Announcement Announcement Module
Collapse
No announcement yet.
Provider request filters - automatically registered/ Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Provider request filters - automatically registered/

    The quick user guide mentions three filters for Oauth2 that need to be in the filter chain. Are these filters automatically registered?

    The filters are OAuth2AuthorizationFilter, OAuth2ExceptionHandlerFilter and OAuth2ProtectedResourceFilter

    Thanx
    Sven

  • #2
    Yes...

    And what is the preferred way to replace the filters with custom implementations?

    Comment


    • #3
      There isn't a great way to replace those with custom implementations, but there should be ways to customize the behavior of these things. What's the reason you need custom implementations?

      Comment


      • #4
        No need at this point...

        I think there is no need at this point to change the implementations. I figured I want to use our own user database and for this I'll need to replace teh authentication provider. So I switched to our own authentication provider which works for a basic spring security setup without oauth. Unfortunatelty, with OAuth, it does not work any more.... any ideas?
        Code:
        	<authentication-manager>
        		<authentication-provider ref="coreAuthenticationProvider"/>
        		
        		<!-- 
        		 <authentication-provider>
        			<user-service>
        				<user name="sven" password="nevs" authorities="ROLE_USER, ROLE_ADMIN" />
        				<user name="demo" password="1234" authorities="ROLE_USER" />
        			</user-service>
        		</authentication-provider>
         -->
        	</authentication-manager>
        	
        	<beans:bean id="coreAuthenticationProvider" class="...MyAuthenticationProvider">
        		<beans:property name="userDetailsService" ref="coreUserDetailsService" />
        	</beans:bean>
        	
        	<beans:bean id="coreUserDetailsService" class="...CoreUserDetailsService" />
        I digged into our authentication provider and found the supports method. I got the feeling the provider simply feels not responsible for handlinig oauth requests, returns false here and then no other provider is there... I find it a bit strange that spring does not throw an exception in this case, I would have expected that.

        this is the supports method of the provider:

        Code:
        	@Override
        	public boolean supports(final Class authentication)
        	{
        		log.debug(authentication.getClass().getName());
        		final boolean supports = (RememberMeAuthenticationToken.class.isAssignableFrom(authentication))
        				|| (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
        		return supports;
        	}
        If anyone does know another reason why this might fail please let me know!

        Thanx!

        Comment


        • #5
          Are you saying that it works before you apply your provider, but not after?

          If I were guessing, I'd say you didn't have all the oauth providers applied.

          Comment

          Working...
          X