404 error when accessing /oauth/token

[samuel_coutinho]

Hi I have a webservice that provides OAuth access tokens using the password grant. I have taken bits off the sparklr config that I believe I need and am trying to get it up and running.

I have configured it as follows:-

Code:

<mvc:annotation-driven/>
<!--TOKEN REQUEST -->
<security:http pattern="/oauth/token"   use-expressions="true" create-session="stateless"  entry-point-ref="clientAuthenticationEntryPoint"  authentication-manager-ref="clientAuthenticationManager">
        <security:intercept-url method="POST" pattern="/oauth/token" access="hasRole('USER')" />
        <security:anonymous enabled="false" />
        <security:http-basic entry-point-ref="clientAuthenticationEntryPoint" />
        <security:access-denied-handler ref="oauthAccessDeniedHandler" />
</security:http>
    
<security:authentication-manager id="clientAuthenticationManager">
        <security:authentication-provider user-service-ref="clientDetailsUserService" />
</security:authentication-manager>
    
<bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
        <constructor-arg ref="clientDetails" />
</bean>
    
<!-- Defines just the single password grant type client -->
<oauth:client-details-service id="clientDetails">
        <oauth:client client-id="webservice-client" authorized-grant-types="password" authorities="USER" scope="read,write,trust" access-token-validity="60" />
</oauth:client-details-service>
   
<bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
    
<bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
        <property name="authenticationManager" ref="clientAuthenticationManager" />
</bean>
    
<!-- === OAUTH RESOURCE PROTECTION ==== -->
<security:http pattern="/photos/*" create-session="stateless" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint">
        <security:anonymous enabled="false" />
        <security:intercept-url pattern="/photos/*" access="hasRole('USER')" />
        <security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
        <security:access-denied-handler ref="oauthAccessDeniedHandler" />
        <!-- <security:expression-handler ref="oauthWebExpressionHandler" /> -->
</security:http>
    
<bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
        <property name="realmName" value="Webservice_API" />
</bean>
   
<bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore" />
<bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
        <property name="tokenStore" ref="tokenStore" />
        <property name="supportRefreshToken" value="true" />
        <property name="clientDetailsService" ref="clientDetails" />
</bean>
    
<oauth:resource-server id="resourceServerFilter" resource-id="Webservice_API" token-services-ref="tokenServices" />
<oauth:web-expression-handler id="oauthWebExpressionHandler" />
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
        <constructor-arg>
            <list>
                <bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
                <bean class="org.springframework.security.access.vote.RoleVoter" />
                <bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
            </list>
        </constructor-arg>
</bean>
    
<oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices">
        <oauth:refresh-token />
        <oauth:password />
</oauth:authorization-server>
   	 
<security:authentication-manager>
	   <security:authentication-provider user-service-ref="securityServiceUserDetailsService"/>
</security:authentication-manager>

I am using OAuth2Template to send the access token request from client, in the following way:-

Code:

ResourceOwnerPasswordResourceDetails resource = new ResourceOwnerPasswordResourceDetails();
resource.setAccessTokenUri("http://localhost:8080/myapp/oauth/token");
resource.setClientId("webservice-client");
resource.setUsername("testuser");
resource.setPassword("testpwd");
resource.setScope(Arrays.asList("trust"));
OAuth2RestTemplate restTemplate = new OAuth2RestTemplate(resource);
try{		 
     OAuth2AccessToken token = restTemplate.getAccessToken();
     System.out.println("Token value ->"+token.getValue());
     System.out.println("Token type ->"+token.getTokenType());
     System.out.println("refresh token -- > " + token.getRefreshToken().getValue());
}
catch (Exception e){
    e.printStackTrace();
}

But all access token requests fail with a 404. The error reported is:

Code:

WARNING: No mapping found for HTTP request with URI [/myapp/oauth/token] in DispatcherServlet with name 'myapp'
Feb 18, 2013 5:51:26 PM org.springframework.web.client.RestTemplate handleResponseError
WARNING: POST request for "http://localhost:8080/myapp/oauth/token" resulted in 404 (Not Found); invoking error handler
error="access_denied", error_description="Error requesting access token."

I'm confused as to whats going on. I wouldve thought the spring security framework would have automatically registered the handler mapping for /oauth/token by inspecting the <http/> element. I can invoke the urls http://localhost:8080/myapp/photos/* without getting 404. I have looked again and again at the sparklr config but cant see what ive missed nor work out whats wrong.

Please help

[Dave Syer]

I wouldve thought the spring security framework would have automatically registered the handler mapping for /oauth/token by inspecting the <http/> element(

No, but the <oauth:authorization-server/> does play that role. You only need to make sure that this config file is instantiated (or injected into) by a DispatcherServlet mapped to the pattern "/". Since you haven't shared that level of detail we can't tell if that's what is happening, but I'm guessing maybe not. The sparklr sample is a good template (as usual).

[samuel_coutinho]

This is my web.xml

<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFil terProxy</filter-class>
<init-param>
<param-name>contextAttribute</param-name>
<param-value>org.springframework.web.servlet.FrameworkSer vlet.CONTEXT.spring</param-value>
</init-param>
</filter>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherSe rvlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>

Like i said, the context is being loaded as I can invoke the urls http://localhost:8080/myapp/photos/* without getting 404, however http://localhost:8080/myapp/oauth/token provides the error as mentioned above.

[Dave Syer]

I can't see anything obviously wrong with the configuration. But the log file in the first post is inconsistent with the web.xml in the second (servlet name "myapp" vs. "spring"), so I don't know but that might help you track it down. If you switch on DEBUG logging for org.springframework.web you should see the @RequestMappings being logged at startup so you can verify that /oauth/token is mapped (or not).