<load-on-startup>1</load-on-startup>
          	</servlet>
          
          	<servlet-mapping>
          		<servlet-name>spring</servlet-name>
          		<url-pattern>/</url-pattern>
          	</servlet-mapping>
          
          </web-app>

          Comment


          • #6
            That looks OK. I guess you could narrow the filter pattern a bit. But you didn't really say what wasn't working (it works for me). How is your user approval page implemented (I guess the default from sparklr2 should work though)?

            Comment


            • #7
              Dave,

              When I run the tonr2 (samples/oauth2/tonr) app on tomcat (through maven mvn tomcat:run), after authenticating from tonr, I should get redirect to sparklr2 on 'view photos'. But for me its trying to redirect to 'http://localhost:8080/sparklr2/authorize' which gives error 500. When I change the url to 'http://localhost:8080/sparklr2/oauth/authorize' it finds the page. My requirement is to remove this 'oauth' in the URL. For the same reason I tried to modify the end point URLs with these settings, but doesn't seam to change the urls.

              For you does it redirect to 'http://localhost:8080/sparklr2/authorize' and can you see the sparklr login page there?\\

              My approval page is just the default sparklr page (downloaded on git link I sent earlier), no change.

              Thanks!
              Last edited by saamy; Apr 12th, 2012, 09:06 AM.

              Comment


              • #8
                It works for me. What is the 500 you see on the /authorize redirect? There must be a stack trace?

                Comment


                • #9
                  Okay, tried again with clean maven build and now after sparklr login, on '/authorize' I got following error:

                  Code:
                  [DEBUG] FilterChainProxy - /authorize?client_id=tonr&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&response_type=code&scope=read&state=JpzGiO reached end of additional filter chain; proceeding with original chain
                  [DEBUG] DispatcherServlet - DispatcherServlet with name 'spring' processing GET request for [/sparklr2/oauth/authorize]
                  [DEBUG] RequestMappingHandlerMapping - Looking up handler method for path /oauth/authorize
                  [DEBUG] RequestMappingHandlerMapping - Returning handler method [public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map<java.lang.String, java.lang.Object>,java.lang.String,java.util.Map<java.lang.String, java.lang.String>,org.springframework.web.bind.support.SessionStatus,java.security.Principal)]
                  [DEBUG] DispatcherServlet - Last-Modified value for [/sparklr2/oauth/authorize] is: -1
                  [DEBUG] ExceptionHandlerExceptionResolver - Resolving exception from handler [public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map<java.lang.String, java.lang.Object>,java.lang.String,java.util.Map<java.lang.String, java.lang.String>,org.springframework.web.bind.support.SessionStatus,java.security.Principal)]: org.springframework.security.authentication.InsufficientAuthenticationException: User must be authenticated with Spring Security before authorization can be completed.
                  [DEBUG] ResponseStatusExceptionResolver - Resolving exception from handler [public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map<java.lang.String, java.lang.Object>,java.lang.String,java.util.Map<java.lang.String, java.lang.String>,org.springframework.web.bind.support.SessionStatus,java.security.Principal)]: org.springframework.security.authentication.InsufficientAuthenticationException: User must be authenticated with Spring Security before authorization can be completed.
                  [DEBUG] DefaultHandlerExceptionResolver - Resolving exception from handler [public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map<java.lang.String, java.lang.Object>,java.lang.String,java.util.Map<java.lang.String, java.lang.String>,org.springframework.web.bind.support.SessionStatus,java.security.Principal)]: org.springframework.security.authentication.InsufficientAuthenticationException: User must be authenticated with Spring Security before authorization can be completed.
                  [DEBUG] DispatcherServlet - Could not complete request <org.springframework.security.authentication.InsufficientAuthenticationException: User must be authenticated with Spring Security before authorization can be completed.>org.springframework.security.authentication.InsufficientAuthenticationException: User must be authenticated with Spring Security before authorization can be completed.
                  	at org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(AuthorizationEndpoint.java:115)
                  	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                  	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                  	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                  	at java.lang.reflect.Method.invoke(Method.java:597)
                  	at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:213)
                  	at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:126)
                  	at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:96)
                  	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:617)
                  	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:578)
                  	at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80)
                  	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)
                  	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)
                  	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)
                  	at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778)
                  	at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
                  	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
                  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
                  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                  	at org.springframework.security.oauth2.provider.endpoint.EndpointValidationFilter.doFilter(EndpointValidationFilter.java:47)
                  	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
                  	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
                  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
                  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                  	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
                  	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
                  	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
                  	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
                  	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
                  	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
                  	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
                  	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
                  	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
                  	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
                  	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
                  	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
                  	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
                  	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
                  	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
                  	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
                  	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
                  	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
                  	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
                  	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
                  	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
                  	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
                  	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
                  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
                  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                  	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
                  	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
                  	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
                  	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
                  	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
                  	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
                  	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857)
                  	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
                  	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
                  	at java.lang.Thread.run(Thread.java:680)
                  
                  [[DEBUG] HttpSessionRequestCache - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/sparklr2/authorize?client_id=tonr&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&response_type=code&scope=read&state=JpzGiO]
                  [DEBUG] ExceptionTranslationFilter - Calling Authentication entry point.
                  [DEBUG] DefaultRedirectStrategy - Redirecting to 'http://localhost:8080/sparklr2/login.jsp'
                  Last edited by saamy; Apr 12th, 2012, 06:34 PM.

