java - SSO using spring-security-oauth2 : Authentication Code never read -

-


java - SSO using spring-security-oauth2 : Authentication Code never read -

using :

spring-security 3.2.5 spring-security-oauth 2.0.7

i have working oauth2 provider built spring-security-oauth (oauth2).

i have client configured in utilize authorization_code grant type.

the provider works : testing curl, can authorization code , exchange access token. on service provider part, fine.

now i'm trying implements client application, spring-security-oauth. i'm using xml configuration, based on illustration here, using own provider (mentionned above) instead of google.

when create phone call protected resource on client, oauth2clientauthenticationprocessingfilter tries obtain access token, redirect service provider. 1 forcefulness user log in, expected, , redirect him configured redirect_uri (the redirect uri 1 configured oauth2clientauthenticationprocessingfilter : http://myclient/context/external/login). problem : the client never read authorization code in request returned service provider. oauth2clientauthenticationprocessingfilter restarts flow, asking authorization code.

i've been able create work modifying oauth2clientauthenticationprocessingfilter read request , set authorization code in accesstokenrequest. here snippet :

oauth2accesstoken accesstoken; seek { string code = request.getparameter("code"); if(code != null) { resttemplate.getoauth2clientcontext().getaccesstokenrequest().setauthorizationcode(code); } accesstoken = resttemplate.getaccesstoken(); ...

before trying this, tried create "call hierarchy" on method org.springframework.security.oauth2.client.token.accesstokenrequest.setauthorizationcode(), find in code spring phone call method, returned nothing.

is bug ? not have replace oauth2clientauthenticationprocessingfilter own.

does made work ( in version or another) ?

update

it's setauthorizationcode() method never called (error in initial question). digged little more , realized not problem.

i can assert oauth2clientcontextfilter called before oauth2clientauthenticationprocessingfilter (i checked debugger).

what found, don't know if normal :

the default constructor of defaultaccesstokenrequest called 1 time : @ application startup. other constructor (the 1 taking parameter's map), never called. since i've seen in resttemplatebeandefinitionparser access token request scoped 'request', expect constructor taking parameter's map called on each new http request client application. in resttemplatebeandefinitionparser :

beandefinitionbuilder request = beandefinitionbuilder.genericbeandefinition(defaultaccesstokenrequest.class); request.setscope("request"); request.setrole(beandefinition.role_infrastructure); request.addconstructorargvalue("#{request.parametermap}"); request.addpropertyvalue("currenturi", "#{request.getattribute('currenturi')}");

that can explain problem authorization code never read request. hack mentionned in initial question pushed problem. csrf protection errors because accesstokenrequest remembers statekey when presume not need anymore 1 time access token.

again, maybe misunderstand hole think, sense free tell me :)

i did not post configuration because it's pretty same that 1 here.

you need oauth2clientcontextfilter , needs fire before authentication processing filter (it stuff have in custom filter). can't tell code posted if have 1 , isn't firing or don't have one.

java spring-security spring-security-oauth2

Comments

Post a Comment

Popular posts from this blog

java - How to set log4j.defaultInitOverride property to false in jboss server 6 -

-
java - How to set log4j.defaultInitOverride property to false in jboss server 6 - how set log4j property false in jboss. not using log4j in application still property has set true. the reason, why trying set property false is, suspecting property overrides java.util.logging.logger configuration provided application. might because of this, log file not getting generated. boot.log infomation below: 02:46:10,495 debug [serverinfo] log4j.defaultinitoverride: true 02:46:10,496 debug [serverinfo] org.jboss.deployers.spi.deployer.matchers.nameignoremechanism: org.jboss.deployers.spi.deployer.helpers.dummynameignoremechanism 02:46:10,496 debug [serverinfo] org.jboss.logging.logger.pluginclass: org.jboss.logging.logmanager.loggerpluginimpl i have found in boot.log in jboss. in 1 of blog, developers told me that, log4j.defaultinitoverride property should set false avoid override of java.util.logging.logger. comment same if wrong. java logging jboss log4j
Read more

c - GStreamer 1.0 1.4.5 RTSP Example Server sends 503 Service unavailable -

-
c - GStreamer 1.0 1.4.5 RTSP Example Server sends 503 Service unavailable - i'm trying create rtsp server based on gstreamer 1.0 1.4.5 plugin. source code of illustration taken here. with_tls , with_auth flags not enabled. i'm compiling using visual studio 2013 community edition. project building , running successfully. when i'm trying play video using vlc on address rtsp://127.0.0.1:8554/test says can't open mrl. recorded traffic (using rawcap) of communication between compiled server , vlc player following: request: options rtsp://127.0.0.1:8554/test rtsp/1.0 cseq: 2 user-agent: libvlc/2.2.0 (live555 streaming media v2014.07.25) response: rtsp/1.0 200 ok cseq: 2 public: options, describe, get_parameter, pause, play, setup, set_parameter, teardown server: gstreamer rtsp server date: thu, 09 apr 2015 03:35:30 gmt request: describe rtsp://127.0.0.1:8554/test rtsp/1.0 cseq: 3 user-agent: libvlc/2.2.0 (live555 streaming media v2014.07.25) accept: applicat...
Read more

Using ajax with sonata admin list view pagination -

-
Using ajax with sonata admin list view pagination - i'm using sonata admin in project. in list view sonata refresh page when clik sec list pagination. that's default behavior of sonata.is there way utilize ajax phone call list view pagination !!! same question when using sortable list view. thanks. this possible, have overwrite of basic functionality of sonata admin bundle. tested symfony 2.6.6 sonata admin-bundle dev-master (4f23e1a30e49681bf8ebdbbae549848784be7699) 1. edit bundles services.yml you have implement own crudcontroller , new list template. tell in services.yml sonata.admin.youradmin: class: your\bundle\admin\youradmin tags: - { name: sonata.admin, manager_type: orm, group: "groupname", label: "grouplabel" } arguments: - ~ - your\bundle\entity\entityclass - yourbundle:yournewcrud # <- add together crud class here calls: ...
Read more