Oauth2 spring security - access Token not stored in Inmemorytoken store

**akawale** · Jan 18th, 2013, 10:28 AM

Hi,
Please provide direction on this question. We are struggling on this.
we are trying to implement Oauth2 spring security in REST based web service.
We are calling the service using RestTemplate class.

first step : Calling the service with path /outh/token. we are getting the token from service.During debug I am seeing that the token is stored in InMemorytokenStore.

ClientCredentialsResourceDetails resource = new ClientCredentialsResourceDetails();
resource.setAccessTokenUri("http://localhost:7001/ClaimsHistoryService/oauth/token");
resource.setClientId("my-client-with-registered-redirect");
resource.setId("sparklr");
resource.setScope(Arrays.asList("trust"));
OAuth2RestTemplate template2 = new OAuth2RestTemplate(resource);
OAuth2AccessToken oldToken = template2.getAccessToken();

Second step :then we are calling the actual service endpoint with the access token got from
previuos request. The clientId and scope is same. Here I am finding that the acccessTokenStore class does not have any token. So the stored token is getting lost somehow.
((DefaultOAuth2AccessToken) oldToken).setExpiration(new Date(0L));
AccessTokenRequest accessTokenrequest = new DefaultAccessTokenRequest();
accessTokenrequest.setExistingToken(oldToken);
OAuth2RestTemplate template = new OAuth2RestTemplate(resource, new DefaultOAuth2ClientContext(accessTokenrequest));
ClaimHistoryResponse res=null;
res=template.postForObject(claimHistoryEndpointUrl ,request , ClaimHistoryResponse.class);

I am seeing that accessTokenStore variable in ImMemorytokenStore is neither static nor singleton.
So how does the ImMemorytokenStore retain the token in subsequent requests.
private final ConcurrentHashMap<String, OAuth2AccessToken> accessTokenStore = new ConcurrentHashMap<String, OAuth2AccessToken>();

Below is my spring-security.xml.
<http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager"
xmlns="http://www.springframework.org/schema/security">
<intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
<anonymous enabled="false" />
<http-basic entry-point-ref="clientAuthenticationEntryPoint" />

<custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>


<http pattern="/oauth/(users|clients)/.*" request-matcher="regex" create-session="stateless" entry-point-ref="oauthAuthenticationEntryPoint"
use-expressions="true" xmlns="http://www.springframework.org/schema/security">
<anonymous enabled="false" />
<intercept-url pattern="/oauth/users/([^/].*?)/tokens/.*"
access="#oauth2.clientHasRole('ROLE_CLIENT') and (hasRole('ROLE_USER') or #oauth2.isClient()) and #oauth2.hasScope('write')"
method="DELETE" />
<intercept-url pattern="/oauth/users/.*"
access="#oauth2.clientHasRole('ROLE_CLIENT') and (hasRole('ROLE_USER') or #oauth2.isClient()) and #oauth2.hasScope('read')"
method="GET" />
<intercept-url pattern="/oauth/clients/.*"
access="#oauth2.clientHasRole('ROLE_CLIENT') and #oauth2.isClient() and #oauth2.hasScope('read')" method="GET" />
<intercept-url pattern="/**" access="denyAll()"/>
<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
<expression-handler ref="oauthWebExpressionHandler" />
</http>


<http pattern="/claims/**" create-session="stateless" entry-point-ref="oauthAuthenticationEntryPoint"
access-decision-manager-ref="accessDecisionManager" xmlns="http://www.springframework.org/schema/security">
<anonymous enabled="false" />
<intercept-url pattern="/claims" access="ROLE_CLIENT,ROLE_USER,SCOPE_READ" />
<intercept-url pattern="/claims/trusted/**" access="ROLE_CLIENT,SCOPE_TRUST" />
<intercept-url pattern="/claims/user/**" access="ROLE_CLIENT,ROLE_USER,SCOPE_TRUST" />
<intercept-url pattern="/claims/**" access="ROLE_CLIENT,ROLE_USER,SCOPE_READ" />
<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>

<bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provide r.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="sparklr2" />
</bean>

<bean id="accessDecisionManager" class="org.springframework.security.access.vote.Un animousBased" xmlns="http://www.springframework.org/schema/beans">
<constructor-arg>
<list>
<bean class="org.springframework.security.oauth2.provide r.vote.ScopeVoter" />
<bean class="org.springframework.security.access.vote.Ro leVoter" />
<bean class="org.springframework.security.access.vote.Au thenticatedVoter" />
</list>
</constructor-arg>
</bean>

<authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
<authentication-provider user-service-ref="clientDetailsUserService" />
</authentication-manager>

<authentication-manager alias="authenticationManager" xmlns="http://www.springframework.org/schema/security">
<authentication-provider>
<user-service id="userDetailsService">
<user name="marissa" password="koala" authorities="ROLE_USER" />
<user name="test1" password="test1" authorities="ROLE_USER" />
<user name="test2" password="test2" authorities="ROLE_CLIENT" />
</user-service>
</authentication-provider>
</authentication-manager>

<bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provide r.client.ClientDetailsUserDetailsService">
<constructor-arg ref="clientDetails" />
</bean>

<bean id="tokenStore" class="org.springframework.security.oauth2.provide r.token.InMemoryTokenStore" />

<bean id="tokenServices" class="org.springframework.security.oauth2.provide r.token.DefaultTokenServices">
<property name="tokenStore" ref="tokenStore" />
<property name="supportRefreshToken" value="true" />
<property name="clientDetailsService" ref="clientDetails" />
</bean>

<bean id="userApprovalHandler" class="com.magellanhealth.services.claimhistoryser vice.util.SparklrUserApprovalHandler">
<property name="autoApproveClients">
<set>
<value>my-less-trusted-autoapprove-client</value>
</set>
</property>
<property name="tokenServices" ref="tokenServices" />
</bean>

<oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices"
user-approval-handler-ref="userApprovalHandler">
<oauth:authorization-code />
<oauth:implicit />
<oauth:refresh-token />
<oauth:client-credentials />
<oauth:password />
</oauth:authorization-server>

<oauth:resource-server id="resourceServerFilter" resource-id="sparklr" token-services-ref="tokenServices" />

<oauth:client-details-service id="clientDetails">
<oauth:client client-id="my-trusted-client" authorized-grant-types="password,authorization_code,refresh_token,i mplicit"
authorities="ROLE_CLIENT, ROLE_TRUSTED_CLIENT" scope="read,write,trust" access-token-validity="60" />
<oauth:client client-id="my-trusted-client-with-secret" authorized-grant-types="password,authorization_code,refresh_token,i mplicit"
secret="somesecret" authorities="ROLE_CLIENT, ROLE_TRUSTED_CLIENT" />
<oauth:client client-id="my-client-with-secret" authorized-grant-types="client_credentials" authorities="ROLE_CLIENT"
scope="read" secret="secret" />
<oauth:client client-id="my-less-trusted-client" authorized-grant-types="authorization_code,implicit"
authorities="ROLE_CLIENT" />
<oauth:client client-id="my-less-trusted-autoapprove-client" authorized-grant-types="implicit"
authorities="ROLE_CLIENT" />
<oauth:client client-id="my-client-with-registered-redirect" authorized-grant-types="authorization_code,client_credentials"
authorities="ROLE_CLIENT" redirect-uri="http://anywhere?key=value" scope="read,trust" />
<oauth:client client-id="my-untrusted-client-with-registered-redirect" authorized-grant-types="authorization_code"
authorities="ROLE_CLIENT" redirect-uri="http://anywhere" scope="read" />
<oauth:client client-id="tonr" resource-ids="sparklr" authorized-grant-types="authorization_code,implicit"
authorities="ROLE_CLIENT" scope="read,write" secret="secret" />
</oauth:client-details-service>