                  Comment


                  • #10
                    Code:
                    [DEBUG] AntPathRequestMatcher - Checking match of request : '/authorize'; against '/photos/**'
                    [DEBUG] FilterChainProxy - /authorize?client_id=tonr&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&response_type=code&scope=read&state=JpzGiO at position 1 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
                    [DEBUG] DefaultSavedRequest - pathInfo: both null (property equals)
                    [DEBUG] DefaultSavedRequest - queryString: arg1=client_id=tonr&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&response_type=code&scope=read&state=JpzGiO; arg2=client_id=tonr&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&response_type=code&scope=read&state=JpzGiO (property equals)
                    [DEBUG] DefaultSavedRequest - requestURI: arg1=/sparklr2/authorize; arg2=/sparklr2/authorize (property equals)
                    [DEBUG] DefaultSavedRequest - serverPort: arg1=8080; arg2=8080 (property equals)
                    [DEBUG] DefaultSavedRequest - requestURL: arg1=http://localhost:8080/sparklr2/authorize; arg2=http://localhost:8080/sparklr2/authorize (property equals)
                    [DEBUG] DefaultSavedRequest - scheme: arg1=http; arg2=http (property equals)
                    [DEBUG] DefaultSavedRequest - serverName: arg1=localhost; arg2=localhost (property equals)
                    [DEBUG] DefaultSavedRequest - contextPath: arg1=/sparklr2; arg2=/sparklr2 (property equals)
                    [DEBUG] DefaultSavedRequest - servletPath: arg1=/authorize; arg2=/authorize (property equals)
                    [DEBUG] HttpSessionRequestCache - Removing DefaultSavedRequest from session if present
                    [DEBUG] FilterChainProxy - /authorize?client_id=tonr&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&response_type=code&scope=read&state=JpzGiO at position 5 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
                    [DEBUG] FilterChainProxy - /authorize?client_id=tonr&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&response_type=code&scope=read&state=JpzGiO at position 6 of 9 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
                    [DEBUG] AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@76183d66: Principal: org.springframework.security.core.userdetails.User@32053f56: Username: marissa; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1%0; SessionId: 67DB1A273695701C617A48DA5945B175; Granted Authorities: ROLE_USER'
                    [DEBUG] FilterChainProxy - /authorize?client_id=tonr&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&response_type=code&scope=read&state=JpzGiO at position 7 of 9 in additional filter chain; firing Filter: 'SessionManagementFilter'
                    [DEBUG] FilterChainProxy - /authorize?client_id=tonr&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&response_type=code&scope=read&state=JpzGiO at position 8 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
                    [DEBUG] FilterChainProxy - /authorize?client_id=tonr&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&response_type=code&scope=read&state=JpzGiO at position 9 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
                    [DEBUG] AntPathRequestMatcher - Checking match of request : '/authorize'; against '/oauth/**'
                    [DEBUG] FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /authorize?client_id=tonr&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&response_type=code&scope=read&state=JpzGiO; Attributes: [IS_AUTHENTICATED_ANONYMOUSLY]
                    [DEBUG] FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@76183d66: Principal: org.springframework.security.core.userdetails.User@32053f56: Username: marissa; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1%0; SessionId: 67DB1A273695701C617A48DA5945B175; Granted Authorities: ROLE_USER
                    [DEBUG] AffirmativeBased - Voter: org.springframework.security.access.vote.RoleVoter@221e5f0, returned: 0
                    [DEBUG] AffirmativeBased - Voter: [email protected]0a7, returned: 1
                    [DEBUG] FilterSecurityInterceptor - Authorization successful
                    [DEBUG] FilterSecurityInterceptor - RunAsManager did not change Authentication object
                    [DEBUG] FilterChainProxy - /authorize?client_id=tonr&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&response_type=code&scope=read&state=JpzGiO reached end of additional filter chain; proceeding with original chain
                    [DEBUG] DispatcherServlet - DispatcherServlet with name 'spring' processing GET request for [/sparklr2/oauth/authorize]
                    [DEBUG] RequestMappingHandlerMapping - Looking up handler method for path /oauth/authorize
                    [DEBUG] RequestMappingHandlerMapping - Returning handler method [public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map<java.lang.String, java.lang.Object>,java.lang.String,java.util.Map<java.lang.String, java.lang.String>,org.springframework.web.bind.support.SessionStatus,java.security.Principal)]
                    [DEBUG] DispatcherServlet - Last-Modified value for [/sparklr2/oauth/authorize] is: -1
                    [DEBUG] TokenServicesUserApprovalHandler - Looking up existing token for client_id=tonr, scope=[read]and username=marissa
                    [DEBUG] TokenServicesUserApprovalHandler - Existing access token=null
                    [DEBUG] TokenServicesUserApprovalHandler - Checking explicit approval
                    [DEBUG] AuthorizationEndpoint - Loading user approval page: forward:/oauth/confirm_access
                    [DEBUG] DispatcherServlet - Rendering view [org.springframework.web.servlet.view.InternalResourceView: unnamed; URL [/oauth/confirm_access]] in DispatcherServlet with name 'spring'
                    [DEBUG] InternalResourceView - Added model object 'org.springframework.validation.BindingResult.authorizationRequest' of type [org.springframework.validation.BeanPropertyBindingResult] to request in view with name 'null'
                    [DEBUG] InternalResourceView - Added model object 'scope' of type [java.lang.String] to request in view with name 'null'
                    [DEBUG] InternalResourceView - Added model object 'response_type' of type [java.lang.String] to request in view with name 'null'
                    [DEBUG] InternalResourceView - Added model object 'redirect_uri' of type [java.lang.String] to request in view with name 'null'
                    [DEBUG] InternalResourceView - Added model object 'state' of type [java.lang.String] to request in view with name 'null'
                    [DEBUG] InternalResourceView - Added model object 'client_id' of type [java.lang.String] to request in view with name 'null'
                    [DEBUG] InternalResourceView - Added model object 'authorizationRequest' of type [org.springframework.security.oauth2.provider.AuthorizationRequest] to request in view with name 'null'
                    [DEBUG] InternalResourceView - Forwarding to resource [/oauth/confirm_access] in InternalResourceView 'null'
                    [DEBUG] DispatcherServlet - DispatcherServlet with name 'spring' processing GET request for [/sparklr2/oauth/authorize]
                    [DEBUG] RequestMappingHandlerMapping - Looking up handler method for path /oauth/authorize
                    [DEBUG] RequestMappingHandlerMapping - Returning handler method [public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map<java.lang.String, java.lang.Object>,java.lang.String,java.util.Map<java.lang.String, java.lang.String>,org.springframework.web.bind.support.SessionStatus,java.security.Principal)]
                    [DEBUG] DispatcherServlet - Last-Modified value for [/sparklr2/oauth/authorize] is: -1
                    [DEBUG] TokenServicesUserApprovalHandler - Looking up existing token for client_id=tonr, scope=[read]and username=marissa
                    [DEBUG] TokenServicesUserApprovalHandler - Existing access token=null
                    [DEBUG] TokenServicesUserApprovalHandler - Checking explicit approval
                    [DEBUG] AuthorizationEndpoint - Loading user approval page: forward:/oauth/confirm_access

