tonr2: A redirect is required to get the users approval

[steppinrazor]

Guys -

So I am trying to get up and running with Oauth2 in building an app that interfaces with Facebook. I am using the tonr app for Oauth2 as a proof of concept but I am getting an exception. The funny thing is that tonr is also getting the same exception but the exception filter is getting triggered and taking care of this exception but mine is not.

The first stacktrace here is tonr and the second is mine

Code:

tonr2 22:42:05.554 [DEBUG] DispatcherServlet - Last-Modified value for [/tonr2-1.0.2.BUILD-SNAPSHOT/facebook/info] is: -1
tonr2 22:42:05.623 [DEBUG] ExceptionHandlerExceptionResolver - Resolving exception from handler [public java.lang.String org.springframework.security.oauth.examples.tonr.mvc.FacebookController.photos(org.springframework.ui.Model) throws java.lang.Exception]: org.springframework.security.oauth2.client.resource.UserRedirectRequiredException: A redirect is required to get the users approval
tonr2 22:42:05.624 [DEBUG] ResponseStatusExceptionResolver - Resolving exception from handler [public java.lang.String org.springframework.security.oauth.examples.tonr.mvc.FacebookController.photos(org.springframework.ui.Model) throws java.lang.Exception]: org.springframework.security.oauth2.client.resource.UserRedirectRequiredException: A redirect is required to get the users approval
tonr2 22:42:05.624 [DEBUG] DefaultHandlerExceptionResolver - Resolving exception from handler [public java.lang.String org.springframework.security.oauth.examples.tonr.mvc.FacebookController.photos(org.springframework.ui.Model) throws java.lang.Exception]: org.springframework.security.oauth2.client.resource.UserRedirectRequiredException: A redirect is required to get the users approval
tonr2 22:42:05.625 [DEBUG] DispatcherServlet - Could not complete request <org.springframework.security.oauth2.client.resource.UserRedirectRequiredException: A redirect is required to get the users approval>org.springframework.security.oauth2.client.resource.UserRedirectRequiredException: A redirect is required to get the users approval
	at org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider.getRedirectForAuthorization(AuthorizationCodeAccessTokenProvider.java:305)
	at org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider.obtainAccessToken(AuthorizationCodeAccessTokenProvider.java:159)
	at org.springframework.security.oauth2.client.token.AccessTokenProviderChain.obtainNewAccessTokenInternal(AccessTokenProviderChain.java:142)
	at org.springframework.security.oauth2.client.token.AccessTokenProviderChain.obtainAccessToken(AccessTokenProviderChain.java:118)

Code:

tonr2 22:26:44.036 [DEBUG] DispatcherServlet - Last-Modified value for [/pinpoint-targeting-web-1.0-SNAPSHOT/facebook/info] is: -1
tonr2 22:26:44.038 [DEBUG] HandlerMethodInvoker - Invoking request handler method: public java.lang.String com.digitalcrossbow.web.mvc.FacebookController.photos(org.springframework.ui.Model) throws java.lang.Exception
$$$$$$ trying to get data
org.springframework.security.oauth2.client.resource.UserRedirectRequiredException: A redirect is required to get the users approval
	at org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider.getRedirectForAuthorization(AuthorizationCodeAccessTokenProvider.java:305)
	at org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider.obtainAccessToken(AuthorizationCodeAccessTokenProvider.java:159)
	at org.springframework.security.oauth2.client.token.AccessTokenProviderChain.obtainNewAccessTokenInternal(AccessTokenProviderChain.java:142)
	at org.springframework.security.oauth2.client.token.AccessTokenProviderChain.obtainAccessToken(AccessTokenProviderChain.java:118)
	at org.springframework.security.oauth2.client.OAuth2RestTemplate.acquireAccessToken(OAuth2RestTemplate.java:216)
	at org.springframework.security.oauth2.client.OAuth2RestTemplate.getAccessToken(OAuth2RestTemplate.java:168)

So notice in both snippets that there is a different flow after the first line that begins with "Last modified...". tonr's ExceptionTranslationFilter kicks in but mine does not, the end result being that my FB query never completes but the tonr query runs successfully.

Any ideas why? (even though the second snippet says 'tonr' it is my app as it has '$$$$$$ trying to get data' but tonr doesn't)

Note: the 2 web.xml files are the same and the spring-servlet.xml is virtually identical except that I use Thymeleaf instead of jsp and this

Code:

<http access-denied-page="/error" xmlns="http://www.springframework.org/schema/security">
        <intercept-url pattern="/facebook/**" access="ROLE_USER" />
        <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />

        <form-login authentication-failure-url="/error" default-target-url="/facebook/info" login-page="/login" />
        <anonymous />
        <custom-filter ref="oauth2ClientFilter" after="EXCEPTION_TRANSLATION_FILTER" />
    </http>

So after I successfully log in it goes to the target url which is a request mapped class FacebookController just like tonr.

[Dave Syer]

There isn't enough log output to really say but it looks plausibly normal. Maybe your browser is getting redirected to the wrong site? If you switch on debug logging for spring security you might see the whole filter.

[steppinrazor]

So this is the exception tonr2 throws but recovers from it. I thought it was me until I noticed that tonr2 was throwing this redirection exception.

[Dave Syer]

The extended logs are form a single app? It looks like it worked, so what was the problem exactly?

[steppinrazor]

So are you saying that the stacktrace in there is perfectly normal -- this redirect exception??

[Dave Syer]

It was logged at DEBUG level and then rethrown by the DispatcherServlet. That is completely normal. So was that the only symptom of an error?

[steppinrazor]

Yes that was the only symptom, I guess i am the only one who finds it odd that a "redirect URL" exception is thrown when I clearly have a redirect url so it seems kind of spurious.