Announcement Announcement Module
Collapse
No announcement yet.
Oauth2 spring security - access Token not stored in Inmemorytoken store Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Oauth2 spring security - access Token not stored in Inmemorytoken store

    Hi,
    Please provide direction on this question. We are struggling on this.
    we are trying to implement Oauth2 spring security in REST based web service.
    We are calling the service using RestTemplate class.

    first step : Calling the service with path /outh/token. we are getting the token from service.During debug I am seeing that the token is stored in InMemorytokenStore.

    ClientCredentialsResourceDetails resource = new ClientCredentialsResourceDetails();
    resource.setAccessTokenUri("http://localhost:7001/ClaimsHistoryService/oauth/token");
    resource.setClientId("my-client-with-registered-redirect");
    resource.setId("sparklr");
    resource.setScope(Arrays.asList("trust"));
    OAuth2RestTemplate template2 = new OAuth2RestTemplate(resource);
    OAuth2AccessToken oldToken = template2.getAccessToken();

    Second step :then we are calling the actual service endpoint with the access token got from
    previuos request. The clientId and scope is same. Here I am finding that the acccessTokenStore class does not have any token. So the stored token is getting lost somehow.
    ((DefaultOAuth2AccessToken) oldToken).setExpiration(new Date(0L));
    AccessTokenRequest accessTokenrequest = new DefaultAccessTokenRequest();
    accessTokenrequest.setExistingToken(oldToken);
    OAuth2RestTemplate template = new OAuth2RestTemplate(resource, new DefaultOAuth2ClientContext(accessTokenrequest));
    ClaimHistoryResponse res=null;
    res=template.postForObject(claimHistoryEndpointUrl ,request , ClaimHistoryResponse.class);

    I am seeing that accessTokenStore variable in ImMemorytokenStore is neither static nor singleton.
    So how does the ImMemorytokenStore retain the token in subsequent requests.
    private final ConcurrentHashMap<String, OAuth2AccessToken> accessTokenStore = new ConcurrentHashMap<String, OAuth2AccessToken>();


    Below is my spring-security.xml.
    <http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager"
    xmlns="http://www.springframework.org/schema/security">
    <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
    <anonymous enabled="false" />
    <http-basic entry-point-ref="clientAuthenticationEntryPoint" />
    <!-- include this only if you need to authenticate clients via request parameters -->
    <custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
    <access-denied-handler ref="oauthAccessDeniedHandler" />
    </http>

    <!-- The OAuth2 protected resources are separated out into their own block so we can deal with authorization and error handling
    separately. This isn't mandatory, but it makes it easier to control the behaviour. -->
    <http pattern="/oauth/(users|clients)/.*" request-matcher="regex" create-session="stateless" entry-point-ref="oauthAuthenticationEntryPoint"
    use-expressions="true" xmlns="http://www.springframework.org/schema/security">
    <anonymous enabled="false" />
    <intercept-url pattern="/oauth/users/([^/].*?)/tokens/.*"
    access="#oauth2.clientHasRole('ROLE_CLIENT') and (hasRole('ROLE_USER') or #oauth2.isClient()) and #oauth2.hasScope('write')"
    method="DELETE" />
    <intercept-url pattern="/oauth/users/.*"
    access="#oauth2.clientHasRole('ROLE_CLIENT') and (hasRole('ROLE_USER') or #oauth2.isClient()) and #oauth2.hasScope('read')"
    method="GET" />
    <intercept-url pattern="/oauth/clients/.*"
    access="#oauth2.clientHasRole('ROLE_CLIENT') and #oauth2.isClient() and #oauth2.hasScope('read')" method="GET" />
    <intercept-url pattern="/**" access="denyAll()"/>
    <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
    <access-denied-handler ref="oauthAccessDeniedHandler" />
    <expression-handler ref="oauthWebExpressionHandler" />
    </http>