                    Comment


                    • #11
                      That looks normal. What's the problem?

                      Comment


                      • #12
                        Is that normal? because in the DEBUG it complains of insufficient authentication. And I get the following error recursively which enventually leads to StackOverflow and I never see the screen after sparklr login. May be asking for too much but is it possible for you to email me your sparklr app?

                        Code:
                        [DEBUG] InternalResourceView - Forwarding to resource [/oauth/confirm_access] in InternalResourceView 'null'
                        [DEBUG] DispatcherServlet - DispatcherServlet with name 'spring' processing GET request for [/sparklr2/oauth/authorize]
                        [DEBUG] RequestMappingHandlerMapping - Looking up handler method for path /oauth/authorize
                        [DEBUG] RequestMappingHandlerMapping - Returning handler method [public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map<java.lang.String, java.lang.Object>,java.lang.String,java.util.Map<java.lang.String, java.lang.String>,org.springframework.web.bind.support.SessionStatus,java.security.Principal)]
                        [DEBUG] DispatcherServlet - Last-Modified value for [/sparklr2/oauth/authorize] is: -1
                        [DEBUG] TokenServicesUserApprovalHandler - Looking up existing token for client_id=tonr, scope=[read]and username=marissa
                        [DEBUG] TokenServicesUserApprovalHandler - Existing access token=null
                        [DEBUG] TokenServicesUserApprovalHandler - Checking explicit approval
                        [DEBUG] AuthorizationEndpoint - Loading user approval page: forward:/oauth/confirm_access
                        [DEBUG] DispatcherServlet - Rendering view [org.springframework.web.servlet.view.InternalResourceView: unnamed; URL [/oauth/confirm_access]] in DispatcherServlet with name 'spring'
                        [DEBUG] InternalResourceView - Added model object 'org.springframework.validation.BindingResult.authorizationRequest' of type [org.springframework.validation.BeanPropertyBindingResult] to request in view with name 'null'
                        [DEBUG] InternalResourceView - Added model object 'scope' of type [java.lang.String] to request in view with name 'null'
                        [DEBUG] InternalResourceView - Added model object 'response_type' of type [java.lang.String] to request in view with name 'null'
                        [DEBUG] InternalResourceView - Added model object 'redirect_uri' of type [java.lang.String] to request in view with name 'null'
                        [DEBUG] InternalResourceView - Added model object 'state' of type [java.lang.String] to request in view with name 'null'
                        [DEBUG] InternalResourceView - Added model object 'client_id' of type [java.lang.String] to request in view with name 'null'
                        [DEBUG] InternalResourceView - Added model object 'authorizationRequest' of type [org.springframework.security.oauth2.provider.AuthorizationRequest] to request in view with name 'null'

