OAuth2 as AuthenticationProvider?

[pravin_bansod]

Hi Dave, I am using spring-security-oauth 1.0.0.M6a.
When I say authenticated, I mean authenticated in spring-security.
I get the error page like Authentication is required...anonymous not allowed.

Dave,
do you see any easy way of supporting this?
There is spring-security-social http://code.google.com/p/spring-security-social/ developed for this, but seems its not compatible now.
Was it the case that in previous version, there was provision to get the access-token before authentication is formed?

Thanks,
Pravin

[Dave Syer]

do you see any easy way of supporting this?

Authentication with OAuth2 should be possible. What the original poster was trying to do with password grants may not be (it doesn't seem very sensible to me). I use OAuth2 for authentication and single sign on a lot. E.g. see https://github.com/cloudfoundry/uaa/...entFilter.java (changed link since the original post) - it's not an authentication manager, and it's not really OpenId Connect (yet) either, but it works.

[pravin_bansod]

Thanks Dave. I tried but it didn't work.
It is the same flow from RestTemplate-->OAuth2RestTemplate(createRequst)--> AccessTokenProviderChain and
I get
org.springframework.security.authentication.Insuff icientAuthenticationException: Authentication is required to store an access token (anonymous not allowed)
for which we don't redirect.

Can you please check and let me know if I am missing something obvious?

Thanks,
Pravin

[Dave Syer]

Check what, sorry. What did you try? Did you see the sample app at https://github.com/cloudfoundry/uaa/...r/samples/app? It uses the filter I linked to before, so maybe if you look at the Spring Security config for that and pay attention to the filter chain (in particular where the anonymous filter is disabled) you will get some hints.

[pravin_bansod]

Thanks Dave. I will try that.