OAuth 2 Service provider

[utkarsh.hiremath]

Hello ,
I am new to OAuth 2. I want to use Service Provider OAuth 2 spring security but my client applications are in .net.
Service that i want to provide is REST service.How will i integrate OAuth 2 for spring security to accomplish this task.
Please ,Any help will be appreciated..
Thanks

Regards,
Utkarsh

[Dave Syer]

I don't have any samples in .NET, but I imagine there are OAuth2 libraries available. The sparklr2 sample is your template for a "Service Provider" (not at OAuth2 term): sparklr2 is an Authorization Server (granting access tokens) and a Resource Server (accepting tokens to access protected resources).

[utkarsh.hiremath]

I don't have any samples in .NET, but I imagine there are OAuth2 libraries available. The sparklr2 sample is your template for a "Service Provider" (not at OAuth2 term): sparklr2 is an Authorization Server (granting access tokens) and a Resource Server (accepting tokens to access protected resources).

But can i use Sparklr2 as a service provider(which is implemented in Spring Security) for client applications that are implemented in .net.
What changes i will have to make to Sparklr2 to create my own service provider.

Do i need to do any change in client application? Because i dont want to make any change in client application & REST service that i wish to provide access to. I wish to integrate this Service Provider module in between this, How can i do this?

[Dave Syer]

I think you mean "AuthorizationServer" not "Service Provider" (the latter is ambiguous and has no definition in the context of OAuth2)? The REST service and the client application that you already have are the "Resource Server" and "Client" respectivey in OAuth2 terms. Sparklr2 is already an Authorization Server (see the <oauth:authorization-server/> configuration). Whether or not you have to make changes to your Resource Server and Client I really can't say because I haven't seen them. Probably if they use a recent version of the spec the changes should be minimal. I would have thought at least you would have to change the URLs that point to your existing Authorization Server? How does your Resource Server check the token contents (maybe you need to adapt that, or to adapt the token issued by sparklr2 to match its expectations)?

[utkarsh.hiremath]

Yes right i mean 'authorization server' only.
1.i do not have any authorization server right now .I am going through Sparklr2 for reference, what changes will i have to do in Sparklr2 to create my own AuthorizationServer.
2. Client app & Resource server(my REST service) are two independent apps. They are not using OAuth service right now.But now i want to integrate this authorization server in between to provide client app authorized access to REST service how can i accomplish that.

[Dave Syer]

1. You don't *have* to do anything (sparklr2 is already an Authorization Server), so it's fine for testing. You probably want to change the at least the AuthenticationManager so you can authenticate your own users, not marissa and paul.

2. I don't know (I haven't seen the apps). If they are .NET I'm afraid you are going to have to ask somewhere else, sorry. If they are Java then look at sparklr2 for an example of an <oauth:resource-server/> and tonr2 for an example of a Client (<oauth:rest-template/>).

[utkarsh.hiremath]

Hello Dave,

I am looking forward to create my own authorization server (like sparkler) which will do some specific function but i do not have so much knowledge about spring security . If i wish to create it in simply JSP/servlet , how can i accomplish it.
One more thing my authorization server should be generic, because our client application can be in .net , php, java or anything...
So we should be able to use same authorization server & resource server for different application..How can we accoplish this ?
Please Help...
Thanks,
Utkarsh.

[Dave Syer]

I don't think we are on the same page. Sparklr2 *is* an authorization server and it *is* a JSP/servlet app. Knock yourself out.

Also, it really doesn't care if your clients are .NET etc. The public interface is over HTTP (as defined in the spec).

[utkarsh.hiremath]

I have created app like Sparklr2 which is authorization server as well as resource server. Only Thing i have changed is instead of photos , i wish to get details of person who is accessing...
I have respective changes to Sparklr2,
My sprng-servlet.xml looks like this.....
spring-sevlet.xml
spring-servlet.txt

when i created war file and deployed on localhost ...it says
HTTP Status 404 - /ServiceProvider/
when checked in logs of tomcat is says...
SEVERE: Servlet /REST_practice threw load() exception
java.lang.ClassNotFoundException: com.sun.jersey.spi.container.servlet.ServletContai ner
what must be the problem ?
Where should i have made mistake ?
Please Help..
Thanks in advance.

[Dave Syer]

java.lang.ClassNotFoundException: com.sun.jersey.spi.container.servlet.ServletContai ner

This is not a class required by Spring OAuth. You probably just need to fix your classpath.