    <!-- The OAuth2 protected resources are separated out into their own block so we can deal with authorization and error handling
    separately. This isn't mandatory, but it makes it easier to control the behaviour. -->
    <http pattern="/claims/**" create-session="stateless" entry-point-ref="oauthAuthenticationEntryPoint"
    access-decision-manager-ref="accessDecisionManager" xmlns="http://www.springframework.org/schema/security">
    <anonymous enabled="false" />
    <intercept-url pattern="/claims" access="ROLE_CLIENT,ROLE_USER,SCOPE_READ" />
    <intercept-url pattern="/claims/trusted/**" access="ROLE_CLIENT,SCOPE_TRUST" />
    <intercept-url pattern="/claims/user/**" access="ROLE_CLIENT,ROLE_USER,SCOPE_TRUST" />
    <intercept-url pattern="/claims/**" access="ROLE_CLIENT,ROLE_USER,SCOPE_READ" />
    <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
    <access-denied-handler ref="oauthAccessDeniedHandler" />
    </http>

    <bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provide r.error.OAuth2AuthenticationEntryPoint">
    <property name="realmName" value="sparklr2" />
    </bean>


    <bean id="accessDecisionManager" class="org.springframework.security.access.vote.Un animousBased" xmlns="http://www.springframework.org/schema/beans">
    <constructor-arg>
    <list>
    <bean class="org.springframework.security.oauth2.provide r.vote.ScopeVoter" />
    <bean class="org.springframework.security.access.vote.Ro leVoter" />
    <bean class="org.springframework.security.access.vote.Au thenticatedVoter" />
    </list>
    </constructor-arg>
    </bean>

    <authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
    <authentication-provider user-service-ref="clientDetailsUserService" />
    </authentication-manager>

    <authentication-manager alias="authenticationManager" xmlns="http://www.springframework.org/schema/security">
    <authentication-provider>
    <user-service id="userDetailsService">
    <user name="marissa" password="koala" authorities="ROLE_USER" />
    <user name="test1" password="test1" authorities="ROLE_USER" />
    <user name="test2" password="test2" authorities="ROLE_CLIENT" />
    </user-service>
    </authentication-provider>
    </authentication-manager>

    <bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provide r.client.ClientDetailsUserDetailsService">
    <constructor-arg ref="clientDetails" />
    </bean>

    <bean id="tokenStore" class="org.springframework.security.oauth2.provide r.token.InMemoryTokenStore" />

    <bean id="tokenServices" class="org.springframework.security.oauth2.provide r.token.DefaultTokenServices">
    <property name="tokenStore" ref="tokenStore" />
    <property name="supportRefreshToken" value="true" />
    <property name="clientDetailsService" ref="clientDetails" />
    </bean>

    <bean id="userApprovalHandler" class="com.magellanhealth.services.claimhistoryser vice.util.SparklrUserApprovalHandler">
    <property name="autoApproveClients">
    <set>
    <value>my-less-trusted-autoapprove-client</value>
    </set>
    </property>
    <property name="tokenServices" ref="tokenServices" />
    </bean>

    <oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices"
    user-approval-handler-ref="userApprovalHandler">
    <oauth:authorization-code />
    <oauth:implicit />
    <oauth:refresh-token />
    <oauth:client-credentials />
    <oauthassword />
    </oauth:authorization-server>

    <oauth:resource-server id="resourceServerFilter" resource-id="sparklr" token-services-ref="tokenServices" />

    <oauth:client-details-service id="clientDetails">
    <oauth:client client-id="my-trusted-client" authorized-grant-types="password,authorization_code,refresh_token,i mplicit"
    authorities="ROLE_CLIENT, ROLE_TRUSTED_CLIENT" scope="read,write,trust" access-token-validity="60" />
    <oauth:client client-id="my-trusted-client-with-secret" authorized-grant-types="password,authorization_code,refresh_token,i mplicit"
    secret="somesecret" authorities="ROLE_CLIENT, ROLE_TRUSTED_CLIENT" />
    <oauth:client client-id="my-client-with-secret" authorized-grant-types="client_credentials" authorities="ROLE_CLIENT"
    scope="read" secret="secret" />
    <oauth:client client-id="my-less-trusted-client" authorized-grant-types="authorization_code,implicit"
    authorities="ROLE_CLIENT" />
    <oauth:client client-id="my-less-trusted-autoapprove-client" authorized-grant-types="implicit"
    authorities="ROLE_CLIENT" />
    <oauth:client client-id="my-client-with-registered-redirect" authorized-grant-types="authorization_code,client_credentials"
    authorities="ROLE_CLIENT" redirect-uri="http://anywhere?key=value" scope="read,trust" />
    <oauth:client client-id="my-untrusted-client-with-registered-redirect" authorized-grant-types="authorization_code"
    authorities="ROLE_CLIENT" redirect-uri="http://anywhere" scope="read" />
    <oauth:client client-id="tonr" resource-ids="sparklr" authorized-grant-types="authorization_code,implicit"
    authorities="ROLE_CLIENT" scope="read,write" secret="secret" />
    </oauth:client-details-service>

