"No redirect URI" when trying to get a protected resource

[OhadR]

After upgrading to RC2a I get this exception when I try to reach the protected resource; anyone has an idea why?
AccessTokenRequest (actualy it is DefaultAccessTokenRequest) has no redirect-uri parameter... who suppose to set it?

the stack-trace:

java.lang.IllegalStateException: No redirect URI has been established for the current request.
org.springframework.security.oauth2.client.token.g rant.code.AuthorizationCodeAccessTokenProvider.get RedirectForAuthorization(AuthorizationCodeAccessTo kenProvider.java:283)
org.springframework.security.oauth2.client.token.g rant.code.AuthorizationCodeAccessTokenProvider.obt ainAccessToken(AuthorizationCodeAccessTokenProvide r.java:159)
org.springframework.security.oauth2.client.token.A ccessTokenProviderChain.obtainNewAccessTokenIntern al(AccessTokenProviderChain.java:142)
org.springframework.security.oauth2.client.token.A ccessTokenProviderChain.obtainAccessToken(AccessTo kenProviderChain.java:118)
org.springframework.security.oauth2.client.OAuth2R estTemplate.acquireAccessToken(OAuth2RestTemplate. java:217)
org.springframework.security.oauth2.client.OAuth2R estTemplate.getAccessToken(OAuth2RestTemplate.java :169)
org.springframework.security.oauth2.client.OAuth2R estTemplate.createRequest(OAuth2RestTemplate.java: 90)
org.springframework.web.client.RestTemplate.doExec ute(RestTemplate.java:434)
org.springframework.security.oauth2.client.OAuth2R estTemplate.doExecute(OAuth2RestTemplate.java:124)
org.springframework.web.client.RestTemplate.execut e(RestTemplate.java:415)
org.springframework.web.client.RestTemplate.getFor Object(RestTemplate.java:213)

[Dave Syer]

If you use OAuth2RestTemplate in a webapp with <oauth:rest-template/> it will try to use the current request as a redirect URI, so if that's not the case you need to declare it explicitly in your <oauth:resource/>.

[OhadR]

If you use OAuth2RestTemplate in a webapp with <oauth:rest-template/> it will try to use the current request as a redirect URI, so if that's not the case you need to declare it explicitly in your <oauth:resource/>.

not sure I understand how to add it.

in the tonr sample, I do not see in the <oauth:resource> explicitly declaration of <oauth:rest-template>:

Code:

<oauth:resource id="sparklr" type="authorization_code" client-id="tonr" client-secret="secret"
		access-token-uri="${accessTokenUri}" user-authorization-uri="${userAuthorizationUri}" scope="read" />

and I've looked in the XSD, under "resource", and did not see any rest-template there... :-(

[Dave Syer]

In tonr2 you should see declarations like this:

Code:

<oauth:rest-template resource="sparklr" />

[OhadR]

I see, under the "service" that actually tries to access the protected-resource.
So can I deduce that using <oauth:rest-template> is a MUST? because if I do not use it, I get the missing "redirect-uri" error...

I've added this example to the docs. Let me know if it is incorrect...

Code:

<oauth:resource id="sparklr" ... />

<bean id="sparklrService" class="org....SparklrServiceImpl">
    ...
    <property name="sparklrRestTemplate">
        <oauth:rest-template resource="sparklr" />
    </property>
</bean>

[Dave Syer]

So can I deduce that using <oauth:rest-template> is a MUST? because if I do not use it, I get the missing "redirect-uri" error...

It's a must but not quite for the reason you suggest. You can always declare a redirect uri in the <oauth:resource/> but if you don't use <oauth:rest-template/> worse things happen unless you are careful to duplicate the features of <oauth:rest-template/> (it creates a session scoped OAuth2RestTemplate to make your app thread safe).