Announcement Announcement Module
No announcement yet.
404 error when accessing /oauth/token Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • 404 error when accessing /oauth/token

    Hi I have a webservice that provides OAuth access tokens using the password grant. I have taken bits off the sparklr config that I believe I need and am trying to get it up and running.

    I have configured it as follows:-
    <!--TOKEN REQUEST -->
    <security:http pattern="/oauth/token"   use-expressions="true" create-session="stateless"  entry-point-ref="clientAuthenticationEntryPoint"  authentication-manager-ref="clientAuthenticationManager">
            <security:intercept-url method="POST" pattern="/oauth/token" access="hasRole('USER')" />
            <security:anonymous enabled="false" />
            <security:http-basic entry-point-ref="clientAuthenticationEntryPoint" />
            <security:access-denied-handler ref="oauthAccessDeniedHandler" />
    <security:authentication-manager id="clientAuthenticationManager">
            <security:authentication-provider user-service-ref="clientDetailsUserService" />
    <bean id="clientDetailsUserService" class="">
            <constructor-arg ref="clientDetails" />
    <!-- Defines just the single password grant type client -->
    <oauth:client-details-service id="clientDetails">
            <oauth:client client-id="webservice-client" authorized-grant-types="password" authorities="USER" scope="read,write,trust" access-token-validity="60" />
    <bean id="oauthAccessDeniedHandler" class="" />
    <bean id="clientCredentialsTokenEndpointFilter" class="">
            <property name="authenticationManager" ref="clientAuthenticationManager" />
    <!-- === OAUTH RESOURCE PROTECTION ==== -->
    <security:http pattern="/photos/*" create-session="stateless" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint">
            <security:anonymous enabled="false" />
            <security:intercept-url pattern="/photos/*" access="hasRole('USER')" />
            <security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
            <security:access-denied-handler ref="oauthAccessDeniedHandler" />
            <!-- <security:expression-handler ref="oauthWebExpressionHandler" /> -->
    <bean id="oauthAuthenticationEntryPoint" class="">
            <property name="realmName" value="Webservice_API" />
    <bean id="tokenStore" class="" />
    <bean id="tokenServices" class="">
            <property name="tokenStore" ref="tokenStore" />
            <property name="supportRefreshToken" value="true" />
            <property name="clientDetailsService" ref="clientDetails" />
    <oauth:resource-server id="resourceServerFilter" resource-id="Webservice_API" token-services-ref="tokenServices" />
    <oauth:web-expression-handler id="oauthWebExpressionHandler" />
    <bean id="accessDecisionManager" class="">
                    <bean class="" />
                    <bean class="" />
                    <bean class="" />
    <oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices">
            <oauth:refresh-token />
            <oauth:password />
    	   <security:authentication-provider user-service-ref="securityServiceUserDetailsService"/>

    I am using OAuth2Template to send the access token request from client, in the following way:-
    ResourceOwnerPasswordResourceDetails resource = new ResourceOwnerPasswordResourceDetails();
    OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resource);
         OAuth2AccessToken token = restTemplate.getAccessToken();
         System.out.println("Token value ->"+token.getValue());
         System.out.println("Token type ->"+token.getTokenType());
         System.out.println("refresh token -- > " + token.getRefreshToken().getValue());
    catch (Exception e){
    But all access token requests fail with a 404. The error reported is:
    WARNING: No mapping found for HTTP request with URI [/myapp/oauth/token] in DispatcherServlet with name 'myapp'
    Feb 18, 2013 5:51:26 PM org.springframework.web.client.RestTemplate handleResponseError
    WARNING: POST request for "http://localhost:8080/myapp/oauth/token" resulted in 404 (Not Found); invoking error handler
    error="access_denied", error_description="Error requesting access token."
    I'm confused as to whats going on. I wouldve thought the spring security framework would have automatically registered the handler mapping for /oauth/token by inspecting the <http/> element. I can invoke the urls http://localhost:8080/myapp/photos/* without getting 404. I have looked again and again at the sparklr config but cant see what ive missed nor work out whats wrong.

    Please help

  • #2
    Originally posted by samuel_coutinho View Post
    I wouldve thought the spring security framework would have automatically registered the handler mapping for /oauth/token by inspecting the <http/> element(
    No, but the <oauth:authorization-server/> does play that role. You only need to make sure that this config file is instantiated (or injected into) by a DispatcherServlet mapped to the pattern "/". Since you haven't shared that level of detail we can't tell if that's what is happening, but I'm guessing maybe not. The sparklr sample is a good template (as usual).


    • #3
      This is my web.xml
      <filter-class>org.springframework.web.filter.DelegatingFil terProxy</filter-class>
      <param-value>org.springframework.web.servlet.FrameworkSer vlet.CONTEXT.spring</param-value>


      <servlet-class>org.springframework.web.servlet.DispatcherSe rvlet</servlet-class>

      Like i said, the context is being loaded as I can invoke the urls http://localhost:8080/myapp/photos/* without getting 404, however http://localhost:8080/myapp/oauth/token provides the error as mentioned above.


      • #4
        I can't see anything obviously wrong with the configuration. But the log file in the first post is inconsistent with the web.xml in the second (servlet name "myapp" vs. "spring"), so I don't know but that might help you track it down. If you switch on DEBUG logging for org.springframework.web you should see the @RequestMappings being logged at startup so you can verify that /oauth/token is mapped (or not).
        Last edited by Dave Syer; Feb 19th, 2013, 03:53 AM. Reason: spelling