Announcement Announcement Module
No announcement yet.
Securing oauth_authenticate_token on my Grails provider Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Securing oauth_authenticate_token on my Grails provider


    I've just implemented my 3 legged OAuth provider in Grails and can successfully obtain access tokens. The only problem is that when a User authorizes the consumer app, my provider doesn't redirect to login page first if he's not logged in.

    I guess this is the behaviour of UserAuthorizationProcessingFilter that I use. It checks for authentication.isAuthenticated() but when User is not logged in, he has anonymous role, and that returns true.

    In Grails (using the spring security core plugin) I tried setting interception for this, but it doesn't filter. (I guess this intercept filter is processed after the authenticationfilter).

    Is there any solution for this? Thanks!

  • #2
    Ok, resolved it by first going through a secured controller, and then redirect to the authorisation part.