    <mvc:annotation-driven />

    <mvc:default-servlet-handler />

    <sec:global-method-security pre-post-annotations="enabled" proxy-target-class="true">
    <!--you could also wire in the expression handler up at the layer of the http filters. See https://jira.springsource.org/browse/SEC-1452 -->
    <sec:expression-handler ref="oauthExpressionHandler" />
    </sec:global-method-security>

    <oauth:expression-handler id="oauthExpressionHandler" />

    <oauth:web-expression-handler id="oauthWebExpressionHandler" />

    </beans>

  • #2
    Originally posted by akawale View Post
    ClientCredentialsResourceDetails resource = new ClientCredentialsResourceDetails();
    resource.setAccessTokenUri("http://localhost:7001/ClaimsHistoryService/oauth/token");
    resource.setClientId("my-client-with-registered-redirect");
    resource.setId("sparklr");
    resource.setScope(Arrays.asList("trust"));
    OAuth2RestTemplate template2 = new OAuth2RestTemplate(resource);
    OAuth2AccessToken oldToken = template2.getAccessToken();

    Second step :then we are calling the actual service endpoint with the access token got from
    previuos request. The clientId and scope is same. Here I am finding that the acccessTokenStore class does not have any token. So the stored token is getting lost somehow.
    ((DefaultOAuth2AccessToken) oldToken).setExpiration(new Date(0L));
    AccessTokenRequest accessTokenrequest = new DefaultAccessTokenRequest();
    accessTokenrequest.setExistingToken(oldToken);
    OAuth2RestTemplate template = new OAuth2RestTemplate(resource, new DefaultOAuth2ClientContext(accessTokenrequest));
    ClaimHistoryResponse res=null;
    res=template.postForObject(claimHistoryEndpointUrl ,request , ClaimHistoryResponse.class);
    That should work, but note that you don't need to do the bit in the middle, i.e. this is better:

    Code:
    ...
    OAuth2RestTemplate template2 = new OAuth2RestTemplate(resource);
    ClaimHistoryResponse res=null;
    res=template.postForObject(claimHistoryEndpointUrl,request , ClaimHistoryResponse.class);
    I am seeing that accessTokenStore variable in ImMemorytokenStore is neither static nor singleton.
    So how does the ImMemorytokenStore retain the token in subsequent requests.
    private final ConcurrentHashMap<String, OAuth2AccessToken> accessTokenStore = new ConcurrentHashMap<String, OAuth2AccessToken>();
    How are you loading the Spring context? It would only be an issue if you were for some reason doing it on every request right, otherwise there is only one instance of the accessTokenStore.

    P.S. please use [CODE][/CODE] tags to post code and logs.
    Last edited by Dave Syer; Jan 18th, 2013, 05:14 PM.

    Comment


    • #3
      I am loading the spring context using the ContextLoaderListener listener. This is the only listener configured in my web.xml.
      Also from my logs I don't see the spring context getting loaded between requests.

      First Request :

      Authorities: ROLE_CLIENT
      2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [rk.security.access.vote.AffirmativeBased] - Voter: org.springframework.security.access.vote.RoleVoter @ef9e3d, returned: 0
      2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [rk.security.access.vote.AffirmativeBased] - Voter: org.springframework.security.access.vote.Authentic atedVoter@ef9e38, returned: 1
      2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [cess.intercept.FilterSecurityInterceptor] - Authorization successful
      2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [cess.intercept.FilterSecurityInterceptor] - RunAsManager did not change Authentication object
      2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [gframework.security.web.FilterChainProxy] - /oauth/token reached end of additional filter chain; proceeding with original chain
      2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [gframework.web.servlet.DispatcherServlet] - DispatcherServlet with name 'spring' processing POST request for [/ClaimsHistoryService/oauth/token]
      2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [.annotation.RequestMappingHandlerMapping] - Looking up handler method for path /oauth/token
      2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [.annotation.RequestMappingHandlerMapping] - Did not find handler method for [/oauth/token]
      2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [endpoint.FrameworkEndpointHandlerMapping] - Looking up handler method for path /oauth/token
      2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [endpoint.FrameworkEndpointHandlerMapping] - Returning handler method [public org.springframework.http.ResponseEntity<org.spring framework.security.oauth2.common.OAuth2AccessToken > org.springframework.security.oauth2.provider.endpo int.TokenEndpoint.getAccessToken(java.security.Pri ncipal,java.lang.String,java.util.Map<java.lang.St ring, java.lang.String>)]
      2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [ctory.support.DefaultListableBeanFactory] - Returning cached instance of singleton bean 'oauth2TokenEndpoint'
      2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [der.client.ClientCredentialsTokenGranter] - Getting access token for: my-client-with-registered-redirect
      2013-01-18 13:33:26,645 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [hod.annotation.HttpEntityMethodProcessor] - Written [2a2c78ac-5524-4280-8691-d151c4094197] as "application/json" using [org.springframework.http.converter.json.MappingJac ksonHttpMessageConverter@14c2650]
      2013-01-18 13:33:26,645 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [gframework.web.servlet.DispatcherServlet] - Null ModelAndView returned to DispatcherServlet with name 'spring': assuming HandlerAdapter completed request handling
      2013-01-18 13:33:26,645 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [gframework.web.servlet.DispatcherServlet] - Successfully completed request
      2013-01-18 13:33:26,645 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [ty.web.access.ExceptionTranslationFilter] - Chain processed normally
      2013-01-18 13:33:26,645 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [context.SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed


      Second request :


      2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [.security.web.util.AntPathRequestMatcher] - Checking match of request : '/claims/getall'; against '/oauth/cache_approvals'
      2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [.security.web.util.AntPathRequestMatcher] - Checking match of request : '/claims/getall'; against '/oauth/uncache_approvals'
      2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [.security.web.util.AntPathRequestMatcher] - Checking match of request : '/claims/getall'; against '/oauth/token'
      2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [rk.security.web.util.RegexRequestMatcher] - Checking match of request : '/claims/getAll'; against '/oauth/(users|clients)/.*'
      2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [.security.web.util.AntPathRequestMatcher] - Checking match of request : '/claims/getall'; against '/claims/**'
      2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [gframework.security.web.FilterChainProxy] - /claims/getAll at position 1 of 5 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
      2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [gframework.security.web.FilterChainProxy] - /claims/getAll at position 2 of 5 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'
      2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [ion.OAuth2AuthenticationProcessingFilter] - Authentication request failed: error="invalid_token", error_description="Invalid access token: 2a2c78ac-5524-4280-8691-d151c4094197"
      2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [der.error.DefaultOAuth2ExceptionRenderer] - Written [error="invalid_token", error_description="Invalid access token: 2a2c78ac-5524-4280-8691-d151c4094197"] as "application/xml" using [org.springframework.security.oauth2.http.converter .jaxb.JaxbOAuth2ExceptionMessageConverter@ed5b12]
      2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [context.SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed

      Comment


      • #4
        Did you read the bit about the [CODE][/CODE] tags? I'd be really happy to look at your logs if you post them with code tags so I can read them.

