authentication - Unable to get the access token in Spring Oauth2 password grant -
i trying integrate oauth2 spring securing restful services in application. the issue facing pass valid client id resfresh/access token, application redirects url 404 response instead of returning access token without considering username, password parameters. url being used follows:
for url invalid client id (e.g. http://localhost:8080/oauthsample/oauth/token?grant_type=password&client_id=test&username=user&password=password) response returned
<oauth> <error_description>no client requested id: test</error_description> <error>unauthorized</error> </oauth> the security applicationcontext.xml follows:
<?xml version="1.0" encoding="utf-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:oauth="http://www.springframework.org/schema/security/oauth2" xmlns:security="http://www.springframework.org/schema/security" xmlns:context="http://www.springframework.org/schema/context" xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"> <context:annotation-config /> <!-- spring oauth implicit securty config start --> <!-- definition of authentication service --> <http pattern="/oauth/token" create-session="stateless" xmlns="http://www.springframework.org/schema/security" authentication-manager-ref="clientauthenticationmanager"> <intercept-url pattern="/oauth/token" access="is_authenticated_fully"/> <anonymous enabled="false"/> <http-basic entry-point-ref="clientauthenticationentrypoint"/> <!-- include if need authenticate clients via request parameters --> <custom-filter ref="clientcredentialstokenendpointfilter" after="basic_auth_filter"/> <access-denied-handler ref="oauthaccessdeniedhandler"/> </http> <!-- protected resources --> <http pattern="/services/**" create-session="never" entry-point-ref="oauthauthenticationentrypoint" access-decision-manager-ref="accessdecisionmanager" xmlns="http://www.springframework.org/schema/security"> <anonymous enabled="false"/> <intercept-url pattern="/services/**" access="role_user"/> <custom-filter ref="resourceserverfilter" before="pre_auth_filter"/> <access-denied-handler ref="oauthaccessdeniedhandler"/> </http> <bean id="oauthauthenticationentrypoint" class="org.springframework.security.oauth2.provider.error.oauth2authenticationentrypoint"> <property name="realmname" value="dstest"/> </bean> <bean id="clientauthenticationentrypoint" class="org.springframework.security.oauth2.provider.error.oauth2authenticationentrypoint"> <property name="realmname" value="dstest/client"/> <property name="typename" value="basic"/> </bean> <bean id="oauthaccessdeniedhandler" class="org.springframework.security.oauth2.provider.error.oauth2accessdeniedhandler"/> <bean id="clientcredentialstokenendpointfilter" class="org.springframework.security.oauth2.provider.client.clientcredentialstokenendpointfilter"> <property name="authenticationmanager" ref="clientauthenticationmanager"/> </bean> <bean id="accessdecisionmanager" class="org.springframework.security.access.vote.unanimousbased" xmlns="http://www.springframework.org/schema/beans"> <constructor-arg> <list> <bean class="org.springframework.security.oauth2.provider.vote.scopevoter"/> <bean class="org.springframework.security.access.vote.rolevoter"/> <bean class="org.springframework.security.access.vote.authenticatedvoter"/> </list> </constructor-arg> </bean> <!-- authentication in config file --> <authentication-manager id="clientauthenticationmanager" xmlns="http://www.springframework.org/schema/security"> <authentication-provider user-service-ref="clientdetailsuserservice"/> </authentication-manager> <authentication-manager alias="authenticationmanager" xmlns="http://www.springframework.org/schema/security"> <authentication-provider> <user-service id="userdetailsservice"> <user name="admin" password="password" authorities="role_user"/> </user-service> </authentication-provider> </authentication-manager> <bean id="clientdetailsuserservice" class="org.springframework.security.oauth2.provider.client.clientdetailsuserdetailsservice"> <constructor-arg ref="clientdetails"/> </bean> <!-- token store --> <bean id="tokenstore" class="org.springframework.security.oauth2.provider.token.inmemorytokenstore"/> <bean id="tokenservices" class="org.springframework.security.oauth2.provider.token.defaulttokenservices"> <property name="tokenstore" ref="tokenstore"/> <property name="supportrefreshtoken" value="true"/> <property name="clientdetailsservice" ref="clientdetails"/> <!-- <property name="accesstokenvalidityseconds" value="100"/> --> </bean> <bean id="userapprovalhandler" class="org.springframework.security.oauth2.provider.approval.tokenservicesuserapprovalhandler"> <property name="tokenservices" ref="tokenservices"/> </bean> <!-- token management --> <oauth:authorization-server client-details-service-ref="clientdetails" token-services-ref="tokenservices" user-approval-handler-ref="userapprovalhandler"> <oauth:authorization-code/> <oauth:implicit/> <oauth:refresh-token/> <oauth:client-credentials/> <oauth:password/> </oauth:authorization-server> <oauth:resource-server id="resourceserverfilter" resource-id="dstest" token-services-ref="tokenservices"/> <!-- client definition --> <oauth:client-details-service id="clientdetails"> <oauth:client client-id="testabc" authorized-grant-types="password,authorization_code,refresh_token,implicit,redirect" authorities="role_client, role_trusted_client" redirect-uri="/web" scope="read,write,trust" access-token-validity="30" refresh-token-validity="600"/> </oauth:client-details-service> <security:global-method-security pre-post-annotations="enabled" proxy-target-class="true"> <security:expression-handler ref="oauthexpressionhandler"/> </security:global-method-security> <oauth:expression-handler id="oauthexpressionhandler"/> <oauth:web-expression-handler id="oauthwebexpressionhandler"/> <!-- spring oauth implicit securty config end --> </beans> the eclipse console logs (if required) follows:
2015-05-11 17:47:40,315 [http-bio-8080-exec-6] debug (antpathrequestmatcher.java:103) Ð checking match of request : '/oauth/token'; against '/oauth/token' 2015-05-11 17:47:40,315 [http-bio-8080-exec-6] debug (filterchainproxy.java:318) Ð /oauth/token?grant_type=password&client_id=testabc&username=user&password=password @ position 1 of 6 in additional filter chain; firing filter: 'securitycontextpersistencefilter' 2015-05-11 17:47:40,315 [http-bio-8080-exec-6] debug (filterchainproxy.java:318) Ð /oauth/token?grant_type=password&client_id=testabc&username=user&password=password @ position 2 of 6 in additional filter chain; firing filter: 'basicauthenticationfilter' 2015-05-11 17:47:40,316 [http-bio-8080-exec-6] debug (filterchainproxy.java:318) Ð /oauth/token?grant_type=password&client_id=testabc&username=user&password=password @ position 3 of 6 in additional filter chain; firing filter: 'clientcredentialstokenendpointfilter' 2015-05-11 17:47:40,316 [http-bio-8080-exec-6] debug (abstractauthenticationprocessingfilter.java:188) Ð request process authentication 2015-05-11 17:47:40,316 [http-bio-8080-exec-6] debug (providermanager.java:152) Ð authentication attempt using org.springframework.security.authentication.dao.daoauthenticationprovider 2015-05-11 17:47:40,316 [http-bio-8080-exec-6] debug (abstractauthenticationprocessingfilter.java:311) Ð authentication success. updating securitycontextholder contain: org.springframework.security.authentication.usernamepasswordauthenticationtoken@a2dfd9fc: principal: org.springframework.security.core.userdetails.user@ab371290: username: testabc; password: [protected]; enabled: true; accountnonexpired: true; credentialsnonexpired: true; accountnonlocked: true; granted authorities: role_client,role_trusted_client; credentials: [protected]; authenticated: true; details: null; granted authorities: role_client, role_trusted_client 2015-05-11 17:47:40,316 [http-bio-8080-exec-6] debug (filterchainproxy.java:318) Ð /oauth/token?grant_type=password&client_id=testabc&username=user&password=password @ position 4 of 6 in additional filter chain; firing filter: 'securitycontextholderawarerequestfilter' 2015-05-11 17:47:40,316 [http-bio-8080-exec-6] debug (filterchainproxy.java:318) Ð /oauth/token?grant_type=password&client_id=testabc&username=user&password=password @ position 5 of 6 in additional filter chain; firing filter: 'exceptiontranslationfilter' 2015-05-11 17:47:40,316 [http-bio-8080-exec-6] debug (filterchainproxy.java:318) Ð /oauth/token?grant_type=password&client_id=testabc&username=user&password=password @ position 6 of 6 in additional filter chain; firing filter: 'filtersecurityinterceptor' 2015-05-11 17:47:40,316 [http-bio-8080-exec-6] debug (antpathrequestmatcher.java:103) Ð checking match of request : '/oauth/token'; against '/oauth/token' 2015-05-11 17:47:40,316 [http-bio-8080-exec-6] debug (abstractsecurityinterceptor.java:193) Ð secure object: filterinvocation: url: /oauth/token?grant_type=password&client_id=testabc&username=user&password=password; attributes: [is_authenticated_fully] 2015-05-11 17:47:40,316 [http-bio-8080-exec-6] debug (abstractsecurityinterceptor.java:298) Ð authenticated: org.springframework.security.authentication.usernamepasswordauthenticationtoken@a2dfd9fc: principal: org.springframework.security.core.userdetails.user@ab371290: username: testabc; password: [protected]; enabled: true; accountnonexpired: true; credentialsnonexpired: true; accountnonlocked: true; granted authorities: role_client,role_trusted_client; credentials: [protected]; authenticated: true; details: null; granted authorities: role_client, role_trusted_client 2015-05-11 17:47:40,316 [http-bio-8080-exec-6] debug (affirmativebased.java:65) Ð voter: org.springframework.security.access.vote.rolevoter@1838b82, returned: 0 2015-05-11 17:47:40,316 [http-bio-8080-exec-6] debug (affirmativebased.java:65) Ð voter: org.springframework.security.access.vote.authenticatedvoter@13c2982, returned: 1 2015-05-11 17:47:40,317 [http-bio-8080-exec-6] debug (abstractsecurityinterceptor.java:214) Ð authorization successful 2015-05-11 17:47:40,317 [http-bio-8080-exec-6] debug (abstractsecurityinterceptor.java:226) Ð runasmanager did not change authentication object 2015-05-11 17:47:40,317 [http-bio-8080-exec-6] debug (filterchainproxy.java:304) Ð /oauth/token?grant_type=password&client_id=testabc&username=user&password=password reached end of additional filter chain; proceeding original chain 2015-05-11 17:47:40,318 [http-bio-8080-exec-6] debug (exceptiontranslationfilter.java:115) Ð chain processed 2015-05-11 17:47:40,318 [http-bio-8080-exec-6] debug (securitycontextpersistencefilter.java:97) Ð securitycontextholder cleared, request processing completed the environment using follows:
1. spring 3.1.0 release 2. oauth2 1.0.5 release 3. eclipse luna 4. maven 5. apache tomcat 7.0.61 are there changes requried respect enabling user based authentication after client authenticated ?
got working...the error in web.xml servlet mapping url pattern pointing /services/* . instead should have been below:
<servlet-mapping> <servlet-name>services</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> running issue now.. :( .. dispatcher servlet processing requests static content (index.html)
did not find handler method [/index.html] any pointers resolve same appreciated.
Comments
Post a Comment