Search:

Awesome news, Dave. Congratulations! :)

Thank you for all your hard work in bringing this forth!

Cheers,

Jeff

Sara:

I'm not sure what you mean by a trusted application and not requiring authentication. Is this a strictly internal arrangement?

My application makes use of OAuth 2 in order to...

Thanks again Dave. I got pulled away on something, and now I can try to wrap this up. It looks like also setting the authentication entry point on the resource server was the trick:

...

Hi Dave:

I REALLY appreciate you helping out with this. :)

My goal is to handle invalid token exceptions myself. Ideally, I'd also like to participate on the authorization server side as well...

It looks like I've already touched on the only two concrete classes extending AbstractOAuth2SecurityExceptionHandler. Likewise, OAuth2ExceptionRenderer is only referenced within...

Thanks for the pointer Dave. Perhaps was too wrapped around this being an authorization issue. I see OAuth2AuthenticationEntryPoint also extends AbstractOAuth2SecurityExceptionHandler, so I adjusted...

Hello:

I'm trying to customize the response processing for InvalidTokenException. For my app, a number of APIs are invoked using JSONP (application/x-javascript). Plain JSON and XML are also...

Hi Dave:

That does make sense. Back to the code. Thanks for the pointer!

Jeff

I got a JSON response, but my code based on OAuth2AccessDeniedHandler for serializing the response did not get invoked. I'm wondering if my kludged implementation has all of its wires connected. :)...

I can see that simply adding those additional classes is not sufficient. I plumbed together some things and submitted a request with a long ago expired access token and got:



2012-03-20...

Hi Dave:

I just removed 1.0.0.M6 from ~/.m2/repository/org/springframework/security/oauth/spring-security-oauth2 to see if I had something corrupt in there. But, the newly downloaded jar is the...

Hi Dave:

The problem I'm having with M6 is that apparently the jar brought down via Maven is missing some of the newer classes I need in order to address Spring Security's handling of error...

Hi Dave:

I hate to ask, but is there any word on the M7 release? I'm getting a lot of pushback in deploying our beta app with a nightly build, or my own build. Using a milestone release is...

Thanks Dave. I'm not using Spring MVC, but I can do the equivalent using the JAX-RS (Jersey) ExceptionMapper provider.

Have a good weekend,

Jeff

Hi Dave:

I got the latest from github, and I can see what you're referring to.



<http pattern="/photos/**" entry-point-ref="oauthAuthenticationEntryPoint"...

Hello:

I'm trying to figure out how best to handle token related exceptions, both those possible within the framework itself (token not found, has expired), as well as others I'd like to add...

Thanks Dave!

For whatever reason I figured the DispatcherServlet's context def was what was important and not the servlet itself. So, I had it mapped to /notused. :) Changing it to / (per the...

Interestingly, if I add on a trailing '/':



[imac:~] jas% curl -w "\nhttp code: %{http_code}\n" --include -d "grant_type=client_credentials&client_id=myClientId&client_secret=myClientSecret"...

I too am making use of Jersey to create a Spring based SaaS app that serves only RESTful APIs. I was in the process of updating the various frameworks in use, and wanted to move from 1.0.0.M4 to...

Awesome news! Thank you for your hard work on this project!

Cheers,

Jeff

Stoicflame:

Thanks for the candid description. I certainly appreciate it. It does settle me more than it unsettles me. :) I can understand the issues of the ongoing OAuth 2 spec process as well...

Hello:

I've been making use of OAuth for Spring Security for quite a while now, though in a demonstration mode only. Know I need to work on some code for maintaining client credentials and access...

Soticflame:

Yes, <authentication-manager/> does the trick. Spring Security seems satisfied with that.

Thanks!

Jeff

I've not had to dabble in Spring Security for almost a year now, but I have in the past put my own filter chains together rather than use the http namespace. In a previous project I had to use...

Just in case someone runs across this forum thread in the future facing a similar problem, I want to explain what I did to solve my issue.

In my application, there are objects protected by ACLs...