auth server without spring mvc
Looking at sparklr2, I see:
In my attempt at a custom auth server, I tried replacing the attribute "user-approval-handler-ref" with "user-approval-page" to use my foo.jsp as the approve/deny page. Since this will override the default setting of "forward:/oauth/confirm_access", I also removed the "accessConfirmationController" bean.Code:<oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices" user-approval-handler-ref="userApprovalHandler"> <oauth:authorization-code /> <oauth:implicit /> <oauth:refresh-token /> <oauth:client-credentials /> <oauth:password /> </oauth:authorization-server> ... <!-- Override the default mappings for approval and error pages --> <bean id="accessConfirmationController" class="org.springframework.security.oauth.examples.sparklr.mvc.AccessConfirmationController"> <property name="clientDetailsService" ref="clientDetails" /> </bean>
But when I try to run/debug, I get "HTTP ERROR: 405, Request method 'GET' not supported".Code:<oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices" user-approval-page="/foo.jsp"> <oauth:authorization-code /> <oauth:implicit /> <oauth:refresh-token /> <oauth:client-credentials /> <oauth:password /> </oauth:authorization-server>
1) Why is this the case?
2) Could you explain (or point me to the proper docs that explain) which classes/paths are involved when a client attempts an auth request to /oauth/authorize?
3) My breakpoint in AuthorizationEndpoint:authorize does not get triggered, so I'm pretty sure something is misconfigured.
My environment:
spring-security-3.1.1.RELEASE
spring-security-oauth.1.0.0.RC1
STS 2.9.2.RELEASE
Windows 7 Enterprise Edition
web.xml
spring-security-context.xmlCode:<?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>contextAttribute</param-name> <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value> </init-param> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet> <servlet-name>spring</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/spring-security-context.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>spring</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> </web-app>
Code:<?xml version="1.0" encoding="UTF-8" ?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oauth="http://www.springframework.org/schema/security/oauth2" xmlns:sec="http://www.springframework.org/schema/security" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd"> <debug xmlns="http://www.springframework.org/schema/security"/> <http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager" entry-point-ref="oauthAuthenticationEntryPoint" xmlns="http://www.springframework.org/schema/security"> <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" /> <anonymous enabled="false" /> <http-basic entry-point-ref="oauthAuthenticationEntryPoint" /> <access-denied-handler ref="oauthAccessDeniedHandler" /> </http> <http access-denied-page="/login.jsp?authorization_error=true" disable-url-rewriting="true" xmlns="http://www.springframework.org/schema/security"> <intercept-url pattern="/oauth/**" access="ROLE_USER" /> <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <form-login authentication-failure-url="/login.jsp?authentication_error=true" default-target-url="/index.jsp" login-page="/login.jsp" login-processing-url="/login.do" /> <logout logout-success-url="/index.jsp" logout-url="/logout.do" /> <anonymous /> </http> <bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint"> <property name="realmName" value="sparklr2" /> </bean> <bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" /> <authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security"> <authentication-provider user-service-ref="clientDetailsUserService" /> </authentication-manager> <!-- authentication manager to authenticate resource owners --> <!-- to be replaced by ldap --> <authentication-manager alias="authenticationManager" xmlns="http://www.springframework.org/schema/security"> <authentication-provider> <user-service> <user name="marissa" password="koala" authorities="ROLE_USER" /> <user name="paul" password="emu" authorities="ROLE_USER" /> </user-service> </authentication-provider> </authentication-manager> <bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService"> <constructor-arg ref="clientDetails" /> </bean> <oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices" user-approval-page="/foo.jsp"> <oauth:authorization-code /> <oauth:implicit /> <oauth:refresh-token /> <oauth:client-credentials /> <oauth:password /> </oauth:authorization-server> <bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices"> <property name="tokenStore" ref="tokenStore" /> <property name="supportRefreshToken" value="true" /> </bean> <bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore" /> <oauth:client-details-service id="clientDetails"> <oauth:client client-id="my-trusted-client" authorized-grant-types="password,authorization_code,refresh_token,implicit" authorities="ROLE_CLIENT, ROLE_TRUSTED_CLIENT" scope="read,write,trust" /> <oauth:client client-id="my-trusted-client-with-secret" authorized-grant-types="password,authorization_code,refresh_token,implicit" secret="somesecret" authorities="ROLE_CLIENT, ROLE_TRUSTED_CLIENT" /> <oauth:client client-id="my-client-with-secret" authorized-grant-types="client_credentials" authorities="ROLE_CLIENT" scope="read" secret="secret" /> <oauth:client client-id="my-less-trusted-client" authorized-grant-types="authorization_code,implicit" authorities="ROLE_CLIENT" /> <oauth:client client-id="my-less-trusted-autoapprove-client" authorized-grant-types="implicit" authorities="ROLE_CLIENT" /> <oauth:client client-id="my-client-with-registered-redirect" authorized-grant-types="authorization_code,client_credentials" authorities="ROLE_CLIENT" redirect-uri="http://anywhere?key=value" scope="read,trust" /> <oauth:client client-id="my-untrusted-client-with-registered-redirect" authorized-grant-types="authorization_code" authorities="ROLE_CLIENT" redirect-uri="http://anywhere" scope="read" /> <oauth:client client-id="tonr" resource-ids="sparklr" authorized-grant-types="authorization_code,implicit" authorities="ROLE_CLIENT" scope="read,write" secret="secret" /> </oauth:client-details-service> </beans>
Reply With Quote