<mvc:annotation-driven />

<mvc:default-servlet-handler />

<sec:global-method-security pre-post-annotations="enabled" proxy-target-class="true">

<sec:expression-handler ref="oauthExpressionHandler" />
</sec:global-method-security>

<oauth:expression-handler id="oauthExpressionHandler" />

<oauth:web-expression-handler id="oauthWebExpressionHandler" />

</beans>

**Dave Syer** · Jan 18th, 2013, 10:58 AM

Originally Posted by akawale

ClientCredentialsResourceDetails resource = new ClientCredentialsResourceDetails();
resource.setAccessTokenUri("http://localhost:7001/ClaimsHistoryService/oauth/token");
resource.setClientId("my-client-with-registered-redirect");
resource.setId("sparklr");
resource.setScope(Arrays.asList("trust"));
OAuth2RestTemplate template2 = new OAuth2RestTemplate(resource);
OAuth2AccessToken oldToken = template2.getAccessToken();

Second step :then we are calling the actual service endpoint with the access token got from
previuos request. The clientId and scope is same. Here I am finding that the acccessTokenStore class does not have any token. So the stored token is getting lost somehow.
((DefaultOAuth2AccessToken) oldToken).setExpiration(new Date(0L));
AccessTokenRequest accessTokenrequest = new DefaultAccessTokenRequest();
accessTokenrequest.setExistingToken(oldToken);
OAuth2RestTemplate template = new OAuth2RestTemplate(resource, new DefaultOAuth2ClientContext(accessTokenrequest));
ClaimHistoryResponse res=null;
res=template.postForObject(claimHistoryEndpointUrl ,request , ClaimHistoryResponse.class);

That should work, but note that you don't need to do the bit in the middle, i.e. this is better:

Code:

...
OAuth2RestTemplate template2 = new OAuth2RestTemplate(resource);
ClaimHistoryResponse res=null;
res=template.postForObject(claimHistoryEndpointUrl,request , ClaimHistoryResponse.class);

I am seeing that accessTokenStore variable in ImMemorytokenStore is neither static nor singleton.
So how does the ImMemorytokenStore retain the token in subsequent requests.
private final ConcurrentHashMap<String, OAuth2AccessToken> accessTokenStore = new ConcurrentHashMap<String, OAuth2AccessToken>();

How are you loading the Spring context? It would only be an issue if you were for some reason doing it on every request right, otherwise there is only one instance of the accessTokenStore.

P.S. please use [CODE][/CODE] tags to post code and logs.

**akawale** · Jan 18th, 2013, 12:43 PM

I am loading the spring context using the ContextLoaderListener listener. This is the only listener configured in my web.xml.
Also from my logs I don't see the spring context getting loaded between requests.

First Request :

