Results 1 to 3 of 3

Thread: OAuth2 - sample app

  1. Mar 3rd, 2012, 02:02 PM #1
    foobarbuild
    foobarbuild is offline Junior Member
    Join Date
    Mar 2012
    Posts
    7

    Default OAuth2 - sample app

    I've got my OAuth2 server and client running.
    My client is able to get a valid access token from the server as well.

    The issue arises when I send a rest request to get the response from the server.

    If I use firefox, I get the expected response, where as using chrome/curl/java to make the webrequest, the "principal" ends up being null in my handler.
    Taking a look at the http calls using wireshark, for the request:

    I got the following:

    http://localhost:8080/optimal-securi...0-50d520fdca1f

    Firefox:

    GET /optimal-security/users/me?format=json&access_token=6e984103-e38f-4e5b-a652-d3419b8bab54
    HTTP/1.1..Host: localhost:8080..
    User-Agent:Mozilla /5.0 (Macintosh; U; Intel Mac OS X 10.6;en-US; rv:1.9.2.12) Gecko/20101026 Fire fox/3.6.12..
    Accept: text/html,application/xhtml+ xml,application/ xml;q=0.9,*/*;q= 0.8..
    Accept-Language: en-us,en;q =0.5..
    Accept-Encoding: gzip,deflate..
    Accept-Charset: ISO-8859-1, utf-8;q=0.7,*;q= 0.7..
    Keep-Alive: 115..Connection : keep-alive..
    Cookie: JSESSIONID =1e9qxdzom44fr1t brdcjlts 9yw; JSESSIONID=238244B4 C0DAB2311794E4BC A2833E5C



    Chrome:


    GET /optimal-security/users/me?format=json&access_token=6e984103-e38f-4e5b-a652-d3419b8bab54
    HTTP/1.1..Host: localhost:8080..Connection:keep-alive..
    User-Agent: Mozilla/5.0 (Macintosh;Intel M ac OS X 10_6_8) AppleWebKit/535. 11 (KHTML, like Gecko) Chrome/17 .0.963.56 Safari /535.11..
    Accept: text/html,application/xhtml+xml ,application/xml ;q=0.9,*/*;q=0.8 ..
    Accept-Language: en-US,en; q=0.8..
    Accept-Encoding: gzip,deflate, sdch..
    Accept-Charset: ISO-8859- 1,utf-8;q=0.7,*; q=0.3..
    Cookie: JSESSIONID=9cguv6 hkgeknzlxelqm1py ux....


    I've been trying to step through the code, but the layers upon layers of calls being made makes the task quite difficult. Any ideas/thoughts on what might be going on?
    Reply With Quote Reply With Quote
  2. Mar 3rd, 2012, 09:28 PM #2
    foobarbuild
    foobarbuild is offline Junior Member
    Join Date
    Mar 2012
    Posts
    7

    Default

    Ok...figured out part of the problem. It was due to the fact that when a request was being made to the OAuth server for the token, the server would set a cookie with the JSESSIONID in Firefox, which was being used to authenticate any subsequent requests. But the problem still remains, how to use Spring OAuth2 to respond to a request that has a valid access token? The request fails at the anonymousAuthenticationFilter check. How do I setup a request to get past that?
    Reply With Quote Reply With Quote
  3. Mar 4th, 2012, 04:11 AM #3
    Dave Syer
    Dave Syer is offline Senior Member
    Join Date
    Jun 2005
    Posts
    4,231

    Default

    If I were you I'd disable the anonymous filter on the oauth endpoints. The spec seays that a token request must be authenticated.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules