Results 1 to 6 of 6

Thread: Spring Security OAuth 2

  1. May 4th, 2011, 01:20 AM #1
    rineshkumar
    rineshkumar is offline Junior Member
    Join Date
    May 2011
    Posts
    3

    Default Spring Security OAuth 2

    Hi Folks,
    I am trying to learn how to use oauth.I downloaded the tonr and sparklr apps and deployed them.Its working fine.Following is the problem
    1.When user clicks on the link "/sparklr/photos.jsp" user is rediredted to the authorization page.Where exactly does the tonr app comes to know that it has to reditect the user to sparklr web app for authentication.
    I can only see
    <prop key="/sparklr/photos.jsp">sparklrController</prop>
    <oauth:resource id="sparklr" type="authorization_code" clientId="tonr"
    accessTokenUri="http://localhost:8080/sparklr/oauth/authorize"
    userAuthorizationUri="http://localhost:8080/sparklr/oauth/user/authorize"/>
    Please give your inputs for the same.
    Regards,
    Rinesh.
    Reply With Quote Reply With Quote
  2. May 6th, 2011, 09:55 AM #2
    stoicflame
    stoicflame is offline Senior Member
    Join Date
    May 2008
    Location
    Salt Lake City
    Posts
    167

    Default

    That url is access-controlled by spring security. So when spring security sees the request for /sparklr/photos.jsp, the controller throws an exception saying that the user needs an access token, spring security intercepts catches that exception and redirects the user accordingly.
    Reply With Quote Reply With Quote
  3. May 6th, 2011, 12:13 PM #3
    rineshkumar
    rineshkumar is offline Junior Member
    Join Date
    May 2011
    Posts
    3

    Default

    thanks for the response stoicflame. yes the url is secured. I am trying to find out where is it written on tonr web app that when user requests for /sparklr/photos.jsp it has to be redirect to sparkle web app for authentication.
    Reply With Quote Reply With Quote
  4. May 6th, 2011, 12:49 PM #4
    stoicflame
    stoicflame is offline Senior Member
    Join Date
    May 2008
    Location
    Salt Lake City
    Posts
    167

    Default

    The SparklrServiceImpl class makes a call to get the sparklr photos using the OAuth2RestTemplate. If the user don't have an oauth token, and exception is thrown by the OAuth2RestTemplate, which is eventually caught by spring security and the user is redirected.
    Reply With Quote Reply With Quote
  5. May 9th, 2011, 01:45 AM #5
    rineshkumar
    rineshkumar is offline Junior Member
    Join Date
    May 2011
    Posts
    3

    Default

    Thanks Stoicflame. now i understand the client side. I had some more queries.
    Spring security redirects to the followng url .. .

    http://localhost:8080/sparklr/oauth/...onse_type=code
    1.This shows the login.jsp page in the UI.
    2.After adding the login details and submitting if the credentials are correct,request is redirected to
    http://localhost:8080/sparklr/oauth/confirm_access
    This is written in the bean
    <oauthrovider client-details-service-ref="clientDetails"
    token-services-ref="tokenServices">
    <oauth:verification-code user-approval-page="/oauth/confirm_access" />
    </oauthrovider>

    Where is it mentioned in the sparklr application that /oauth/authorize needs to be redirected to /oauth/confirm_access after successul authentication.
    Regards,
    Rinesh
    Reply With Quote Reply With Quote
  6. May 17th, 2011, 09:56 PM #6
    stoicflame
    stoicflame is offline Senior Member
    Join Date
    May 2008
    Location
    Salt Lake City
    Posts
    167

    Default

    For the case of sparklr, it's hard-coded in org.springframework.security.oauth.examples.sparkl r.mvc.AccessConfirmationController.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules