Announcement Announcement Module
Collapse
No announcement yet.
OAuth2 /oauth/authorize is not mapped Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • OAuth2 /oauth/authorize is not mapped

    I'm having some trouble for 4 days now and I'm starting to lose my mind. I hope you can help me.

    I'm developing a REST API using Jersey. I want to secure it with OAuth2. I've adapted the Sparklr sample, but the path /oauth/authorize is not mapped, so when I hit that URL from the browser it returns 404 Not Found. I'm using spring-security-oauth 1.0.0.M6.

    I've been trying to find out why the URLs are not mapped but I could not figure it out. I'm going to post my spring-servlet.xml and my web.xml.

    My web.xml is:

    Code:
    <web-app id="WebApp_ID" version="2.4"
        xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
        http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
        <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>classpath:application-context.xml</param-value>
        </context-param>
    
    
        <!-- Spring -->
        <listener>
            <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
        </listener>
    
    
        <!-- Servlets -->
        <servlet>
            <servlet-name>jerseySpringServlet</servlet-name>
            <servlet-class>com.sun.jersey.spi.spring.container.servlet.SpringServlet</servlet-class>
            <init-param>
                <param-name>com.sun.jersey.spi.container.ContainerRequestFilters</param-name>
                <param-value>com.sun.jersey.api.container.filter.GZIPContentEncodingFilter</param-value>
            </init-param>
            <init-param>
                <param-name>com.sun.jersey.spi.container.ContainerResponseFilters</param-name>
                <param-value>com.sun.jersey.api.container.filter.GZIPContentEncodingFilter</param-value>
            </init-param>
            <init-param>
                <param-name>com.sun.jersey.config.property.packages</param-name>
                <param-value>tv.vit.libraryservice.rest</param-value>
            </init-param>
            <init-param>
                <param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name>
                <param-value>true</param-value>
            </init-param>
            <load-on-startup>1</load-on-startup>
        </servlet>
        <servlet-mapping>
            <servlet-name>jerseySpringServlet</servlet-name>
            <url-pattern>/api/*</url-pattern>
        </servlet-mapping>
        <!-- Filters -->
        <filter>
            <filter-name>clientCredentialsTokenEndpointFilter</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
            <init-param>
                <param-name>contextAttribute</param-name>
                <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
            </init-param>
        </filter>
        <filter-mapping>
            <filter-name>clientCredentialsTokenEndpointFilter</filter-name>
            <url-pattern>/oauth/token</url-pattern>
        </filter-mapping>
        
        
        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
            <init-param>
                <param-name>contextAttribute</param-name>
                <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
            </init-param>
        </filter>
        <filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
        
        <servlet>
            <servlet-name>spring</servlet-name>
            <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
            <load-on-startup>1</load-on-startup>
        </servlet>
        <servlet-mapping>
            <servlet-name>spring</servlet-name>
            <url-pattern>/</url-pattern>
        </servlet-mapping>
    </web-app>

  • #2
    My WEB-INF/spring-servlet.xml is:

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    
    
    <beans:beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:sec="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans"
        xmlns:context="http://www.springframework.org/schema/context" 
        xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:mvc="http://www.springframework.org/schema/mvc"
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                    http://www.springframework.org/schema/context     http://www.springframework.org/schema/context/spring-context-3.0.xsd
                  http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
                  http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd
                  http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd">
    
    
        <!-- access decision manager only grants access if all the roles, scopes 
            and authentication are valid -->
        <bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
            <constructor-arg>
                <list>
                    <bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
                    <bean class="org.springframework.security.access.vote.RoleVoter" />
                    <bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
                </list>
            </constructor-arg>
        </bean>
    
    
        <!-- Token service that manage the issued tokens -->
        <beans:bean id="tokenServices"
            class="org.springframework.security.oauth2.provider.token.RandomValueTokenServices">
            <beans:property name="tokenStore" ref="tokenStore" />
            <beans:property name="supportRefreshToken" value="true" />
        </beans:bean>
    
    
        <!-- Token store in memory -->
        <bean id="tokenStore"
            class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore" />
    
    
        <!-- Manage Clients -->
        <oauth:client-details-service id="clientDetailsService">
            <!-- Web UI -->
            <oauth:client client-id="plat_ui" resource-ids="cupcakes"
                authorized-grant-types="authorization_code,implicit" authorities="ROLE_CLIENT"
                scope="read,write" redirect-uri="https://sample.com/" />
    
    
            <oauth:client client-id="analytics" resource-ids="cupcakes"
                authorized-grant-types="authorization_code" authorities="ROLE_CLIENT"
                scope="read" redirect-uri="https://sample.com/" secret="buh" />
        </oauth:client-details-service>
    
    
        <bean id="clientDetailsUserService"
            class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
            <constructor-arg ref="clientDetailsService" />
        </bean>
    
    
        <sec:authentication-manager id="clientAuthenticationManager"
            xmlns="http://www.springframework.org/schema/security">
            <authentication-provider user-service-ref="clientDetailsUserService" />
        </sec:authentication-manager>
    
    
        <!-- Manage Users -->
        <sec:authentication-manager alias="userAuthenticationManager">
            <sec:authentication-provider>
                <sec:user-service>
                    <sec:user name="oyzo" password="oyzo" authorities="ROLE_USER,ROLE_ADMIN" />
                </sec:user-service>
            </sec:authentication-provider>
        </sec:authentication-manager>
    
    
    
    
        <!-- RESOURCES SERVER -->
    
    
        <!-- Filter that assures that the request has a valid token to access to 
            protected resources -->
        <oauth:resource-server id="resourceServerFilter"
            resource-id="vidonair" token-services-ref="tokenServices" />
    
    
        <!-- AUTHORIZATION SERVER -->
        <!-- Authentication with request parameters instead of POST ones -->
        <sec:authentication-manager id="clientAuthenticationManager"
            xmlns="http://www.springframework.org/schema/security">
            <sec:authentication-provider
                user-service-ref="clientDetailsUserService" />
        </sec:authentication-manager>
    
    
    
    
        <oauth:authorization-server
            client-details-service-ref="clientDetailsService" token-services-ref="tokenServices">
            <!-- clients authenticate implicitly (client-side flow) -->
            <oauth:implicit />
            <oauth:refresh-token />
            <oauth:client-credentials />
        </oauth:authorization-server>
    
    
    
    
        <!-- ENDPOINTS SECURITY CHAINS -->
        
    
    
        <!-- OAuth EntryPoint Beans -->
        <bean id="oauthAuthenticationEntryPoint"
            class="org.springframework.security.oauth2.provider.error.MediaTypeAwareAuthenticationEntryPoint">
            <property name="realmName" value="cupcakes" />
        </bean>
        <bean id="oauthAccessDeniedHandler"
            class="org.springframework.security.oauth2.provider.error.MediaTypeAwareAccessDeniedHandler" />
    
    
        <http xmlns="http://www.springframework.org/schema/security"
            pattern="/oauth/token" create-session="stateless"
            authentication-manager-ref="clientAuthenticationManager"
            entry-point-ref="oauthAuthenticationEntryPoint">
            <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
            <anonymous enabled="false" />
            <http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
            <!-- include this only if you need to authenticate clients via request 
                parameters -->
            <custom-filter ref="clientCredentialsTokenEndpointFilter"
                before="BASIC_AUTH_FILTER" />
            <access-denied-handler ref="oauthAccessDeniedHandler" />
        </http>
    
    
        <!-- RESOURCE ENDPOINTS --> 
        <sec:http pattern="/api/**" create-session="never"
            entry-point-ref="oauthAuthenticationEntryPoint"
            access-decision-manager-ref="accessDecisionManager">
            <sec:anonymous enabled="false" />
            <sec:intercept-url pattern="/api/**" access="ROLE_USER,SCOPE_READ" />
    
    
            <!-- Intercept and check token validity (authentication and authorization) -->
            <sec:custom-filter ref="resourceServerFilter"
                before="PRE_AUTH_FILTER" />
    
    
            <!-- If it's not valid, present the error -->
            <sec:access-denied-handler ref="oauthAccessDeniedHandler" />
        </sec:http>
        
    
    
        <!-- AUTH ENDPOINT -->
    
    
        <!-- The OAuth2 protected resources are separated out into their own block 
            so we can deal with authorization and error handling separately. This isn't 
            mandatory, but it makes it easier to control the behaviour. -->
        <http access-denied-page="/login.jsp?authorization_error=true"
            disable-url-rewriting="true" xmlns="http://www.springframework.org/schema/security">
            <intercept-url pattern="/oauth/**" access="ROLE_USER" />
            <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    
    
            <form-login authentication-failure-url="/login.jsp?authentication_error=true"
                default-target-url="/index.jsp" login-page="/login.jsp"
                login-processing-url="/login.do" />
            <logout logout-success-url="/index.jsp" logout-url="/logout.do" />
            <anonymous />
        </http>
    
    
        <bean id="clientCredentialsTokenEndpointFilter"
            class="org.springframework.security.oauth2.provider.filter.ClientCredentialsTokenEndpointFilter">
            <property name="authenticationManager" ref="clientAuthenticationManager" />
        </bean>
         <!-- I think I need this to map the oauth2 urls, but still doesn't work -->
        <mvc:annotation-driven />
        <mvc:default-servlet-handler />
    </beans:beans>
    Thanks in advance!

    Alex

    Comment


    • #3
      Solved

      Hi! I've managed to solve my problem changing <oauth:authorization-server> and adding <oauth:authorization-code />

      Code:
      <oauth:authorization-server client-details-service-ref="clientDetailsService" token-services-ref="tokenServices">
      		<!-- clients authenticate implicitly (client-side flow) -->
      		<oauth:authorization-code />
      		<oauth:implicit />
      		<oauth:refresh-token />
      		<oauth:client-credentials />
      </oauth:authorization-server>

      Comment


      • #4
        Thank you for the help, this Oauth2 setup looks like a complex lab. I was stuck into this since 2 days after closing an issue with a 302 response from the Oauth server.

        Comment

        Working...
        X