PDA

View Full Version : Spring-OAuth 2.0 provider implementation - Not able to Redirect


Shishir.Kumar
Jun 2nd, 2011, 02:55 AM
I was trying to use Spring-OAuth 2.0 for provider implementation. After client\customer successful authentication want to redirect user to authorization page. Below is my controller code (using Spring RESTful)

@RequestMapping(value = "/confirm_access", method = RequestMethod.GET)
@ResponseBody
protected View authenticateClient(HttpServletRequest request, HttpServletResponse response) throws Exception {
ClientAuthenticationToken clientAuth = getAuthenticationCache().getAuthentication(request , response);
if (clientAuth == null) {
throw new IllegalStateException("No client authentication request to authorize.");
}
// Logic to auth client id, secrect key and user credential
ClientDetails client = getClientDetailsService().loadClientByClientId(cli entAuth.getClientId());
TreeMap<String, Object> model = new TreeMap<String, Object>();
model.put("auth_request", clientAuth);
model.put("client", client);
View view = new RedirectView("access_confirmation",true);
((RedirectView)view).setAttributesMap(model);
return view;
}

It give exception while trying to redirect (want to redirect to http://localhost:8080/access_confirmation.jsp or within WEB-INF\access_confirmation.jsp). I have also tried to use ModelAndView("access_confirmation",model); - But it open file with name "confirm_access" having JSON model data. Please suggest what I am missing? I am badly stuck due to this.

[CODE]Problem accessing /oauth/confirm_access. Reason:

ApplicationObjectSupport instance [org.springframework.web.servlet.view.RedirectView: unnamed; URL [access_confirmation]] does not run in an ApplicationContext (through reference chain: org.springframework.web.servlet.view.RedirectView["applicationContext"])

