I'm trying to apply oauth2 security for rest api using Spring security OAuth2 but TokenEndpoint is not invoked after BASIC_AUTH_FILTER when getting access token.
1. With below config, the ProductHandlerMapping will capture and NPE happens in getHandlerInternal() method.
Code: Select all
<http pattern="/oauth/token" create-session="stateless"
authentication-manager-ref="clientAuthenticationManager"
xmlns="http://www.springframework.org/schema/security">
<anonymous enabled="false"/>
<http-basic entry-point-ref="clientAuthenticationEntryPoint"/>
<custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER"/>
<access-denied-handler ref="oauthAccessDeniedHandler"/>
</http>
2. And with below config, /api/v1/oauth/token IS NOT FOUND.
Code: Select all
<http pattern="/api/v1/oauth/token" create-session="stateless"
authentication-manager-ref="clientAuthenticationManager"
xmlns="http://www.springframework.org/schema/security">
<anonymous enabled="false"/>
<http-basic entry-point-ref="clientAuthenticationEntryPoint"/>
<custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER"/>
<access-denied-handler ref="oauthAccessDeniedHandler"/>
</http>
<oauth:authorization-server
client-details-service-ref="client-details-service"
token-services-ref="tokenServices"
token-endpoint-url="/api/v1/oauth/token">
<oauth:refresh-token/>
<oauth:password/>
</oauth:authorization-server>
Could you please help if you experienced it?
Thanks much,
Rukawa