Maybe. But if you are after pure OAuth2-compliant implementation, you need to ignore URL parameters. The OAuth2 v31 spec says it:
4.1.3. Access Token Request
The client makes a request...
Type: Posts; User: tuukka.mustonen; Keyword(s):
Maybe. But if you are after pure OAuth2-compliant...
Maybe. But if you are after pure OAuth2-compliant implementation, you need to ignore URL parameters. The OAuth2 v31 spec says it:
4.1.3. Access Token Request
The client makes a request...
Uh, I did declare the body but just forgot to add...
Uh, I did declare the body but just forgot to add the body in the request :) So passing parameters in body works.
But I want to remove possibility to pass parameters in URL (as GET params, for...
Just tested it, parameters in body are not...
Just tested it, parameters in body are not recognized. Something needs to be done?
Ok I also opened...
Ok I also opened https://jira.springsource.org/browse/SECOAUTH-360
Now that I look at it, OAuth2 spec requires parameters to be given as "application/x-www-form-urlencoded" in request body. It...
Yeah these occur in TokenEndpoint. Guess I was...
Yeah these occur in TokenEndpoint. Guess I was bad with terminology because I wasn't really sure if providing new EntryPoint is the answer. But I had a look at AbstractOAuth2SecurityExceptionHandler...
Also, to ensure I got it right:
1. If you omit...
Also, to ensure I got it right:
1. If you omit credentials (no Authorization header) OAuth2 response should be JSON message with error of "invalid_request" or "invalid_client" (don't know which...
Ok, I need to ask around then. Couldn't find...
Ok, I need to ask around then. Couldn't find anything on that in searches so far.
It's just to make behavior in web browser similar to as requests through curl etc. We want to experience...
I found AbstractJaxbMessageConverter and its'...
I found AbstractJaxbMessageConverter and its' children JaxbOAuth2AccessTokenMessageConverter and JaxbOAuth2ExceptionMessageConverter. I tried resetting the converters by something like:
...
Defining response formats, response fields and HTTP methods?
Hi, I am evaluating the brand new 1.0.0.RELEASE without previous experience from the module. Couple of questions:
I registered Auhtorization Server as one web application and Resource Server as...
Thanks for the pointers. I did try to Google and...
Thanks for the pointers. I did try to Google and forum search this, but propably didn't have the right keywords.
After reading about Spring AOP and proxies I got the code working either by...
Security annotations fail in JSF managed bean but not in the service layer
I am trying to secure a Spring/JSF -web application with Spring Security (3.0.2), Mojarra 2.0.2, EL 2.2. Everything is working ok in the service layer, but adding even a single security annotation...
Yes, I also think what you suggest is the way to...
Yes, I also think what you suggest is the way to go. I will try to extend a Spring base class and build Selenium support into it (by abusing the current SeleneseTestCase) and propably drop the result...
As the OP already got his problem solved, I'll...
As the OP already got his problem solved, I'll try to abuse the situation to ask a quick, related question: are there other ways to launch up the Spring TestContext and DI support than using...