OAuth change the default authorize token and token end point URLs

[saamy]

Hi,

My application name is 'oauth', when use the default end point URLs, my (for example) authorization URL becomes '<protocol>:<host>/oauth/oauth/authorize'. I want to remove the extra 'oauth' here, '<protocol>:<host>/oauth/authorize'.

I tried this via authorization-server tag:
<oauth:authorization-server client-details-service-ref="clientDetailsService" token-services-ref="tokenServices" authorization-endpoint-url="/authorize" token-endpoint-url="/token"

But this doesn't seem to work. Rather following classes are mapped to static/hardcoded path '/oauth/authorize' and '/oauth/token':
org.springframework.security.oauth2.provider.endpo int.AuthorizationEndpoint
org.springframework.security.oauth2.provider.endpo int.TokenEndpoint
org.springframework.security.oauth2.provider.filte r.EndpointValidationFilter


Is it not possible to modify the default end points path? If yes, how?

Thanks for your attention to this post!

[Dave Syer]

You need to add an additional filter (see the section "Configuring the Endpoint URLs" in the user guide: https://github.com/SpringSource/spri...th/wiki/oauth2).

[saamy]

Hi Dave, Thanks for your reply!

I added the filter but it still doesn't seem to work. I tired the same with tonr-sparklr apps and that doesn't work either. I have attached the screen shots of the files I modified to make it work.

[Dave Syer]

Those screenshots are hopeless (too small). Please paste text in [code][/code] tags.

[saamy]

I pulled out the code from here https://github.com/SpringSource/spring-security-oauth and modified following files:

1. oauth/samples/oauth2/sparklr/src/main/webapp/WEB-INF/spring-servlet.xml

Code:

<oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices"
		user-approval-handler-ref="userApprovalHandler"   authorization-endpoint-url="/authorize" token-endpoint-url="/token">
		<oauth:authorization-code />
		<oauth:implicit />
		<oauth:refresh-token />
		<oauth:client-credentials />
		<oauth:password />
	</oauth:authorization-server>

2. /oauth/samples/oauth2/tonr/src/main/resources/sparklr.properties

Code:

sparklrPhotoListURL=http://localhost:8080/sparklr2/photos?format=xml
sparklrPhotoURLPattern=http://localhost:8080/sparklr2/photos/%s
sparklrTrustedMessageURL=http://localhost:8080/sparklr2/photos/trusted/message
accessTokenUri=http://localhost:8080/sparklr2/token
userAuthorizationUri=http://localhost:8080/sparklr2/authorize

3. oauth/samples/oauth2/sparklr/src/main/webapp/WEB-INF/web.xml

Code:

<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app PUBLIC
  "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
  "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>

	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
		<init-param>
			<param-name>contextAttribute</param-name>
			<param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
		</init-param>
	</filter>

	<filter>
		<filter-name>oauth2EndpointUrlFilter</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
		<init-param>
			<param-name>contextAttribute</param-name>
			<param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
		</init-param>
	</filter>

	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<filter-mapping>
		<filter-name>oauth2EndpointUrlFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<servlet>
		<servlet-name>spring</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<load-on-startup>1</load-on-startup>
	</servlet>

	<servlet-mapping>
		<servlet-name>spring</servlet-name>
		<url-pattern>/</url-pattern>
	</servlet-mapping>

</web-app>

[Dave Syer]

That looks OK. I guess you could narrow the filter pattern a bit. But you didn't really say what wasn't working (it works for me). How is your user approval page implemented (I guess the default from sparklr2 should work though)?

[saamy]

Dave,

When I run the tonr2 (samples/oauth2/tonr) app on tomcat (through maven mvn tomcat:run), after authenticating from tonr, I should get redirect to sparklr2 on 'view photos'. But for me its trying to redirect to 'http://localhost:8080/sparklr2/authorize' which gives error 500. When I change the url to 'http://localhost:8080/sparklr2/oauth/authorize' it finds the page. My requirement is to remove this 'oauth' in the URL. For the same reason I tried to modify the end point URLs with these settings, but doesn't seam to change the urls.

For you does it redirect to 'http://localhost:8080/sparklr2/authorize' and can you see the sparklr login page there?\\

My approval page is just the default sparklr page (downloaded on git link I sent earlier), no change.

Thanks!

[Dave Syer]

It works for me. What is the 500 you see on the /authorize redirect? There must be a stack trace?

