Announcement Announcement Module
Collapse
No announcement yet.
spring-social 1.0.0.RELEASE client against spring-security-oauth 1.0.0.M3 provider..? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • spring-social 1.0.0.RELEASE client against spring-security-oauth 1.0.0.M3 provider..?

    (cross posted to spring-security-oauth forum as well)

    i'm testing out this configuration (oauth2 style) and running into an issue where by
    after the client successfully acquires a token the client calls back into the provider
    and the provider treats the client as "anonymous" and redirects back to the login page.

    obviously there are plenty of places to trip doing the oauth dance, but one thing i noticed
    was that a "tonr2" based client sends the token via a header reading something like:

    Authorization: OAuth2 <token>

    and the spring-social based client which actually has three available settings for spec (BEARER, v8 and v10)
    which send other variants of this header like:

    Authorization: BEARER <token>
    Authorization: Token token=<token>
    Authorization: OAuth <token>

    wondering if that may be part of the issue. any guidance appreciated.

    relevant debug output:

    Code:
    acme-widget: 2011-09-10 15:11:53,726 DEBUG [o.s.s.w.FilterChainProxy:getFilters] - Converted URL to lowercase, from: '/users/current'; to: '/users/current'
    acme-widget: 2011-09-10 15:11:53,728 DEBUG [o.s.s.w.FilterChainProxy:getFilters] - Candidate is: '/users/current'; pattern is /resources/**; matched=false
    acme-widget: 2011-09-10 15:11:53,729 DEBUG [o.s.s.w.FilterChainProxy:getFilters] - Converted URL to lowercase, from: '/users/current'; to: '/users/current'
    acme-widget: 2011-09-10 15:11:53,729 DEBUG [o.s.s.w.FilterChainProxy:getFilters] - Candidate is: '/users/current'; pattern is /**; matched=true
    acme-widget: 2011-09-10 15:11:53,729 DEBUG [o.s.s.w.FilterChainProxy:doFilter] - /users/current at position 1 of 14 in additional filter chain; firing Filter: 'BasicUserApprovalFilter'
    acme-widget: 2011-09-10 15:11:53,729 DEBUG [o.s.s.w.FilterChainProxy:doFilter] - /users/current at position 2 of 14 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
    acme-widget: 2011-09-10 15:11:53,729 DEBUG [o.s.s.w.c.HttpSessionSecurityContextRepository:readSecurityContextFromSession] - No HttpSession currently exists
    acme-widget: 2011-09-10 15:11:53,729 DEBUG [o.s.s.w.c.HttpSessionSecurityContextRepository:loadContext] - No SecurityContext was available from the HttpSession: null. A new one will be created.
    acme-widget: 2011-09-10 15:11:53,730 DEBUG [o.s.s.w.FilterChainProxy:doFilter] - /users/current at position 3 of 14 in additional filter chain; firing Filter: 'LogoutFilter'
    acme-widget: 2011-09-10 15:11:53,730 DEBUG [o.s.s.w.FilterChainProxy:doFilter] - /users/current at position 4 of 14 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
    acme-widget: 2011-09-10 15:11:53,730 DEBUG [o.s.s.w.FilterChainProxy:doFilter] - /users/current at position 5 of 14 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
    acme-widget: 2011-09-10 15:11:53,730 DEBUG [o.s.s.w.FilterChainProxy:doFilter] - /users/current at position 6 of 14 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
    acme-widget: 2011-09-10 15:11:53,730 DEBUG [o.s.s.w.FilterChainProxy:doFilter] - /users/current at position 7 of 14 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
    acme-widget: 2011-09-10 15:11:53,730 DEBUG [o.s.s.w.a.AnonymousAuthenticationFilter:doFilter] - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
    acme-widget: 2011-09-10 15:11:53,731 DEBUG [o.s.s.w.FilterChainProxy:doFilter] - /users/current at position 8 of 14 in additional filter chain; firing Filter: 'SessionManagementFilter'
    acme-widget: 2011-09-10 15:11:53,731 DEBUG [o.s.s.w.FilterChainProxy:doFilter] - /users/current at position 9 of 14 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
    acme-widget: 2011-09-10 15:11:53,731 DEBUG [o.s.s.w.FilterChainProxy:doFilter] - /users/current at position 10 of 14 in additional filter chain; firing Filter: 'OAuth2ExceptionHandlerFilter'