Authorities: ROLE_CLIENT
2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [rk.security.access.vote.AffirmativeBased] - Voter: org.springframework.security.access.vote.RoleVoter @ef9e3d, returned: 0
2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [rk.security.access.vote.AffirmativeBased] - Voter: org.springframework.security.access.vote.Authentic atedVoter@ef9e38, returned: 1
2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [cess.intercept.FilterSecurityInterceptor] - Authorization successful
2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [cess.intercept.FilterSecurityInterceptor] - RunAsManager did not change Authentication object
2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [gframework.security.web.FilterChainProxy] - /oauth/token reached end of additional filter chain; proceeding with original chain
2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [gframework.web.servlet.DispatcherServlet] - DispatcherServlet with name 'spring' processing POST request for [/ClaimsHistoryService/oauth/token]
2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [.annotation.RequestMappingHandlerMapping] - Looking up handler method for path /oauth/token
2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [.annotation.RequestMappingHandlerMapping] - Did not find handler method for [/oauth/token]
2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [endpoint.FrameworkEndpointHandlerMapping] - Looking up handler method for path /oauth/token
2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [endpoint.FrameworkEndpointHandlerMapping] - Returning handler method [public org.springframework.http.ResponseEntity<org.spring framework.security.oauth2.common.OAuth2AccessToken > org.springframework.security.oauth2.provider.endpo int.TokenEndpoint.getAccessToken(java.security.Pri ncipal,java.lang.String,java.util.Map<java.lang.St ring, java.lang.String>)]
2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [ctory.support.DefaultListableBeanFactory] - Returning cached instance of singleton bean 'oauth2TokenEndpoint'
2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [der.client.ClientCredentialsTokenGranter] - Getting access token for: my-client-with-registered-redirect
2013-01-18 13:33:26,645 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [hod.annotation.HttpEntityMethodProcessor] - Written [2a2c78ac-5524-4280-8691-d151c4094197] as "application/json" using [org.springframework.http.converter.json.MappingJac ksonHttpMessageConverter@14c2650]
2013-01-18 13:33:26,645 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [gframework.web.servlet.DispatcherServlet] - Null ModelAndView returned to DispatcherServlet with name 'spring': assuming HandlerAdapter completed request handling
2013-01-18 13:33:26,645 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [gframework.web.servlet.DispatcherServlet] - Successfully completed request
2013-01-18 13:33:26,645 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [ty.web.access.ExceptionTranslationFilter] - Chain processed normally
2013-01-18 13:33:26,645 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [context.SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed

Second request :

2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [.security.web.util.AntPathRequestMatcher] - Checking match of request : '/claims/getall'; against '/oauth/cache_approvals'
2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [.security.web.util.AntPathRequestMatcher] - Checking match of request : '/claims/getall'; against '/oauth/uncache_approvals'
2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [.security.web.util.AntPathRequestMatcher] - Checking match of request : '/claims/getall'; against '/oauth/token'
2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [rk.security.web.util.RegexRequestMatcher] - Checking match of request : '/claims/getAll'; against '/oauth/(users|clients)/.*'
2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [.security.web.util.AntPathRequestMatcher] - Checking match of request : '/claims/getall'; against '/claims/**'
2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [gframework.security.web.FilterChainProxy] - /claims/getAll at position 1 of 5 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [gframework.security.web.FilterChainProxy] - /claims/getAll at position 2 of 5 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'
2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [ion.OAuth2AuthenticationProcessingFilter] - Authentication request failed: error="invalid_token", error_description="Invalid access token: 2a2c78ac-5524-4280-8691-d151c4094197"
2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [der.error.DefaultOAuth2ExceptionRenderer] - Written [error="invalid_token", error_description="Invalid access token: 2a2c78ac-5524-4280-8691-d151c4094197"] as "application/xml" using [org.springframework.security.oauth2.http.converter .jaxb.JaxbOAuth2ExceptionMessageConverter@ed5b12]
2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [context.SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed

**Dave Syer** · Jan 18th, 2013, 04:15 PM

Did you read the bit about the [CODE][/CODE] tags? I'd be really happy to look at your logs if you post them with code tags so I can read them.

**akawale** · Jan 21st, 2013, 08:45 AM

Sir, Please see below :
First Request to get the token :

Code:

