Oct 1st, 2012, 10:42 AM
OAuth2 and the use of MVC mapping
We are (still) attempting to integrate OAuth2 into an existing application and running into some problems and are hoping you can shed some light. The authorization-server seems to be using MVC mapping, is this correct? The reason we ask is that we are using context:component-scan for mapping in our servlet and the presence of authorization-server in the security context configuration seems to prevent this scan from occurring.
With all of the rest of the configuration intact but only the authorization-server commented out the conponent-scan occurs. My initial thought is that we have security context at the application context layer whereas sparklr has it at the servlet context layer. I commented out the ContextLoadListener in web.xml and imported the application context directly into the servelet context (this would not work in production but I wanted to get a successful test) but the same problem occurs even then.
I would prefer to not have to rewrite my entire context to suit the Oauth2 implimentation (Oauth configuration already working correctly in application context space) so my question is where does the mapping for oauth2 elements occur and is there a way to override it so that our normal contrext-scan does not get interfered with.
Oct 1st, 2012, 11:12 AM
Please disregard. Adding mvc:annotation-driven to the servlet context seems to allow me to progress with security context at the application context layer.
Oct 1st, 2012, 11:17 AM
What version of Spring Security OAuth are you using? Recent milestones use a handler mapping that does not interfere with existing MVC mappings, but that doesn't sound precisely like the problem you have.
I can't think of any reason a component scan would appear simply not to happen - you can turn on some logging to verify what is being scanned - and the OAuth support doesn't do any component scanning itself. You probably need to provide some more detail, or a sample project, to get a clearer idea of what you did.