May 4th, 2011, 01:20 AM
Spring Security OAuth 2
I am trying to learn how to use oauth.I downloaded the tonr and sparklr apps and deployed them.Its working fine.Following is the problem
1.When user clicks on the link "/sparklr/photos.jsp" user is rediredted to the authorization page.Where exactly does the tonr app comes to know that it has to reditect the user to sparklr web app for authentication.
I can only see
<oauth:resource id="sparklr" type="authorization_code" clientId="tonr"
Please give your inputs for the same.
May 6th, 2011, 09:55 AM
That url is access-controlled by spring security. So when spring security sees the request for /sparklr/photos.jsp, the controller throws an exception saying that the user needs an access token, spring security intercepts catches that exception and redirects the user accordingly.
May 6th, 2011, 12:13 PM
thanks for the response stoicflame. yes the url is secured. I am trying to find out where is it written on tonr web app that when user requests for /sparklr/photos.jsp it has to be redirect to sparkle web app for authentication.
May 6th, 2011, 12:49 PM
The SparklrServiceImpl class makes a call to get the sparklr photos using the OAuth2RestTemplate. If the user don't have an oauth token, and exception is thrown by the OAuth2RestTemplate, which is eventually caught by spring security and the user is redirected.
May 9th, 2011, 01:45 AM
Thanks Stoicflame. now i understand the client side. I had some more queries.
Spring security redirects to the followng url .. .
1.This shows the login.jsp page in the UI.
2.After adding the login details and submitting if the credentials are correct,request is redirected to
This is written in the bean
<oauth:verification-code user-approval-page="/oauth/confirm_access" />
Where is it mentioned in the sparklr application that /oauth/authorize needs to be redirected to /oauth/confirm_access after successul authentication.
May 17th, 2011, 09:56 PM
For the case of sparklr, it's hard-coded in org.springframework.security.oauth.examples.sparkl r.mvc.AccessConfirmationController.