Spring security OAuth2 for rest api
Posted: Thu Jun 25, 2015 2:13 am
Hi all,
I'm trying to apply oauth2 security for rest api using Spring security OAuth2 but TokenEndpoint is not invoked after BASIC_AUTH_FILTER when getting access token.
1. With below config, the ProductHandlerMapping will capture and NPE happens in getHandlerInternal() method.
2. And with below config, /api/v1/oauth/token IS NOT FOUND.
Could you please help if you experienced it?
Thanks much,
Rukawa
I'm trying to apply oauth2 security for rest api using Spring security OAuth2 but TokenEndpoint is not invoked after BASIC_AUTH_FILTER when getting access token.
1. With below config, the ProductHandlerMapping will capture and NPE happens in getHandlerInternal() method.
Code: Select all
<http pattern="/oauth/token" create-session="stateless"
authentication-manager-ref="clientAuthenticationManager"
xmlns="http://www.springframework.org/schema/security">
<anonymous enabled="false"/>
<http-basic entry-point-ref="clientAuthenticationEntryPoint"/>
<custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER"/>
<access-denied-handler ref="oauthAccessDeniedHandler"/>
</http>
2. And with below config, /api/v1/oauth/token IS NOT FOUND.
Code: Select all
<http pattern="/api/v1/oauth/token" create-session="stateless"
authentication-manager-ref="clientAuthenticationManager"
xmlns="http://www.springframework.org/schema/security">
<anonymous enabled="false"/>
<http-basic entry-point-ref="clientAuthenticationEntryPoint"/>
<custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER"/>
<access-denied-handler ref="oauthAccessDeniedHandler"/>
</http>
<oauth:authorization-server
client-details-service-ref="client-details-service"
token-services-ref="tokenServices"
token-endpoint-url="/api/v1/oauth/token">
<oauth:refresh-token/>
<oauth:password/>
</oauth:authorization-server>
Could you please help if you experienced it?
Thanks much,
Rukawa