I have begin to use Spring Security OAuth2 with a password grant type before working on user agent one.
I am not very far to make it works, my last issue is that, since I request oauth authorize end point with Ajax request, i would like to avoid using <form-login> element in <http> because it return a login form html code, not really what I want. For example, when login failed I would like OAuth to return directly a 403 HTTP error code.
When I don't define form-login, I have the follwing error : Configuration problem: No AuthenticationEntryPoint could be established. Please make sure you have a login mechanism configured through the namespace (such as form-login) or specify a custom AuthenticationEntryPoint with the 'entry-point-ref' attribute.
I have found a class which implements AuthenticationEntryPoint in Oauth1, but not in OAuth2 package.
Could you help me to find what I should set as entry-point-ref attribute for my Oauth2 configuration ?
Is access-denied-handler the right way to configure Spring Securty to return a 403 error code when login failed, or should I define some custom elements in oauth2rovider ?
My configuration is the following :
Thanks in advance for your help.
<security:intercept-url pattern="/api/**" access="ROLE_AUTH" />
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:access-denied-handler ref="oauth2AccessDeniedHandler" />
<bean id="oauth2AccessDeniedHandler" class="org.springframework.security.web.access.AccessDeniedHandlerImpl"/>
<bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.InMemoryOAuth2ProviderTokenServices" />
<oauth2:provider client-details-service-ref="clientDetails" token-services-ref="tokenServices" >
<oauth2:client-details-service id="clientDetails" >
<oauth2:client clientId="booking" authorizedGrantTypes="password" />
<security:authentication-provider user-service-ref="bookingUserDetailsService" />