I'm very happy with spring-security-oauth2 but some minor things are left.
What do i have to configure to make my spring application turn oauth2exceptions from the authorization/token endpoints into a json/xml responses?
exceptions during authentication are handled by the entrypoint or accessdeniedhandler, but when i cause an exception (for example by calling oauth/authorize without parameters) i see a stacktrace.
Geetings,
Alexander
Both the TokenEndpoint and the AuthorizationEndpoint have a handler for OAuth2Exception. Maybe that feature was added recently and you haven't picked up the changes? Or maybe I didn't understand the question. Can you be a bit more specific about the exception?
simple example:
with the sample app (sparklr): when i call(with no parameters, but with authorization) i get a json response.Code:http://localhost:8080/sparklr2/oauth/token
with my project when i do that i get:
every exception that is thrown by an endpoint results in a stack trace, while all authentication related exceptions result in propper oauth responses.Code:error="invalid_request", error_description="Missing grant type"
at org.springframework.security.oauth2.provider.endpoint.TokenEndpoint.getAccessToken(TokenEndpoint.java:82)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
........
What am i doing wrong?
i can't figure out which part of the sparkl config is responsible for the resolution of the oauth2 exceptions.Code:<!-- Standard token endpoint of Spring Security OAuth 2.0 -->
<oauth:authorization-server client-details-service-ref="applicationDetailsService" token-services-ref="tokenService"
user-approval-handler-ref="userApprovalHandler" token-granter-ref="tokenGranter" user-approval-page="forward:/dialog/approve">
<!-- Dummy-tag to force creation of the authorization endpoint -->
<oauth:authorization-code authorization-code-services-ref="authorizationCodeService" />
</oauth:authorization-server>
<security:http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager" entry-point-ref="oauthAuthenticationEntryPoint">
<security:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
<security:intercept-url pattern="/oauth/**" access="ROLE_USER" />
<security:http-basic />
<security:custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
<security:access-denied-handler ref="oauthAccessDeniedHandler" />
</security:http>
EDIT: we are working with 1.0.1.Release
EDIT2: SOLUTION (it was one of those things,...)
by configuring a custom exception resolver we remove the default resolvers including the ExceptionHandlerExceptionResolver (the one that handles the annotations). So we had to add:
now we get nice clean jsonCode:<bean class="org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver">
<property name="order" value="1" />
<property name="messageConverters">
<list>
<ref bean="jsonConverter" />
</list>
</property>
</bean>