OAuth2 never redirects. Never hits exception in OAuth2ClientContextFilter

[bjornharvold]

Hi,

I've been looking at this for 2 days now and I am starting to really scratch my head.

Here's the background history.
- I wanted to integrate Spring Security OAuth into my site.
- I started looking at the tonr2/sparklr2 example.
- I configured my application with the configurations for sparklr2
- I copied over the unit tests in sparklr2 and ran them for my application to verify that they all passed. (Gotta love tests!)
- I then copied over tonr2 and started customizing it for my needs
- I wanted my version of tonr2 to be a developer test bed that mobile developers could use to test on so they knew what to expect once they started coding on the iphone or android devices.
- Everything compiles. Everything is configured the way I want it and everything is basically the same except that my version of tonr2 calls different remote services.
- Problem is I get an exception like this:

Code:

Problem Details
===============
Error:   org.springframework.security.oauth2.consumer.OAuth2AccessTokenRequiredException: No OAuth 2 security context has been established. Unable to access resource 'foo'.
Cause:   
Message: No OAuth 2 security context has been established. Unable to access resource 'lela'.

Stacktrace
----------
    org.springframework.security.oauth2.consumer.OAuth2ClientHttpRequestFactory.createRequest(OAuth2ClientHttpRequestFactory.java:44)
    org.springframework.http.client.support.HttpAccessor.createRequest(HttpAccessor.java:76)
    org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:434)
    org.springframework.web.client.RestTemplate.execute(RestTemplate.java:415)
    org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:213)
    com.lela.mobile.service.impl.RemoteUserServiceImpl.getUsers_aroundBody0(RemoteUserServiceImpl.java:47)
    com.mobile.service.impl.RemoteUserServiceImpl.getUsers_aroundBody1$advice(RemoteUserServiceImpl.java:28)

- I started looking into this and stepped through the code and compared by stepping through your example code.
- What I found was that there was a piece of code that never got called in my application but it did get called in your sample application:

Code:

OAuth2ClientContextFilter.java
....
try {
      try {
        chain.doFilter(servletRequest, servletResponse);
      }
      catch (Exception ex) {
        OAuth2ProtectedResourceDetails resourceThatNeedsAuthorization = checkForResourceThatNeedsAuthorization(ex);
        String neededResourceId = resourceThatNeedsAuthorization.getId();
        accessTokens.remove(neededResourceId);
....

- That exception is not getting caught in my application and it's the exception necessary to initiate the redirect to "the sparklr" app to confirm access.

- Here's what I have done that differs from your app:
1. I am using a web app that is v2.5
2. I am using @RequestMapping for my controllers
3. I've tested on spring 3.0.5 and 3.1.M2 with the same results
4. I am using Tiles

In a nutshell, I pretty much upgraded the tonr2 app to be what a Spring Roo version of tonr2 would look like and be configured as. Latest and greatest in other words.

The question is why isn't the exception being caught? It is certainly being thrown here:

Code:

OAuth2ClientHttpRequestFactory.java
....
OAuth2AccessToken accessToken = accessTokens == null ? null : accessTokens.get(this.resource.getId());
    if (accessToken == null) {
          throw new OAuth2AccessTokenRequiredException("No OAuth 2 security context has been established. Unable to access resource '" + this.resource.getId() + "'.", resource);
    }
....

When I step through the code to the end I see that it goes through the OAuth2ClientContextFilter filter, but is already at the bottom of the method and never hit the exception. Both my service and controller throws an Exception but somewhere that exception is being gobbled up by someone before it is able to hit the exception and initiate the redirect.

Any ideas what I am doing wrong here?
bjorn

[bjornharvold]

Code:

My web.xml:

<web-app xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
         version="2.5">
    <context-param>
        <param-name>defaultHtmlEscape</param-name>
        <param-value>true</param-value>
    </context-param>

    <context-param>
        <param-name>webAppRootKey</param-name>
        <param-value>lela.mobile.root</param-value>
    </context-param>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:META-INF/spring/applicationContext.xml</param-value>
    </context-param>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <servlet>
        <servlet-name>spring</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/spring/webmvc-config.xml</param-value>
        </init-param>
        <load-on-startup>2</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>spring</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

</web-app>

[bjornharvold]

Note to self:

Don't define a bean org.springframework.web.servlet.handler.SimpleMapp ingExceptionResolver with a defaultErrorView.

Works now.

[stoicflame]

Glad to know this got resolved.