        Comment


        • #5
          Sir, Please see below :
          First Request to get the token :
          Code:
          Authorities: ROLE_CLIENT
          2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [rk.security.access.vote.AffirmativeBased] - Voter: org.springframework.security.access.vote.RoleVoter @ef9e3d, returned: 0
          2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [rk.security.access.vote.AffirmativeBased] - Voter: org.springframework.security.access.vote.Authentic atedVoter@ef9e38, returned: 1
          2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [cess.intercept.FilterSecurityInterceptor] - Authorization successful
          2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [cess.intercept.FilterSecurityInterceptor] - RunAsManager did not change Authentication object
          2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [gframework.security.web.FilterChainProxy] - /oauth/token reached end of additional filter chain; proceeding with original chain
          2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [gframework.web.servlet.DispatcherServlet] - DispatcherServlet with name 'spring' processing POST request for [/ClaimsHistoryService/oauth/token]
          2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [.annotation.RequestMappingHandlerMapping] - Looking up handler method for path /oauth/token
          2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [.annotation.RequestMappingHandlerMapping] - Did not find handler method for [/oauth/token]
          2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [endpoint.FrameworkEndpointHandlerMapping] - Looking up handler method for path /oauth/token
          2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [endpoint.FrameworkEndpointHandlerMapping] - Returning handler method [public org.springframework.http.ResponseEntity<org.spring framework.security.oauth2.common.OAuth2AccessToken > org.springframework.security.oauth2.provider.endpo int.TokenEndpoint.getAccessToken(java.security.Pri ncipal,java.lang.String,java.util.Map<java.lang.St ring, java.lang.String>)]
          2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [ctory.support.DefaultListableBeanFactory] - Returning cached instance of singleton bean 'oauth2TokenEndpoint'
          2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [der.client.ClientCredentialsTokenGranter] - Getting access token for: my-client-with-registered-redirect
          2013-01-18 13:33:26,645 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [hod.annotation.HttpEntityMethodProcessor] - Written [2a2c78ac-5524-4280-8691-d151c4094197] as "application/json" using [org.springframework.http.converter.json.MappingJac ksonHttpMessageConverter@14c2650]
          2013-01-18 13:33:26,645 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [gframework.web.servlet.DispatcherServlet] - Null ModelAndView returned to DispatcherServlet with name 'spring': assuming HandlerAdapter completed request handling
          2013-01-18 13:33:26,645 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [gframework.web.servlet.DispatcherServlet] - Successfully completed request
          2013-01-18 13:33:26,645 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [ty.web.access.ExceptionTranslationFilter] - Chain processed normally
          2013-01-18 13:33:26,645 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [context.SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed
          second request to access endpoint with token :
          Code:
          2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [.security.web.util.AntPathRequestMatcher] - Checking match of request : '/claims/getall'; against '/oauth/cache_approvals'
          2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [.security.web.util.AntPathRequestMatcher] - Checking match of request : '/claims/getall'; against '/oauth/uncache_approvals'
          2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [.security.web.util.AntPathRequestMatcher] - Checking match of request : '/claims/getall'; against '/oauth/token'
          2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [rk.security.web.util.RegexRequestMatcher] - Checking match of request : '/claims/getAll'; against '/oauth/(users|clients)/.*'
          2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [.security.web.util.AntPathRequestMatcher] - Checking match of request : '/claims/getall'; against '/claims/**'
          2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [gframework.security.web.FilterChainProxy] - /claims/getAll at position 1 of 5 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
          2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [gframework.security.web.FilterChainProxy] - /claims/getAll at position 2 of 5 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'
          2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [ion.OAuth2AuthenticationProcessingFilter] - Authentication request failed: error="invalid_token", error_description="Invalid access token: 2a2c78ac-5524-4280-8691-d151c4094197"
          2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [der.error.DefaultOAuth2ExceptionRenderer] - Written [error="invalid_token", error_description="Invalid access token: 2a2c78ac-5524-4280-8691-d151c4094197"] as "application/xml" using [org.springframework.security.oauth2.http.converter .jaxb.JaxbOAuth2ExceptionMessageConverter@ed5b12]
          2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [context.SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed

          Comment


          • #6
            I'd say those 2 requests are using a different instance of the access token store then. Do you have 2 Spring contexts, and one store in each (one root context and one for your servlet maybe)?

            Comment


            • #7
              Hello Dave..As per the direction from my Architect we will be using JDBC token store. I used it and everything is working fine
              with that.
              Thanks for your help. I will close this post for now.

              Comment

              Working...
              X