Announcement Announcement Module
Collapse
No announcement yet.
404 error when accessing /oauth/token Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • 404 error when accessing /oauth/token

    Hi I have a webservice that provides OAuth access tokens using the password grant. I have taken bits off the sparklr config that I believe I need and am trying to get it up and running.

    I have configured it as follows:-
    Code:
    <mvc:annotation-driven/>
    <!--TOKEN REQUEST -->
    <security:http pattern="/oauth/token"   use-expressions="true" create-session="stateless"  entry-point-ref="clientAuthenticationEntryPoint"  authentication-manager-ref="clientAuthenticationManager">
            <security:intercept-url method="POST" pattern="/oauth/token" access="hasRole('USER')" />
            <security:anonymous enabled="false" />
            <security:http-basic entry-point-ref="clientAuthenticationEntryPoint" />
            <security:access-denied-handler ref="oauthAccessDeniedHandler" />
    </security:http>
        
    <security:authentication-manager id="clientAuthenticationManager">
            <security:authentication-provider user-service-ref="clientDetailsUserService" />
    </security:authentication-manager>
        
    <bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
            <constructor-arg ref="clientDetails" />
    </bean>
        
    <!-- Defines just the single password grant type client -->
    <oauth:client-details-service id="clientDetails">
            <oauth:client client-id="webservice-client" authorized-grant-types="password" authorities="USER" scope="read,write,trust" access-token-validity="60" />
    </oauth:client-details-service>
       
    <bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
        
    <bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
            <property name="authenticationManager" ref="clientAuthenticationManager" />
    </bean>
        
    <!-- === OAUTH RESOURCE PROTECTION ==== -->
    <security:http pattern="/photos/*" create-session="stateless" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint">
            <security:anonymous enabled="false" />
            <security:intercept-url pattern="/photos/*" access="hasRole('USER')" />
            <security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
            <security:access-denied-handler ref="oauthAccessDeniedHandler" />
            <!-- <security:expression-handler ref="oauthWebExpressionHandler" /> -->
    </security:http>
        
    <bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
            <property name="realmName" value="Webservice_API" />
    </bean>
       
    <bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore" />
    <bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
            <property name="tokenStore" ref="tokenStore" />
            <property name="supportRefreshToken" value="true" />
            <property name="clientDetailsService" ref="clientDetails" />
    </bean>
        
    <oauth:resource-server id="resourceServerFilter" resource-id="Webservice_API" token-services-ref="tokenServices" />
    <oauth:web-expression-handler id="oauthWebExpressionHandler" />
    <bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
            <constructor-arg>
                <list>
                    <bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
                    <bean class="org.springframework.security.access.vote.RoleVoter" />
                    <bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
                </list>
            </constructor-arg>
    </bean>
        
    <oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices">
            <oauth:refresh-token />
            <oauth:password />
    </oauth:authorization-server>
       	 
    <security:authentication-manager>
    	   <security:authentication-provider user-service-ref="securityServiceUserDetailsService"/>
    </security:authentication-manager>

    I am using OAuth2Template to send the access token request from client, in the following way:-
    Code:
    ResourceOwnerPasswordResourceDetails resource = new ResourceOwnerPasswordResourceDetails();
    resource.setAccessTokenUri("http://localhost:8080/myapp/oauth/token");
    resource.setClientId("webservice-client");
    resource.setUsername("testuser");
    resource.setPassword("testpwd");
    resource.setScope(Arrays.asList("trust"));
    OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resource);
    try{		 
         OAuth2AccessToken token = restTemplate.getAccessToken();
         System.out.println("Token value ->"+token.getValue());
         System.out.println("Token type ->"+token.getTokenType());
         System.out.println("refresh token -- > " + token.getRefreshToken().getValue());
    }
    catch (Exception e){
        e.printStackTrace();
    }
    But all access token requests fail with a 404. The error reported is:
    Code:
    WARNING: No mapping found for HTTP request with URI [/myapp/oauth/token] in DispatcherServlet with name 'myapp'
    Feb 18, 2013 5:51:26 PM org.springframework.web.client.RestTemplate handleResponseError
    WARNING: POST request for "http://localhost:8080/myapp/oauth/token" resulted in 404 (Not Found); invoking error handler
    error="access_denied", error_description="Error requesting access token."
    I'm confused as to whats going on. I wouldve thought the spring security framework would have automatically registered the handler mapping for /oauth/token by inspecting the <http/> element. I can invoke the urls http://localhost:8080/myapp/photos/* without getting 404. I have looked again and again at the sparklr config but cant see what ive missed nor work out whats wrong.

    Please help

  • #2
    Originally posted by samuel_coutinho View Post
    I wouldve thought the spring security framework would have automatically registered the handler mapping for /oauth/token by inspecting the <http/> element(
    No, but the <oauth:authorization-server/> does play that role. You only need to make sure that this config file is instantiated (or injected into) by a DispatcherServlet mapped to the pattern "/". Since you haven't shared that level of detail we can't tell if that's what is happening, but I'm guessing maybe not. The sparklr sample is a good template (as usual).

    Comment


    • #3
      This is my web.xml
      <filter>
      <filter-name>springSecurityFilterChain</filter-name>
      <filter-class>org.springframework.web.filter.DelegatingFil terProxy</filter-class>
      <init-param>
      <param-name>contextAttribute</param-name>
      <param-value>org.springframework.web.servlet.FrameworkSer vlet.CONTEXT.spring</param-value>
      </init-param>
      </filter>

      <filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
      </filter-mapping>

      <servlet>
      <servlet-name>spring</servlet-name>
      <servlet-class>org.springframework.web.servlet.DispatcherSe rvlet</servlet-class>
      <load-on-startup>1</load-on-startup>
      </servlet>

      <servlet-mapping>
      <servlet-name>spring</servlet-name>
      <url-pattern>/</url-pattern>
      </servlet-mapping>
      Like i said, the context is being loaded as I can invoke the urls http://localhost:8080/myapp/photos/* without getting 404, however http://localhost:8080/myapp/oauth/token provides the error as mentioned above.

      Comment


      • #4
        I can't see anything obviously wrong with the configuration. But the log file in the first post is inconsistent with the web.xml in the second (servlet name "myapp" vs. "spring"), so I don't know but that might help you track it down. If you switch on DEBUG logging for org.springframework.web you should see the @RequestMappings being logged at startup so you can verify that /oauth/token is mapped (or not).
        Last edited by Dave Syer; Feb 19th, 2013, 02:53 AM. Reason: spelling

        Comment

        Working...
        X