    acme-widget: 2011-09-10 15:11:53,731 DEBUG [o.s.s.w.FilterChainProxy:doFilter] - /users/current at position 11 of 14 in additional filter chain; firing Filter: 'VerificationCodeFilter'
    acme-widget: 2011-09-10 15:11:53,731 DEBUG [o.s.s.w.FilterChainProxy:doFilter] - /users/current at position 12 of 14 in additional filter chain; firing Filter: 'OAuth2AuthorizationFilter'
    acme-widget: 2011-09-10 15:11:53,731 DEBUG [o.s.s.w.FilterChainProxy:doFilter] - /users/current at position 13 of 14 in additional filter chain; firing Filter: 'OAuth2ProtectedResourceFilter'
    acme-widget: 2011-09-10 15:11:53,732 DEBUG [o.s.s.w.FilterChainProxy:doFilter] - /users/current at position 14 of 14 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
    acme-widget: 2011-09-10 15:11:53,732 DEBUG [o.s.s.w.a.e.ExpressionBasedFilterInvocationSecurityMetadataSource:lookupAttributes] - Converted URL to lowercase, from: '/users/current'; to: '/users/current'
    acme-widget: 2011-09-10 15:11:53,732 DEBUG [o.s.s.w.a.e.ExpressionBasedFilterInvocationSecurityMetadataSource:extractMatchingAttributes] - Candidate is: '/users/current'; pattern is /oauth/accessconfirmationform; matched=false
    acme-widget: 2011-09-10 15:11:53,732 DEBUG [o.s.s.w.a.e.ExpressionBasedFilterInvocationSecurityMetadataSource:extractMatchingAttributes] - Candidate is: '/users/current'; pattern is /home; matched=false
    acme-widget: 2011-09-10 15:11:53,733 DEBUG [o.s.s.w.a.e.ExpressionBasedFilterInvocationSecurityMetadataSource:extractMatchingAttributes] - Candidate is: '/users/current'; pattern is /login; matched=false
    acme-widget: 2011-09-10 15:11:53,733 DEBUG [o.s.s.w.a.e.ExpressionBasedFilterInvocationSecurityMetadataSource:extractMatchingAttributes] - Candidate is: '/users/current'; pattern is /accounts/registration/**; matched=false
    acme-widget: 2011-09-10 15:11:53,733 DEBUG [o.s.s.w.a.e.ExpressionBasedFilterInvocationSecurityMetadataSource:extractMatchingAttributes] - Candidate is: '/users/current'; pattern is /accounts/*/activation; matched=false
    acme-widget: 2011-09-10 15:11:53,733 DEBUG [o.s.s.w.a.e.ExpressionBasedFilterInvocationSecurityMetadataSource:extractMatchingAttributes] - Candidate is: '/users/current'; pattern is /**; matched=true
    acme-widget: 2011-09-10 15:11:53,733 DEBUG [o.s.s.w.a.i.FilterSecurityInterceptor:beforeInvocation] - Secure object: FilterInvocation: URL: /users/current; Attributes: [hasRole('ROLE_USER')]
    acme-widget: 2011-09-10 15:11:53,734 DEBUG [o.s.s.w.a.i.FilterSecurityInterceptor:authenticateIfRequired] - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
    acme-widget: 2011-09-10 15:11:53,734 DEBUG [o.s.s.a.v.AffirmativeBased:decide] - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@289d9155, returned: -1
    acme-widget: 2011-09-10 15:11:53,741 DEBUG [o.s.s.w.a.ExceptionTranslationFilter:handleException] - Access is denied (user is anonymous); redirecting to authentication entry point
    org.springframework.security.access.AccessDeniedException: Access is denied
    	at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:71) ~[spring-security-core-3.0.5.RELEASE.jar:3.0.5.RELEASE]
    	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:203) ~[spring-security-core-3.0.5.RELEASE.jar:3.0.5.RELEASE]
    	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:106) ~[spring-security-web-3.0.5.RELEASE.jar:3.0.5.RELEASE]
    	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) ~[spring-security-web-3.0.5.RELEASE.jar:3.0.5.RELEASE]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) [spring-security-web-3.0.5.RELEASE.jar:3.0.5.RELEASE]
    	at org.springframework.security.oauth2.provider.OAuth2ProtectedResourceFilter.doFilter(OAuth2ProtectedResourceFilter.java:57) ~[spring-security-oauth-1.0.0.M3.jar:na]

  • #2
    https://jira.springsource.org/browse/SOCIAL-250

    Comment


    • #3
      Thanks for creating an issue in jira to track this. I'll look into it.

      Comment

      Working...
      X