                        Comment


                        • #13
                          Insufficient authentication is normal - you haven't logged in yet when you first hit the approval page. The infinite loop is not normal, but someone else already reported a problem (https://jira.springsource.org/browse/SECOAUTH-237). I can't reproduce it yet, so if you can provide a test case that would be great.

                          The only change I made to sparklr2 was web.xml:

                          Code:
                          <web-app>
                          
                          	<filter>
                          		<filter-name>clientCredentialsTokenEndpointFilter</filter-name>
                          		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
                          		<init-param>
                          			<param-name>contextAttribute</param-name>
                          			<param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
                          		</init-param>
                          	</filter>
                          
                          	<filter>
                          		<filter-name>springSecurityFilterChain</filter-name>
                          		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
                          		<init-param>
                          			<param-name>contextAttribute</param-name>
                          			<param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
                          		</init-param>
                          	</filter>
                          
                          	<filter>
                          		<filter-name>oauth2EndpointUrlFilter</filter-name>
                          		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
                          		<init-param>
                          			<param-name>contextAttribute</param-name>
                          			<param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
                          		</init-param>
                          	</filter>
                          
                          	<filter-mapping>
                          		<filter-name>oauth2EndpointUrlFilter</filter-name>
                          		<url-pattern>/authorize</url-pattern>
                          	</filter-mapping>
                          
                          	<filter-mapping>
                          		<filter-name>oauth2EndpointUrlFilter</filter-name>
                          		<url-pattern>/token</url-pattern>
                          	</filter-mapping>
                          
                          	<filter-mapping>
                          		<filter-name>clientCredentialsTokenEndpointFilter</filter-name>
                          		<url-pattern>/token</url-pattern>
                          	</filter-mapping>
                          
                          	<filter-mapping>
                          		<filter-name>springSecurityFilterChain</filter-name>
                          		<url-pattern>/*</url-pattern>
                          	</filter-mapping>
                          
                          	<servlet>
                          		<servlet-name>spring</servlet-name>
                          		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
                          		<load-on-startup>1</load-on-startup>
                          	</servlet>
                          
                          	<servlet-mapping>
                          		<servlet-name>spring</servlet-name>
                          		<url-pattern>/</url-pattern>
                          	</servlet-mapping>
                          
                          </web-app>
                          and, of course

                          Code:
                          <oauth:authorization-server ... token-endpoint-url="/token" authorization-endpoint-url="/authorize">

                          Comment


                          • #14
                            Even tried narrowing down the filter mapping to following with no luck
                            Code:
                            <filter-mapping>
                            		<filter-name>oauth2EndpointUrlFilter</filter-name>
                            		<url-pattern>/authorize</url-pattern>
                            	</filter-mapping>
                            	
                            	<filter-mapping>
                            		<filter-name>oauth2EndpointUrlFilter</filter-name>
                            		<url-pattern>/token</url-pattern>
                            	</filter-mapping>
                            Also, the http are mapped to pattern like "/oauth/token", now since I have remover 'oauth' from url, should these not be changed? But the same setting works for you.

                            Thanks,
                            Sam

                            Comment


                            • #15
                              I think I found the cause. It has to do with the order in which the filters are executed.
                              oauth2EndpointUrlFilter must be executed before springSecurityFilterChain
                              Would need you help to find a proper explanation for it. I think when springSecurityFilterChain executed before oauth2EndpointUrlFilter, it is trying to authenticate before even mapping the request to correct url (which is /oauth/authorization for OAuth app).

                              So tonr is actually making request for '<hostname>/authorize' but oauth2EndpointUrlFilter converts this request to '<hostname>/oauth/authorize' for its internal usage. And since all the http mapping,etc are done on '/oauth' this conversion should be done before security filter. Do you think that has any sense? Can you please let me know the java file corresponding to oauth2EndpointUrlFilter?

                              Thanks!

                              Comment

                              Working...
                              X