Authorities: ROLE_CLIENT
2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [rk.security.access.vote.AffirmativeBased] - Voter: org.springframework.security.access.vote.RoleVoter @ef9e3d, returned: 0
2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [rk.security.access.vote.AffirmativeBased] - Voter: org.springframework.security.access.vote.Authentic atedVoter@ef9e38, returned: 1
2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [cess.intercept.FilterSecurityInterceptor] - Authorization successful
2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [cess.intercept.FilterSecurityInterceptor] - RunAsManager did not change Authentication object
2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [gframework.security.web.FilterChainProxy] - /oauth/token reached end of additional filter chain; proceeding with original chain
2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [gframework.web.servlet.DispatcherServlet] - DispatcherServlet with name 'spring' processing POST request for [/ClaimsHistoryService/oauth/token]
2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [.annotation.RequestMappingHandlerMapping] - Looking up handler method for path /oauth/token
2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [.annotation.RequestMappingHandlerMapping] - Did not find handler method for [/oauth/token]
2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [endpoint.FrameworkEndpointHandlerMapping] - Looking up handler method for path /oauth/token
2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [endpoint.FrameworkEndpointHandlerMapping] - Returning handler method [public org.springframework.http.ResponseEntity<org.spring framework.security.oauth2.common.OAuth2AccessToken > org.springframework.security.oauth2.provider.endpo int.TokenEndpoint.getAccessToken(java.security.Pri ncipal,java.lang.String,java.util.Map<java.lang.St ring, java.lang.String>)]
2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [ctory.support.DefaultListableBeanFactory] - Returning cached instance of singleton bean 'oauth2TokenEndpoint'
2013-01-18 13:33:26,630 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [der.client.ClientCredentialsTokenGranter] - Getting access token for: my-client-with-registered-redirect
2013-01-18 13:33:26,645 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [hod.annotation.HttpEntityMethodProcessor] - Written [2a2c78ac-5524-4280-8691-d151c4094197] as "application/json" using [org.springframework.http.converter.json.MappingJac ksonHttpMessageConverter@14c2650]
2013-01-18 13:33:26,645 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [gframework.web.servlet.DispatcherServlet] - Null ModelAndView returned to DispatcherServlet with name 'spring': assuming HandlerAdapter completed request handling
2013-01-18 13:33:26,645 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [gframework.web.servlet.DispatcherServlet] - Successfully completed request
2013-01-18 13:33:26,645 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [ty.web.access.ExceptionTranslationFilter] - Chain processed normally
2013-01-18 13:33:26,645 DEBUG [ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)' [context.SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed

second request to access endpoint with token :

Code:

2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [.security.web.util.AntPathRequestMatcher] - Checking match of request : '/claims/getall'; against '/oauth/cache_approvals'
2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [.security.web.util.AntPathRequestMatcher] - Checking match of request : '/claims/getall'; against '/oauth/uncache_approvals'
2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [.security.web.util.AntPathRequestMatcher] - Checking match of request : '/claims/getall'; against '/oauth/token'
2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [rk.security.web.util.RegexRequestMatcher] - Checking match of request : '/claims/getAll'; against '/oauth/(users|clients)/.*'
2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [.security.web.util.AntPathRequestMatcher] - Checking match of request : '/claims/getall'; against '/claims/**'
2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [gframework.security.web.FilterChainProxy] - /claims/getAll at position 1 of 5 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [gframework.security.web.FilterChainProxy] - /claims/getAll at position 2 of 5 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'
2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [ion.OAuth2AuthenticationProcessingFilter] - Authentication request failed: error="invalid_token", error_description="Invalid access token: 2a2c78ac-5524-4280-8691-d151c4094197"
2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [der.error.DefaultOAuth2ExceptionRenderer] - Written [error="invalid_token", error_description="Invalid access token: 2a2c78ac-5524-4280-8691-d151c4094197"] as "application/xml" using [org.springframework.security.oauth2.http.converter .jaxb.JaxbOAuth2ExceptionMessageConverter@ed5b12]
2013-01-18 13:33:26,676 DEBUG [ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)' [context.SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed

**Dave Syer** · Jan 22nd, 2013, 05:36 AM

I'd say those 2 requests are using a different instance of the access token store then. Do you have 2 Spring contexts, and one store in each (one root context and one for your servlet maybe)?

**akawale** · Jan 22nd, 2013, 11:07 AM

Hello Dave..As per the direction from my Architect we will be using JDBC token store. I used it and everything is working fine
with that.
Thanks for your help. I will close this post for now.

Thread: Oauth2 spring security - access Token not stored in Inmemorytoken store

Thread Tools

Display

Oauth2 spring security - access Token not stored in Inmemorytoken store

Tags for this Thread

Posting Permissions