Announcement Announcement Module
No announcement yet.
Stack trace for OAuth2 Exception thrown by Authorization/Token endpoint Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Stack trace for OAuth2 Exception thrown by Authorization/Token endpoint

    I'm very happy with spring-security-oauth2 but some minor things are left.

    What do i have to configure to make my spring application turn oauth2exceptions from the authorization/token endpoints into a json/xml responses?

    exceptions during authentication are handled by the entrypoint or accessdeniedhandler, but when i cause an exception (for example by calling oauth/authorize without parameters) i see a stacktrace.


  • #2
    Both the TokenEndpoint and the AuthorizationEndpoint have a handler for OAuth2Exception. Maybe that feature was added recently and you haven't picked up the changes? Or maybe I didn't understand the question. Can you be a bit more specific about the exception?


    • #3
      simple example:

      with the sample app (sparklr): when i call
      (with no parameters, but with authorization) i get a json response.
      with my project when i do that i get:

      error="invalid_request", error_description="Missing grant type"
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(
      every exception that is thrown by an endpoint results in a stack trace, while all authentication related exceptions result in propper oauth responses.

      What am i doing wrong?

          <!-- Standard token endpoint of Spring Security OAuth 2.0 -->
          <oauth:authorization-server client-details-service-ref="applicationDetailsService" token-services-ref="tokenService"
              user-approval-handler-ref="userApprovalHandler" token-granter-ref="tokenGranter" user-approval-page="forward:/dialog/approve">
              <!-- Dummy-tag to force creation of the authorization endpoint -->
              <oauth:authorization-code authorization-code-services-ref="authorizationCodeService" />
          <security:http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager" entry-point-ref="oauthAuthenticationEntryPoint">
              <security:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
              <security:intercept-url pattern="/oauth/**" access="ROLE_USER" />
              <security:http-basic />
              <security:custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
              <security:access-denied-handler ref="oauthAccessDeniedHandler" />
      i can't figure out which part of the sparkl config is responsible for the resolution of the oauth2 exceptions.

      EDIT: we are working with 1.0.1.Release

      EDIT2: SOLUTION (it was one of those things,...)

      by configuring a custom exception resolver we remove the default resolvers including the ExceptionHandlerExceptionResolver (the one that handles the annotations). So we had to add:

          <bean class="org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver">
              <property name="order" value="1" />
              <property name="messageConverters">
                      <ref bean="jsonConverter" />
      now we get nice clean json
      Last edited by Laures; Feb 13th, 2013, 07:48 AM.