Ok, so, after updating to Spring Oauth2 2.0.6 - from 1.0.0.M6, my configuration stopped working. I had to make a few tweaks here and the (like, some classes that no longer exists and some that changed package).
The current configuration is the following one:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://ift.tt/1c8inpe"
xmlns:beans="http://ift.tt/GArMu6"
xmlns:oauth="http://ift.tt/1bBHntb"
xmlns:xsi="http://ift.tt/ra1lAU"
xsi:schemaLocation="http://ift.tt/GArMu6 http://ift.tt/1CZCNBy
http://ift.tt/1c8inpe http://ift.tt/1epvZ6L
http://ift.tt/1bBHntb http://ift.tt/1ulwTFM">
<global-method-security pre-post-annotations="enabled" />
<http pattern="/favicon.ico" security="none" />
<http pattern="/login/**" security="none" />
<http pattern="/css/**" security="none" />
<http pattern="/js/**" security="none" />
<http pattern="/img/**" security="none" />
<http pattern="/mockdata/**" security="none" />
<http pattern="/p/api/**" security="none" />
<http pattern="/p/public/**" entry-point-ref="oauthAuthenticationEntryPoint" authentication-manager-ref="clientAuthenticationManager">
<intercept-url pattern="/p/public/**" access="ROLE_OAUTH_CLIENT" />
<custom-filter ref="resourceServerFilter" before="EXCEPTION_TRANSLATION_FILTER" />
</http>
<http pattern="/public/**" entry-point-ref="oauthAuthenticationEntryPoint" authentication-manager-ref="clientAuthenticationManager">
<intercept-url pattern="/public/**" access="ROLE_OAUTH_CLIENT" />
<custom-filter ref="resourceServerFilter" before="EXCEPTION_TRANSLATION_FILTER" />
</http>
<http pattern="/p/oauth/token" create-session="never" authentication-manager-ref="clientAuthenticationManager">
<intercept-url pattern="/p/oauth/token" access="ROLE_OAUTH_CLIENT" />
<anonymous enabled="false" />
<http-basic />
<custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
<http access-decision-manager-ref="accessDecisionManager">
<intercept-url pattern="/p/tasks/comment" access="ROLE_ACTIVE,ROLE_OAUTH_CLIENT" />
<intercept-url pattern="/**" access="ROLE_ACTIVE"/>
<!-- ATTENTION TO THIS LINE - If commented out the login works -->
<custom-filter ref="resourceServerFilter" before="EXCEPTION_TRANSLATION_FILTER" />
<access-denied-handler error-page="/login/" />
<form-login login-page="/login/" default-target-url="/" authentication-failure-url="/login/?error=1" />
<http-basic/>
<logout logout-url="/logout" logout-success-url="/" />
<remember-me user-service-ref="userDetailsServiceImpl" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="userDetailsServiceImpl">
<password-encoder hash="md5"/>
</authentication-provider>
</authentication-manager>
<beans:bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<beans:property name="realmName" value="on-tasks2" />
</beans:bean>
<beans:bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
<beans:bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
<beans:property name="authenticationManager" ref="clientAuthenticationManager" />
</beans:bean>
<beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
<beans:constructor-arg>
<beans:list>
<beans:bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
<beans:bean class="org.springframework.security.access.vote.RoleVoter">
<beans:property name="rolePrefix" value="" />
</beans:bean>
<beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
</beans:list>
</beans:constructor-arg>
</beans:bean>
<authentication-manager id="clientAuthenticationManager">
<authentication-provider user-service-ref="clientDetailsUserDetailsService" />
</authentication-manager>
<beans:bean id="clientDetailsUserDetailsService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
<beans:constructor-arg ref="clientDetails" />
</beans:bean>
<beans:bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
<beans:property name="tokenStore" ref="tokenStore" />
<beans:property name="supportRefreshToken" value="false" />
<beans:property name="clientDetailsService" ref="clientDetails" />
</beans:bean>
<beans:bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.JdbcTokenStore">
<beans:constructor-arg ref="dataSource" />
</beans:bean>
<oauth:authorization-server
client-details-service-ref="clientDetails"
token-services-ref="tokenServices"
authorization-endpoint-url="/p/oauth/authorize"
token-endpoint-url="/p/oauth/token"
user-approval-page="access_confirmation">
<oauth:authorization-code />
<oauth:implicit />
<oauth:refresh-token />
<oauth:client-credentials />
<oauth:password />
</oauth:authorization-server>
<oauth:resource-server id="resourceServerFilter" resource-id="on-tasks" token-services-ref="tokenServices" />
<beans:bean id="clientDetails" class="org.springframework.security.oauth2.provider.client.JdbcClientDetailsService">
<beans:constructor-arg ref="dataSource" />
</beans:bean>
</beans:beans>
With this configuration as-is, whenever I try to login, it redirects to the login page with a 302 code on /j_spring_security_check. If I comment that line (custom-filter ref="resourceServerFilter" before="EXCEPTION_TRANSLATION_FILTER") out, the login works.
Also, now, if I try to access localhost:8080/p/oauth/token?client_id=the-client-ids&client_secret=someMockedSecret&grant_type=client_credentials&scope=comment I get a 404, whereas before it used to create the access token.
The lines that were changed with the update are the following:
- <beans:bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.MediaTypeAwareAuthenticationEntryPoint">
+ <beans:bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
- <beans:bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.MediaTypeAwareAccessDeniedHandler" />
+ <beans:bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
- <beans:bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.filter.ClientCredentialsTokenEndpointFilter">
+ <beans:bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
- <beans:bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.RandomValueTokenServices">
+ <beans:bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
- <beans:bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.JdbcTokenStore">
+ <beans:bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.JdbcTokenStore">
- <beans:bean id="clientDetails" class="org.springframework.security.oauth2.provider.JdbcClientDetailsService">
+ <beans:bean id="clientDetails" class="org.springframework.security.oauth2.provider.client.JdbcClientDetailsService">
Any suggestions? I've tried a few different configurations that I found here in StackOverflow but none of them worked for me.
Thanks in any advance.
-glauber
Aucun commentaire:
Enregistrer un commentaire