[saamy]

Okay, tried again with clean maven build and now after sparklr login, on '/authorize' I got following error:

Code:

[DEBUG] FilterChainProxy - /authorize?client_id=tonr&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&response_type=code&scope=read&state=JpzGiO reached end of additional filter chain; proceeding with original chain
[DEBUG] DispatcherServlet - DispatcherServlet with name 'spring' processing GET request for [/sparklr2/oauth/authorize]
[DEBUG] RequestMappingHandlerMapping - Looking up handler method for path /oauth/authorize
[DEBUG] RequestMappingHandlerMapping - Returning handler method [public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map<java.lang.String, java.lang.Object>,java.lang.String,java.util.Map<java.lang.String, java.lang.String>,org.springframework.web.bind.support.SessionStatus,java.security.Principal)]
[DEBUG] DispatcherServlet - Last-Modified value for [/sparklr2/oauth/authorize] is: -1
[DEBUG] ExceptionHandlerExceptionResolver - Resolving exception from handler [public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map<java.lang.String, java.lang.Object>,java.lang.String,java.util.Map<java.lang.String, java.lang.String>,org.springframework.web.bind.support.SessionStatus,java.security.Principal)]: org.springframework.security.authentication.InsufficientAuthenticationException: User must be authenticated with Spring Security before authorization can be completed.
[DEBUG] ResponseStatusExceptionResolver - Resolving exception from handler [public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map<java.lang.String, java.lang.Object>,java.lang.String,java.util.Map<java.lang.String, java.lang.String>,org.springframework.web.bind.support.SessionStatus,java.security.Principal)]: org.springframework.security.authentication.InsufficientAuthenticationException: User must be authenticated with Spring Security before authorization can be completed.
[DEBUG] DefaultHandlerExceptionResolver - Resolving exception from handler [public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map<java.lang.String, java.lang.Object>,java.lang.String,java.util.Map<java.lang.String, java.lang.String>,org.springframework.web.bind.support.SessionStatus,java.security.Principal)]: org.springframework.security.authentication.InsufficientAuthenticationException: User must be authenticated with Spring Security before authorization can be completed.
[DEBUG] DispatcherServlet - Could not complete request <org.springframework.security.authentication.InsufficientAuthenticationException: User must be authenticated with Spring Security before authorization can be completed.>org.springframework.security.authentication.InsufficientAuthenticationException: User must be authenticated with Spring Security before authorization can be completed.
	at org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(AuthorizationEndpoint.java:115)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:213)
	at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:126)
	at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:96)
	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:617)
	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:578)
	at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80)
	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)
	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)
	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)
	at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.springframework.security.oauth2.provider.endpoint.EndpointValidationFilter.doFilter(EndpointValidationFilter.java:47)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
	at java.lang.Thread.run(Thread.java:680)

[[DEBUG] HttpSessionRequestCache - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/sparklr2/authorize?client_id=tonr&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&response_type=code&scope=read&state=JpzGiO]
[DEBUG] ExceptionTranslationFilter - Calling Authentication entry point.
[DEBUG] DefaultRedirectStrategy - Redirecting to 'http://localhost:8080/sparklr2/login.jsp'

[saamy]

Code:

