Announcement Announcement Module
Collapse
No announcement yet.
"No redirect URI" when trying to get a protected resource Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • "No redirect URI" when trying to get a protected resource

    After upgrading to RC2a I get this exception when I try to reach the protected resource; anyone has an idea why?
    AccessTokenRequest (actualy it is DefaultAccessTokenRequest) has no redirect-uri parameter... who suppose to set it?

    the stack-trace:

    java.lang.IllegalStateException: No redirect URI has been established for the current request.
    org.springframework.security.oauth2.client.token.g rant.code.AuthorizationCodeAccessTokenProvider.get RedirectForAuthorization(AuthorizationCodeAccessTo kenProvider.java:283)
    org.springframework.security.oauth2.client.token.g rant.code.AuthorizationCodeAccessTokenProvider.obt ainAccessToken(AuthorizationCodeAccessTokenProvide r.java:159)
    org.springframework.security.oauth2.client.token.A ccessTokenProviderChain.obtainNewAccessTokenIntern al(AccessTokenProviderChain.java:142)
    org.springframework.security.oauth2.client.token.A ccessTokenProviderChain.obtainAccessToken(AccessTo kenProviderChain.java:118)
    org.springframework.security.oauth2.client.OAuth2R estTemplate.acquireAccessToken(OAuth2RestTemplate. java:217)
    org.springframework.security.oauth2.client.OAuth2R estTemplate.getAccessToken(OAuth2RestTemplate.java :169)
    org.springframework.security.oauth2.client.OAuth2R estTemplate.createRequest(OAuth2RestTemplate.java: 90)
    org.springframework.web.client.RestTemplate.doExec ute(RestTemplate.java:434)
    org.springframework.security.oauth2.client.OAuth2R estTemplate.doExecute(OAuth2RestTemplate.java:124)
    org.springframework.web.client.RestTemplate.execut e(RestTemplate.java:415)
    org.springframework.web.client.RestTemplate.getFor Object(RestTemplate.java:213)

  • #2
    If you use OAuth2RestTemplate in a webapp with <oauth:rest-template/> it will try to use the current request as a redirect URI, so if that's not the case you need to declare it explicitly in your <oauth:resource/>.

    Comment


    • #3
      Originally posted by Dave Syer View Post
      If you use OAuth2RestTemplate in a webapp with <oauth:rest-template/> it will try to use the current request as a redirect URI, so if that's not the case you need to declare it explicitly in your <oauth:resource/>.
      not sure I understand how to add it.

      in the tonr sample, I do not see in the <oauth:resource> explicitly declaration of <oauth:rest-template>:

      Code:
      <oauth:resource id="sparklr" type="authorization_code" client-id="tonr" client-secret="secret"
      		access-token-uri="${accessTokenUri}" user-authorization-uri="${userAuthorizationUri}" scope="read" />
      and I've looked in the XSD, under "resource", and did not see any rest-template there... :-(

      Comment


      • #4
        In tonr2 you should see declarations like this:

        Code:
        <oauth:rest-template resource="sparklr" />

        Comment


        • #5
          I see, under the "service" that actually tries to access the protected-resource.
          So can I deduce that using <oauth:rest-template> is a MUST? because if I do not use it, I get the missing "redirect-uri" error...

          I've added this example to the docs. Let me know if it is incorrect...
          Code:
          <oauth:resource id="sparklr" ... />
          
          <bean id="sparklrService" class="org....SparklrServiceImpl">
              ...
              <property name="sparklrRestTemplate">
                  <oauth:rest-template resource="sparklr" />
              </property>
          </bean>
          Last edited by OhadR; Oct 9th, 2012, 05:05 AM. Reason: add example to the docs

          Comment


          • #6
            Originally posted by OhadR View Post
            So can I deduce that using <oauth:rest-template> is a MUST? because if I do not use it, I get the missing "redirect-uri" error...
            It's a must but not quite for the reason you suggest. You can always declare a redirect uri in the <oauth:resource/> but if you don't use <oauth:rest-template/> worse things happen unless you are careful to duplicate the features of <oauth:rest-template/> (it creates a session scoped OAuth2RestTemplate to make your app thread safe).

            Comment

            Working...
            X