Jan 21st, 2011, 02:29 AM
Securing oauth_authenticate_token on my Grails provider
I've just implemented my 3 legged OAuth provider in Grails and can successfully obtain access tokens. The only problem is that when a User authorizes the consumer app, my provider doesn't redirect to login page first if he's not logged in.
I guess this is the behaviour of UserAuthorizationProcessingFilter that I use. It checks for authentication.isAuthenticated() but when User is not logged in, he has anonymous role, and that returns true.
In Grails (using the spring security core plugin) I tried setting interception for this, but it doesn't filter. (I guess this intercept filter is processed after the authenticationfilter).
Is there any solution for this? Thanks!
Tags for this Thread