Oauth2: User approval forward loses model attribute?

**geertp** · Mar 23rd, 2012, 05:36 AM

Hi all,

I'm setting up a configuration with the Oauth2-module.

After authorization, the request should be forwarded to the user-consent page.
However, this forward fails with the message:

Code:

2012-03-23 09:09:46.987:WARN:oejs.ServletHandler:/oauth/authorize
org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.oauth2.provider.AuthorizationRequest]: No default constructor found; nested exception is java.lang.NoSuchMethodException: org.springframework.security.oauth2.provider.AuthorizationRequest.<init>()
	at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:107)
	at org.springframework.web.method.annotation.ModelAttributeMethodProcessor.createAttribute(ModelAttributeMethodProcessor.java:131)
	at org.springframework.web.servlet.mvc.method.annotation.ServletModelAttributeMethodProcessor.createAttribute(ServletModelAttributeMethodProcessor.java:81)
	at org.springframework.web.method.annotation.ModelAttributeMethodProcessor.resolveArgument(ModelAttributeMethodProcessor.java:102)
	at org.springframework.web.method.support.HandlerMethodArgumentResolverComposite.resolveArgument(HandlerMethodArgumentResolverComposite.java:74)
	at org.springframework.web.method.support.InvocableHandlerMethod.getMethodArgumentValues(InvocableHandlerMethod.java:155)
...
...
Caused by: 
java.lang.NoSuchMethodException: org.springframework.security.oauth2.provider.AuthorizationRequest.<init>()
	at java.lang.Class.getConstructor0(Class.java:2706)
	at java.lang.Class.getDeclaredConstructor(Class.java:1985)
	at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:104)
	at org.springframework.web.method.annotation.ModelAttributeMethodProcessor.createAttribute(ModelAttributeMethodProcessor.java:131)
	at org.springframework.web.servlet.mvc.method.annotation.ServletModelAttributeMethodProcessor.createAttribute(ServletModelAttributeMethodProcessor.java:81)
	at org.springframework.web.method.annotation.ModelAttributeMethodProcessor.resolveArgument(ModelAttributeMethodProcessor.java:102)
	at org.springframework.web.method.support.HandlerMethodArgumentResolverComposite.resolveArgument(HandlerMethodArgumentResolverComposite.java:74)
	at org.springframework.web.method.support.InvocableHandlerMethod.getMethodArgumentValues(InvocableHandlerMethod.java:155)
	at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:117)
...

If I step through the code, I can see the AuthorizationRequest that is put onto the model (at AuthorizationEndpoint.java:135) is a real one and it's actually forwarded.
But then it's lost down the forward-track: in RequestMappingHandlerAdapter.invokeHandlerMethod a ModelAndViewContainer is created and populated but the AuthorizationRequest is not put into it there.

This makes the "@ModelAttribute AuthorizationRequest" in AccessConfirmationController think that a new one should be created.
However, no default constructor exists for AuthorizationRequest, so this fails with the error above.

Did I miss something here?

Regards,
Geert

**Dave Syer** · Mar 23rd, 2012, 07:21 AM

Since Spring 3.1 the AccessConfirmationController has to explicitly declare the method parameter as a @ModelAttribute. The sparklr2 sample should be doing that now, otherwise it wouldn't work.

**geertp** · Mar 23rd, 2012, 07:27 AM

Dave,

Thanks for replying.

I indeed used the sparklr2 sample as a source of inspiration, and therefore added the @ModelAttribute as well to my controller.
(Actually, it just is the same controller code)
But apparently there's still something missing..

**Dave Syer** · Mar 23rd, 2012, 07:49 AM

If you copied the AccessConfirmationController byte-for-byte it should work. Did you keep all the annotations? The ModelFactory.findSessionAttributeArguments should find the AuthorizationRequest in the session, unless you have switched off session creation or something.

**geertp** · Mar 23rd, 2012, 10:22 AM

Thank you for searching along with me.
It seems that ModelFactory.findSessionAttributeArguments (actually, HandlerMethod.getMethodParameters()) does not see the @ModelAttribute annotation.
So the line

Code:

if (param.hasParameterAnnotation(ModelAttribute.class)) {

is false for my method parameter :-(

The retention policy of ModelAttribute.class is RUNTIME so that should not be possible, right?
Weird...

According to the actual error (in my original post), later on the annotation is found indeed. Because in the end they try to instantiate the AuthorizationRequest class, from within a ModelAttributeMethodProcessor...

**Dave Syer** · Mar 23rd, 2012, 11:06 AM

It's not the @ModelAttribute I'm worried about now, since we seem convinced it is there. We need to make sure that the attribute is in the session, and that seems to be what has failed, so that's why I asked about the annotations. Did you keep the @SessionAttributes from the sparklr2 sample?

**geertp** · Mar 26th, 2012, 04:02 AM

Wow!
spot on, Dave!

You were right from the start, to doubt my copying of the AccessConfirmationController 'byte for byte': I indeed did not see the @SessionAttributes annotation.
Now it works like a charm.
Thanks again.

Geert

Thread: Oauth2: User approval forward loses model attribute?

Thread Tools

Display

Oauth2: User approval forward loses model attribute?

Posting Permissions