Announcement Announcement Module
Collapse
No announcement yet.
OAuth change the default authorize token and token end point URLs Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    It makes sense that the order of the filters matters. Did your problem go away then?

    The Java filter class is org.springframework.security.oauth2.provider.endpo int.EndpointValidationFilter (not really an accurate name,. but it used to do more than it does now).

    Comment


    • #17
      It resolved the exception I was getting but am not sure what exactly its purpose is.

      My problem statement was that I wanted the authorization url to be http://localhost:8080/sparklr2/authorize?client_id=tonr&redirect_uri=http%3A%2F%2 Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&respo nse_type=code&scope=read&state=Ww495B but I get this error recursively forever with above url:
      Code:
      [DEBUG] InternalResourceView - Forwarding to resource [/oauth/confirm_access] in InternalResourceView 'null'
      [DEBUG] DispatcherServlet - DispatcherServlet with name 'spring' processing GET request for [/sparklr2/oauth/authorize]
      [DEBUG] RequestMappingHandlerMapping - Looking up handler method for path /oauth/authorize
      [DEBUG] RequestMappingHandlerMapping - Returning handler method [public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map<java.lang.String, java.lang.Object>,java.lang.String,java.util.Map<java.lang.String, java.lang.String>,org.springframework.web.bind.support.SessionStatus,java.security.Principal)]
      [DEBUG] DispatcherServlet - Last-Modified value for [/sparklr2/oauth/authorize] is: -1
      [DEBUG] TokenServicesUserApprovalHandler - Looking up existing token for client_id=tonr, scope=[read]and username=marissa
      [DEBUG] TokenServicesUserApprovalHandler - Existing access token=null
      [DEBUG] TokenServicesUserApprovalHandler - Checking explicit approval
      [DEBUG] AuthorizationEndpoint - Loading user approval page: forward:/oauth/confirm_access
      [DEBUG] DispatcherServlet - Rendering view [org.springframework.web.servlet.view.InternalResourceView: unnamed; URL [/oauth/confirm_access]] in DispatcherServlet with name 'spring'
      [DEBUG] InternalResourceView - Added model object 'org.springframework.validation.BindingResult.authorizationRequest' of type [org.springframework.validation.BeanPropertyBindingResult] to request in view with name 'null'
      [DEBUG] InternalResourceView - Added model object 'scope' of type [java.lang.String] to request in view with name 'null'
      [DEBUG] InternalResourceView - Added model object 'response_type' of type [java.lang.String] to request in view with name 'null'
      [DEBUG] InternalResourceView - Added model object 'redirect_uri' of type [java.lang.String] to request in view with name 'null'
      [DEBUG] InternalResourceView - Added model object 'state' of type [java.lang.String] to request in view with name 'null'
      [DEBUG] InternalResourceView - Added model object 'client_id' of type [java.lang.String] to request in view with name 'null'
      [DEBUG] InternalResourceView - Added model object 'authorizationRequest' of type [org.springframework.security.oauth2.provider.AuthorizationRequest] to request in view with name 'null'
      But with same request made from Tonr, things are different. Whats happening here is with Spring OAuth based Client(tonr) I make request to 'sparklr/authorize' but it is mapped to 'sparklr/oauth/authorize'. I am not sure if a non Spring-OAuth client makes request to 'sparklr/authorize' whether it will work or not based on following observation:


      I added some debug code here and observed the request uri is '/sparklr/oauth/authorize' when request comes from tonr while in sparklr.properties set userAuthorizationUri=http://localhost:8080/sparklr2/authorize. Does that mean OAuth-Spring Client is actually making request to '/sparklr/oauth/authorize'?
      Code:
      protected boolean matches(HttpServletRequest request, String urlToMatch) {
      		String uri = extractUri(request);
      		System.out.println("&&uri:"+uri);
      		String contextPath = prependContextPath(request, urlToMatch);
      		System.out.println("&&prepended Path:"+contextPath);
      		return matcher.match(contextPath, uri);
      	}
      When request comes via Tonr app:
      Code:
      &&uri:/sparklr2/oauth/authorize
      &&prepended Path:/sparklr2/authorize
      When I directly hit http://localhost:8080/sparklr2/autho...r&redirect_uri..
      Code:
      &&uri:/sparklr2/authorize
      &&prepended Path:/sparklr2/authorize
      Last edited by saamy; Apr 13th, 2012, 09:16 AM.