Caused by:
org.codehaus.jackson.map.JsonMappingException: ApplicationObjectSupport instance [org.springframework.web.servlet.view.RedirectView: unnamed; URL [access_confirmation]] does not run in an ApplicationContext (through reference chain: org.springframework.web.servlet.view.RedirectView["applicationContext"])
at org.codehaus.jackson.map.JsonMappingException.wrap WithPath(JsonMappingException.java:218)
at org.codehaus.jackson.map.JsonMappingException.wrap WithPath(JsonMappingException.java:183)
at org.codehaus.jackson.map.ser.SerializerBase.wrapAn dThrow(SerializerBase.java:128)
at org.codehaus.jackson.map.ser.BeanSerializer.serial izeFields(BeanSerializer.java:183)
at org.codehaus.jackson.map.ser.BeanSerializer.serial ize(BeanSerializer.java:142)
at org.codehaus.jackson.map.ser.StdSerializerProvider ._serializeValue(StdSerializerProvider.java:606)
at org.codehaus.jackson.map.ser.StdSerializerProvider .serializeValue(StdSerializerProvider.java:280)
at org.codehaus.jackson.map.ObjectMapper.writeValue(O bjectMapper.java:1341)
at org.springframework.http.converter.json.MappingJac ksonHttpMessageConverter.writeInternal(MappingJack sonHttpMessageConverter.java:153)
at org.springframework.http.converter.AbstractHttpMes sageConverter.write(AbstractHttpMessageConverter.j ava:181)
at org.springframework.web.servlet.mvc.annotation.Ann otationMethodHandlerAdapter$ServletHandlerMethodIn voker.writeWithMessageConverters(AnnotationMethodH andlerAdapter.java:975)
at org.springframework.web.servlet.mvc.annotation.Ann otationMethodHandlerAdapter$ServletHandlerMethodIn voker.handleResponseBody(AnnotationMethodHandlerAd apter.java:933)
at org.springframework.web.servlet.mvc.annotation.Ann otationMethodHandlerAdapter$ServletHandlerMethodIn voker.getModelAndView(AnnotationMethodHandlerAdapt er.java:882)
at org.springframework.web.servlet.mvc.annotation.Ann otationMethodHandlerAdapter.invokeHandlerMethod(An notationMethodHandlerAdapter.java:428)
at org.springframework.web.servlet.mvc.annotation.Ann otationMethodHandlerAdapter.handle(AnnotationMetho dHandlerAdapter.java:414)
at org.springframework.web.servlet.DispatcherServlet. doDispatch(DispatcherServlet.java:790)
at org.springframework.web.servlet.DispatcherServlet. doService(DispatcherServlet.java:719)
at org.springframework.web.servlet.FrameworkServlet.p rocessRequest(FrameworkServlet.java:644)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 368)
at org.springframework.security.web.access.intercept. FilterSecurityInterceptor.invoke(FilterSecurityInt erceptor.java:109)
at org.springframework.security.web.access.intercept. FilterSecurityInterceptor.doFilter(FilterSecurityI nterceptor.java:83)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 380)
at org.springframework.security.oauth2.provider.OAuth 2ProtectedResourceFilter.doFilter(OAuth2ProtectedR esourceFilter.java:57)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 380)
at org.springframework.security.web.authentication.Ab stractAuthenticationProcessingFilter.doFilter(Abst ractAuthenticationProcessingFilter.java:187)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 380)
at org.springframework.security.web.authentication.Ab stractAuthenticationProcessingFilter.doFilter(Abst ractAuthenticationProcessingFilter.java:187)
at org.springframework.security.oauth2.provider.verif ication.VerificationCodeFilter.doFilter(Verificati onCodeFilter.java:105)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 380)
at org.springframework.security.oauth2.provider.OAuth 2ExceptionHandlerFilter.doFilter(OAuth2ExceptionHa ndlerFilter.java:36)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 380)
at org.springframework.security.web.access.ExceptionT ranslationFilter.doFilter(ExceptionTranslationFilt er.java:97)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 380)
at org.springframework.security.web.session.SessionMa nagementFilter.doFilter(SessionManagementFilter.ja va:100)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 380)
at org.springframework.security.web.authentication.An onymousAuthenticationFilter.doFilter(AnonymousAuth enticationFilter.java:78)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 380)
at org.springframework.security.web.servletapi.Securi tyContextHolderAwareRequestFilter.doFilter(Securit yContextHolderAwareRequestFilter.java:54)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 380)
at org.springframework.security.web.savedrequest.Requ estCacheAwareFilter.doFilter(RequestCacheAwareFilt er.java:35)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 380)
at org.springframework.security.web.authentication.ww w.BasicAuthenticationFilter.doFilter(BasicAuthenti cationFilter.java:177)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 380)
at org.springframework.security.web.authentication.Ab stractAuthenticationProcessingFilter.doFilter(Abst ractAuthenticationProcessingFilter.java:187)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 380)
at org.springframework.security.web.authentication.lo gout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 380)
at org.springframework.security.web.context.SecurityC ontextPersistenceFilter.doFilter(SecurityContextPe rsistenceFilter.java:79)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 380)
at org.springframework.security.oauth2.provider.verif ication.BasicUserApprovalFilter.doFilter(BasicUser ApprovalFilter.java:41)
at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 380)
at org.springframework.security.web.FilterChainProxy. doFilter(FilterChainProxy.java:169)
at org.springframework.web.filter.DelegatingFilterPro xy.invokeDelegate(DelegatingFilterProxy.java:237)
at org.springframework.web.filter.DelegatingFilterPro xy.doFilter(DelegatingFilterProxy.java:167)
at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1139)
at org.mortbay.jetty.servlet.ServletHandler.handle(Se rvletHandler.java:378)
at org.mortbay.jetty.security.SecurityHandler.handle( SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(Se ssionHandler.java:181)
at org.mortbay.jetty.handler.ContextHandler.handle(Co ntextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebA ppContext.java:417)
at org.mortbay.jetty.handler.ContextHandlerCollection .handle(ContextHandlerCollection.java:230)
at org.mortbay.jetty.handler.HandlerCollection.handle (HandlerCollection.java:114)
at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:324)
at org.mortbay.jetty.HttpConnection.handleRequest(Htt pConnection.java:535)
at org.mortbay.jetty.HttpConnection$RequestHandler.he aderComplete(HttpConnection.java:865)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser. java:539)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpPa rser.java:212)
at org.mortbay.jetty.HttpConnection.handle(HttpConnec tion.java:404)
at org.mortbay.io.nio.SelectChannelEndPoint.run(Selec tChannelEndPoint.java:409)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run (QueuedThreadPool.java:520)
Caused by: java.lang.IllegalStateException: ApplicationObjectSupport instance [org.springframework.web.servlet.view.RedirectView: unnamed; URL [access_confirmation]] [CODE]
habuma
Jun 2nd, 2011, 08:32 AM
I moved this to the Security/OAuth forum as it seemed to pertain to that more than Spring Social. But as I re-read the problem, I think I know what's going on here.

authenticateClient() is annotated with @ResponseBody. That tells Spring MVC that the object returned should not be used as a View, but should be transformed (using one of Spring's HTTP message converters) into a content type suitable for the client. In this case, it is determined that the client wants JSON, so it attempts to convert the RedirectView into JSON content. This won't work (for a handful of reasons) and isn't really what you want anyway.

Remove the @ResponseBody annotation and I think you'll have better luck.
Shishir.Kumar
Jun 5th, 2011, 07:48 AM
Thanks for input. You nailed the right area.

Before Criag reply as workaround I used --> response.sendRedirect("URI"). That pointed I was doing silly mistake. Removing @ResponseBody annotation worked fine.