java


Configuring resource server with RemoteTokenServices in Spring Security Oauth2


I'm trying to implement a authorization server and a resource server using spring security oauth2. So far i've managed to setup the authorization server and since i dont want to share a jdbc token store i'm trying to use the remoteTokenService to validate my tokens # resource server. But i'm getting a 401 error every time i try to access a resource REST method.
I'm using xml configuration to setup spring security due to the nature of the project. I've tried with a another sample project using Javaconfig and its working fine.
Here are my configuration in the resource server.
web.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0" metadata-complete="true">
<display-name>rest-project</display-name>
<description>rest project Implementation</description>
<!--
- Location of the XML file that defines the root application context.
- Applied by ContextLoaderListener.
-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/*.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!--
- Servlet that dispatches request to registered handlers (Controller implementations).
-->
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/mvc-core-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
here is my security-config.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:oauth2="http://www.springframework.org/schema/security/oauth2"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd">
<http pattern="/cards/**" use-expressions="true" create-session="never" entry-point-ref="oauthAuthenticationEntryPoint">
<anonymous enabled="false"/>
<intercept-url pattern="/cards/**" access="isAuthenticated()" requires-channel="https"/>
<access-denied-handler ref="oauthAccessDeniedHandler"/>
</http>
<oauth2:resource-server id="resourceServerFilter" resource-id="connector-bus" token-services-ref="tokenServices"/>
<beans:bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.RemoteTokenServices">
<beans:property name="checkTokenEndpointUrl" value="https://localhost:8443/auth-server/api/oauth/check_token"/>
<beans:property name="clientId" value="123456" />
<beans:property name="clientSecret" value="456"/>
</beans:bean>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
<beans:bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint"/>
<beans:bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
</beans:beans>
Please point out what i'm missing here.
Thanks in advance.
For some reason i couldn't get the xml configuration working to validate access tokens remotely. But I was able to setup oauth2 resource server using java config and it fixed the issue. Please find the code below.
#Configuration
#EnableWebSecurity
#EnableResourceServer
public class Oauth2ResesourceServerConfiguration extends ResourceServerConfigurerAdapter{
#Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers(HttpMethod.GET,"/api/**").access("#oauth2.hasScope('read')");
}
#Primary
#Bean
public RemoteTokenServices tokenService() {
RemoteTokenServices tokenService = new RemoteTokenServices();
tokenService.setCheckTokenEndpointUrl(
"https://localhost:8443/auth-server/oauth/check_token");
tokenService.setClientId("client-id");
tokenService.setClientSecret("client-secret");
return tokenService;
}
}

Related Links

How to parse unconventional XML files
Weird Issue reading to a TreeSet
Compare two dates in Java, without compareTo
XSSFSheet (Apache POI) sorting and filtering
OpenShift - behaviour of gears
List View Adapter with url image
How to communicate return value and validation errors to the caller of a method?
Extract JSON Value
How to get annotation from method through reflection
How to get something from an array JOptionPane and use it for calculation
Android: java.lang.NullPointerException error
Looking for help in Java Code Architecture [closed]
Android: httppost Illegal character in query at index
Custom JButton with JTextArea component inside
Setting marshalTo in MarshallingMessageConverter in XML configuration getting Invalid property 'marshalTo'
Combine a list of line segments into polygons

Categories

HOME
compiler-construction
asp.net-core
oracle11g
path-finding
plone
session
webstorm
rsyslog
yarn
rdf
ip
icloud
cross-validation
applepay
handsontable
static-libraries
leiningen
clojurescript
foselasticabundle
after-effects
apache-metamodel
visual-composer
immutable.js
visjs
restful-authentication
android-widget
shopware
chromebook
linkerd
maquette
instant-messaging
nameservers
ecto
avcapturesession
subset-sum
android-kernel
language-concepts
space-complexity
streamsets
unspecified
uft-api
angularjs-factory
opshub
dism
email-templates
estimote
s
avconv
osx-mavericks
promela
powercli
carrot
kbuild
nsarray
cudafy.net
time-and-attendance
savon
skobbler-maps
qpid
holder.js
hover-over
oauth2client
revolution-r
system.management
energy
teamcity-8.0
jmeter-maven-plugin
purge
libressl
dukescript
deis
appfabric-cache
p2
website-monitoring
typekit
gadt
android-nested-fragment
websocket4net
castle
phpthumb
kgdb
jsctypes
dotnetnuke-5
easy-install
django-nonrel
ember-app-kit
factory-method
google-email-migration
dice
multipage
armcc
uiviewanimation-curve
gnustep
django-tagging
servicehost
self-extracting
gdlib
vc90
bespin
fixed-width
firefox4
putchar
ugc
multiple-languages

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App