[DEBUG] AntPathRequestMatcher - Checking match of request : '/authorize'; against '/photos/**'
[DEBUG] FilterChainProxy - /authorize?client_id=tonr&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&response_type=code&scope=read&state=JpzGiO at position 1 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[DEBUG] DefaultSavedRequest - pathInfo: both null (property equals)
[DEBUG] DefaultSavedRequest - queryString: arg1=client_id=tonr&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&response_type=code&scope=read&state=JpzGiO; arg2=client_id=tonr&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&response_type=code&scope=read&state=JpzGiO (property equals)
[DEBUG] DefaultSavedRequest - requestURI: arg1=/sparklr2/authorize; arg2=/sparklr2/authorize (property equals)
[DEBUG] DefaultSavedRequest - serverPort: arg1=8080; arg2=8080 (property equals)
[DEBUG] DefaultSavedRequest - requestURL: arg1=http://localhost:8080/sparklr2/authorize; arg2=http://localhost:8080/sparklr2/authorize (property equals)
[DEBUG] DefaultSavedRequest - scheme: arg1=http; arg2=http (property equals)
[DEBUG] DefaultSavedRequest - serverName: arg1=localhost; arg2=localhost (property equals)
[DEBUG] DefaultSavedRequest - contextPath: arg1=/sparklr2; arg2=/sparklr2 (property equals)
[DEBUG] DefaultSavedRequest - servletPath: arg1=/authorize; arg2=/authorize (property equals)
[DEBUG] HttpSessionRequestCache - Removing DefaultSavedRequest from session if present
[DEBUG] FilterChainProxy - /authorize?client_id=tonr&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&response_type=code&scope=read&state=JpzGiO at position 5 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[DEBUG] FilterChainProxy - /authorize?client_id=tonr&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&response_type=code&scope=read&state=JpzGiO at position 6 of 9 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[DEBUG] AnonymousAuthenticationFilter - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@76183d66: Principal: org.springframework.security.core.userdetails.User@32053f56: Username: marissa; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1%0; SessionId: 67DB1A273695701C617A48DA5945B175; Granted Authorities: ROLE_USER'
[DEBUG] FilterChainProxy - /authorize?client_id=tonr&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&response_type=code&scope=read&state=JpzGiO at position 7 of 9 in additional filter chain; firing Filter: 'SessionManagementFilter'
[DEBUG] FilterChainProxy - /authorize?client_id=tonr&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&response_type=code&scope=read&state=JpzGiO at position 8 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
[DEBUG] FilterChainProxy - /authorize?client_id=tonr&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&response_type=code&scope=read&state=JpzGiO at position 9 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
[DEBUG] AntPathRequestMatcher - Checking match of request : '/authorize'; against '/oauth/**'
[DEBUG] FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /authorize?client_id=tonr&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&response_type=code&scope=read&state=JpzGiO; Attributes: [IS_AUTHENTICATED_ANONYMOUSLY]
[DEBUG] FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@76183d66: Principal: org.springframework.security.core.userdetails.User@32053f56: Username: marissa; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1%0; SessionId: 67DB1A273695701C617A48DA5945B175; Granted Authorities: ROLE_USER
[DEBUG] AffirmativeBased - Voter: org.springframework.security.access.vote.RoleVoter@221e5f0, returned: 0
[DEBUG] AffirmativeBased - Voter: org.springframework.security.access.vote.AuthenticatedVoter@7f7ef0a7, returned: 1
[DEBUG] FilterSecurityInterceptor - Authorization successful
[DEBUG] FilterSecurityInterceptor - RunAsManager did not change Authentication object
[DEBUG] FilterChainProxy - /authorize?client_id=tonr&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftonr2%2Fsparklr%2Fphotos&response_type=code&scope=read&state=JpzGiO reached end of additional filter chain; proceeding with original chain
[DEBUG] DispatcherServlet - DispatcherServlet with name 'spring' processing GET request for [/sparklr2/oauth/authorize]
[DEBUG] RequestMappingHandlerMapping - Looking up handler method for path /oauth/authorize
[DEBUG] RequestMappingHandlerMapping - Returning handler method [public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map<java.lang.String, java.lang.Object>,java.lang.String,java.util.Map<java.lang.String, java.lang.String>,org.springframework.web.bind.support.SessionStatus,java.security.Principal)]
[DEBUG] DispatcherServlet - Last-Modified value for [/sparklr2/oauth/authorize] is: -1
[DEBUG] TokenServicesUserApprovalHandler - Looking up existing token for client_id=tonr, scope=[read]and username=marissa
[DEBUG] TokenServicesUserApprovalHandler - Existing access token=null
[DEBUG] TokenServicesUserApprovalHandler - Checking explicit approval
[DEBUG] AuthorizationEndpoint - Loading user approval page: forward:/oauth/confirm_access
[DEBUG] DispatcherServlet - Rendering view [org.springframework.web.servlet.view.InternalResourceView: unnamed; URL [/oauth/confirm_access]] in DispatcherServlet with name 'spring'
[DEBUG] InternalResourceView - Added model object 'org.springframework.validation.BindingResult.authorizationRequest' of type [org.springframework.validation.BeanPropertyBindingResult] to request in view with name 'null'
[DEBUG] InternalResourceView - Added model object 'scope' of type [java.lang.String] to request in view with name 'null'
[DEBUG] InternalResourceView - Added model object 'response_type' of type [java.lang.String] to request in view with name 'null'
[DEBUG] InternalResourceView - Added model object 'redirect_uri' of type [java.lang.String] to request in view with name 'null'
[DEBUG] InternalResourceView - Added model object 'state' of type [java.lang.String] to request in view with name 'null'
[DEBUG] InternalResourceView - Added model object 'client_id' of type [java.lang.String] to request in view with name 'null'
[DEBUG] InternalResourceView - Added model object 'authorizationRequest' of type [org.springframework.security.oauth2.provider.AuthorizationRequest] to request in view with name 'null'
[DEBUG] InternalResourceView - Forwarding to resource [/oauth/confirm_access] in InternalResourceView 'null'
[DEBUG] DispatcherServlet - DispatcherServlet with name 'spring' processing GET request for [/sparklr2/oauth/authorize]
[DEBUG] RequestMappingHandlerMapping - Looking up handler method for path /oauth/authorize
[DEBUG] RequestMappingHandlerMapping - Returning handler method [public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map<java.lang.String, java.lang.Object>,java.lang.String,java.util.Map<java.lang.String, java.lang.String>,org.springframework.web.bind.support.SessionStatus,java.security.Principal)]
[DEBUG] DispatcherServlet - Last-Modified value for [/sparklr2/oauth/authorize] is: -1
[DEBUG] TokenServicesUserApprovalHandler - Looking up existing token for client_id=tonr, scope=[read]and username=marissa
[DEBUG] TokenServicesUserApprovalHandler - Existing access token=null
[DEBUG] TokenServicesUserApprovalHandler - Checking explicit approval
[DEBUG] AuthorizationEndpoint - Loading user approval page: forward:/oauth/confirm_access