      Comment


      • #18
        Sorry if am unable to explain it in simple words. In short my question is why http://localhost:8080/sparklr2/autho...r&redirect_uri.. url is not working directly? Why is it working only with Tonr app? Even with tonr the allow/deny page's url is actually 'sparklr2/oauth/authorize'. Considering this, do you think it would work with a non-spring-oauth based client app?

        Comment


        • #19
          I just went through the other post you mentioned. I think the does work with spring-oauth based client making request if you provide the correct filter ordering. But when you paste the url directly on browser, it doesn't work (infinite loop). From this I believe that it would give the same problem with non-spring-oauth client because it would do nothing more that calling this url directly.

          To replicate it:
          Once you reach approval screen, see the url, its the default one '/sparklr/oauth/authorize..'. Copy it to your browser and remove 'oauth' from url, '/sparklr/authorize..' (as configured), you will see the infinite loop

          Comment


          • #20
            I'm not really following this. Tonr *is* a Spring OAuth client app, but it doesn't do anything special with the requests. The filter chain ensures that the client (any client) can send a request to /authorize and the AuthorizationEndpoint can handle it (when it is mapped to /ouath/authorize). Nothing fancy there and nothing to do with the client.

            The approval screen in my sparklr2 app is /oauth/confirm_access, so that's what you should see when the user is approving the access by tonr, so your last paragraph is not making any sense to me. Did you configure the user-approval-page to be the same as the authorization-endpoint (I can see why that might lead to an infinite loop, but it's a config error)?

            Comment


            • #21
              Hi Dave,

              I tried changing the urls on my application, it worked like a charm!
              You were actually right, these issues were to do with the configuration in tonr/sparklr application. The minimal configuration I described in my initial post (with correct filter order) did work for my application, which is relatively simpler than tonr/sparklr. Thanks for you help!

              Samy

              Comment


              • #22
                Hi Dave,

                Unfortunately, though the code worked but in certain senario it is throwing StackOverflowError. Mostly when you press a back button after authorize.

                I am thinking of an alternative which is putting a url redirect at apache level, which would convert my url to 'oauth' specific url. You you think EndpointValidationFilter does something more than that?

                Thanks,
                Sam

                Comment


                • #23
                  Adjusting the url in the load balancer would certainly work, but I'd like to fix it in Spring Security. What are the steps to reproduce your error?

                  Comment


                  • #24
                    Originally posted by Dave Syer View Post
                    Adjusting the url in the load balancer would certainly work, but I'd like to fix it in Spring Security. What are the steps to reproduce your error?
                    Well I have a demo client with screens getAuthCode(makes request to /oauth/authorize)->getToken(makes request to /oauth/token)->getResource(makes request to the resource server). When I tried initially, it went through all steps successfully. Then I clicked 'back' from browser. At point getToken->getAuthCode, it threw the StackoverflowError. You see the logs here https://docs.google.com/open?id=0B_K...S1MMWdheV9UUGc.

                    I am using oauth M5.

                    Comment


                    • #25
                      Any chance you can upgrade to a recent build? M5 is very old. I'm not saying the problem won't persist, but it'll be a lot easier to fix. And if you can reproduce the problem with sparklr2 it would be really helpful. I can't reproduce it, so maybe it is fixed, but maybe you just haven't given us enough information yet.

                      Comment


                      • #26
                        Originally posted by Dave Syer View Post
                        Any chance you can upgrade to a recent build? M5 is very old. I'm not saying the problem won't persist, but it'll be a lot easier to fix. And if you can reproduce the problem with sparklr2 it would be really helpful. I can't reproduce it, so maybe it is fixed, but maybe you just haven't given us enough information yet.
                        Hi Dave,

                        For me URL redirect fixed it.

                        I are not planning to upgrade very soon. Rather I tried upgrading before, but looked like there lot of work to be done to move from M5 to M6. I will try to reproduce in sparklr2.

                        Thanks,
                        Sam

                        Comment

                        Working...
                        X