Multiple <http> (Spring 3.1.0) with OAuth (1.0.0)

**mvega** · Feb 21st, 2012, 11:40 AM

Hi!

I have an API Rest with Oauth that works OK. Buy I'm trying to use multiple <http> elements (added on Spring 3.1.0) and i can't make the oauth work (It doesn't find the request and secret token)

I have this (working)

web.xml

Code:

(...)
        <filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>

	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
(..)

applicationContext.xml

Code:

	<http auto-config='false'  pattern="/myapp1/**" access-denied-page="/myapp1/login"  >
		<intercept-url pattern="/myapp1/v1/users/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
		<intercept-url pattern="/myapp1/oauth/**" access="ROLE_USER" />
		<intercept-url pattern="/myapp1/login**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
		<intercept-url pattern="/myapp1/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />	

		<form-login authentication-failure-url="/myapp1/login" 
			default-target-url="/myapp1/login" login-page="/myapp1/login"
			login-processing-url="/myapp1/login.do" />
		<logout logout-success-url="/myapp1/login" logout-url="/myapp1/logout.do" />
	</http>

(...)

	<oauth:provider 
		consumer-details-service-ref="consumerDetails" 
		token-services-ref="tokenServices" 
		request-token-url="/myapp1/oauth/request_token"
		authenticate-token-url="/myapp1/oauth/authorize" 
		authentication-failed-url="/myapp1/oauth/confirm_access"
		access-granted-url="/request_token_authorized.jsp" 
		access-token-url="/myapp1/oauth/access_token"
		require10a="false" />

	<oauth:consumer-details-service id="consumerDetails">
		<oauth:consumer name="myapp1.com" key="oauth-myapp1-consumer-key"
			secret="ASFmkJHuiLpnJfWqFfBKoNfasdaASDDS" resourceName="MyApp1 Account"
			resourceDescription="Access for your App 1 account" 
			/>

But if I change for this,nothing work (invoking myapp1 or myapp2)

Code:

	<http auto-config='false'  pattern="/myapp1/**" access-denied-page="/myapp1/login"  >
		<intercept-url pattern="/myapp1/v1/users/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
		<intercept-url pattern="/myapp1/oauth/**" access="ROLE_USER" />
		<intercept-url pattern="/myapp1/login**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
		<intercept-url pattern="/myapp1/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
		

		<form-login authentication-failure-url="/myapp1/login" 
			default-target-url="/myapp1/login" login-page="/myapp1/login"
			login-processing-url="/myapp1/login.do" />
		<logout logout-success-url="/myapp1/login" logout-url="/myapp1/logout.do" />
	</http>

	<http auto-config='false'  pattern="/myapp2/**" access-denied-page="/myapp2/login"  >
		<intercept-url pattern="/myapp2/v1/queues/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
		<intercept-url pattern="/myapp2/oauth/**" access="ROLE_USER" />
		<intercept-url pattern="/myapp2/login**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
		<intercept-url pattern="/myapp2/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
		

		<form-login authentication-failure-url="/myapp2/login" 
			default-target-url="/myapp2/login" login-page="/myapp2/login"
			login-processing-url="/myapp2/login.do" />
		<logout logout-success-url="/myapp2/login" logout-url="/myapp2/logout.do" />
	</http>

(...)

	<oauth:provider 
		consumer-details-service-ref="consumerDetailsApp1" 
		token-services-ref="tokenServices" 
		request-token-url="/myapp1/oauth/request_token"
		authenticate-token-url="/myapp1/oauth/authorize" 
		authentication-failed-url="/myapp1/oauth/confirm_access"
		access-token-url="/myapp1/oauth/access_token"
		require10a="false" />

	<oauth:consumer-details-service id="consumerDetailsApp1">
		<oauth:consumer name="myapp1.com" key="oauth-myapp1-consumer-key"
			secret="ASFmkJHuiLpnJfWqFfBKoNfasdaASDDS" resourceName="MyApp1 Account"
			resourceDescription="Access for your App 1 account" 
			/>

	<oauth:provider 
		consumer-details-service-ref="consumerDetailsApp2" 
		token-services-ref="tokenServices" 
		request-token-url="/myapp2/oauth/request_token"
		authenticate-token-url="/myapp2/oauth/authorize" 
		authentication-failed-url="/myapp2/oauth/confirm_access"
		access-token-url="/myapp2/oauth/access_token"
		require10a="false" />

	<oauth:consumer-details-service id="consumerDetailsApp2">
		<oauth:consumer name="myapp2.com" key="oauth-myapp1-consumer-key"
			secret="ASFmkJHuiLpnJfWqFfBKoNfasdaASDDS" resourceName="MyApp2 Queues"
			resourceDescription="Access for your App 2 queues" 
			/>

Some idea?. How can I make explicit the relaction between <http> and the <oauth:consumer >?

A lot of thanks

Thread: Multiple <http> (Spring 3.1.0) with OAuth (1.0.0)

Thread Tools

Display

Threaded View

Multiple <http> (Spring 3.1.0) with OAuth (1.0.0)

Posting Permissions