java - spring security oauth2 (2.0.8) getting Invalid access token used InMemory tokenstore -


trying implement spring security oauth2 in application.

i able access token , refresh token using :

http://localhost:8080/xapp/oauth/token?username=user1&password=password&grant_type=password&client_id=xapp&client_secret=xapp

{ "access_token": "798c7e71-983b-4137-a0cb-ceae4e9b4190" "token_type": "bearer" "refresh_token": "0752b8ff-5086-4457-918d-54376c7a2bec" "expires_in": 299 "scope": "read trust write" }

when i'm trying access protected resource using below url

http://localhost:8080/xapp/data/product/api/index/?access_token=798c7e71-983b-4137-a0cb-ceae4e9b4190

i getting:

{ "error": "invalid_token" "error_description": "invalid access token: db48214c-04d7-4d6b-aa34-6d16c9c2a438" }

applicationcontext-security.xml :

 <?xml version="1.0" encoding="utf-8"?>     <beans:beans      xmlns="http://www.springframework.org/schema/security"      xmlns:beans="http://www.springframework.org/schema/beans"     xmlns:oauth="http://www.springframework.org/schema/security/oauth2"     xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"     xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd                         http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd">        <http pattern="/login*" security="none" />         <http pattern="/*.html" security="none" />       <http pattern="/*.pdf" security="none" />       <http pattern="/*.xls" security="none" />       <http pattern="/cache-viewer.jnlp" security="none" />       <!-- /old documentation urls -->        <!-- servlets -->       <http pattern="/index" security="none" />     <http pattern="/servletredirector" security="none" />      <!-- tells spring security url should protected          , roles have access them -->     <http pattern="/data/**" entry-point-ref="oauthauthenticationentrypoint"         create-session="never" xmlns="http://www.springframework.org/schema/security"         use-expressions="true">         <anonymous enabled="false" />                <access-denied-handler ref="oauthaccessdeniedhandler" />         <custom-filter ref="resourceserverfilter" before="pre_auth_filter" />     </http>       <http pattern="/oauth/token" create-session="stateless"         use-expressions="true">         <!--  authentication-manager-ref="clientauthenticationmanager"  -->         <intercept-url pattern="/oauth/token" access="hasrole('administrator')" />         <anonymous enabled="false" />         <custom-filter ref="clientcredentialstokenendpointfilter"             after="basic_auth_filter" />         <access-denied-handler ref="oauthaccessdeniedhandler" />         <http-basic entry-point-ref="clientauthenticationentrypoint" />         </http>       <http use-expressions="true" disable-url-rewriting="true" entry-point-ref="authenticationchooser">       <!-- /servlets -->       <intercept-url pattern="/**" access="isauthenticated()" />       <intercept-url pattern="/" access="isauthenticated()" />       <form-login login-page="/login" authentication-failure-url="/login?login_error=1" authentication-success-handler-ref="authsuccesshandler"/>       <logout logout-url="/logout" logout-success-url="/login" />       <remember-me key="xappwebclient" services-ref="remembermeservices" />       <custom-filter ref="jbosssecurityfilter" after="remember_me_filter" />       </http>      <beans:bean id="oauthauthenticationentrypoint"         class="org.springframework.security.oauth2.provider.error.oauth2authenticationentrypoint">         <beans:property name="realmname" value="xapp" />     </beans:bean>      <beans:bean id="clientauthenticationentrypoint"         class="org.springframework.security.oauth2.provider.error.oauth2authenticationentrypoint">         <beans:property name="realmname" value="xapp" />         <beans:property name="typename" value="basic" />     </beans:bean>      <beans:bean id="oauthaccessdeniedhandler"         class="org.springframework.security.oauth2.provider.error.oauth2accessdeniedhandler" />      <beans:bean id="clientcredentialstokenendpointfilter"         class="org.springframework.security.oauth2.provider.client.clientcredentialstokenendpointfilter">         <beans:property name="authenticationmanager" ref="clientauthenticationmanager" />     </beans:bean>          <beans:bean id="accessdecisionmanager" class="org.springframework.security.access.vote.unanimousbased"           xmlns="http://www.springframework.org/schema/beans">         <beans:constructor-arg>             <beans:list>                 <beans:bean class="org.springframework.security.oauth2.provider.vote.scopevoter"/>                 <beans:bean class="org.springframework.security.access.vote.rolevoter"/>                 <beans:bean class="org.springframework.security.access.vote.authenticatedvoter"/>             </beans:list>         </beans:constructor-arg>     </beans:bean>      <authentication-manager id="clientauthenticationmanager"         xmlns="http://www.springframework.org/schema/security">         <authentication-provider user-service-ref="clientdetailsuserservice" />     </authentication-manager>      <beans:bean id="clientdetailsuserservice"         class="org.springframework.security.oauth2.provider.client.clientdetailsuserdetailsservice">         <beans:constructor-arg ref="clientdetails" />     </beans:bean>      <!-- defined token store, have used inmemory tokenstore          can changed user defined 1 -->     <beans:bean id="tokenstore"         class="org.springframework.security.oauth2.provider.token.store.inmemorytokenstore" />      <!-- defined token based configurations, token validity          , other things -->       <beans:bean id="tokenservices"         class="org.springframework.security.oauth2.provider.token.defaulttokenservices">         <beans:property name="tokenstore" ref="tokenstore" />         <beans:property name="supportrefreshtoken" value="true" />         <beans:property name="accesstokenvalidityseconds" value="300000"/>         <beans:property name="clientdetailsservice" ref="clientdetails" />     </beans:bean>      <beans:bean id="userapprovalhandler"         class="org.springframework.security.oauth2.provider.approval.tokenstoreuserapprovalhandler">         <beans:property name="tokenstore" ref="tokenstore" />         <beans:property name="requestfactory" ref="oauth2requestfactory" />     </beans:bean>      <beans:bean id="oauth2requestfactory"         class="org.springframework.security.oauth2.provider.request.defaultoauth2requestfactory">         <beans:constructor-arg ref="clientdetails" />     </beans:bean>      <beans:bean id="approvalstore" class="org.springframework.security.oauth2.provider.approval.tokenapprovalstore">         <beans:property name="tokenstore" ref="tokenstore"/>     </beans:bean>         <!-- oauth2 authorization server -->     <oauth:authorization-server client-details-service-ref="clientdetails"                                 token-services-ref="tokenservices"                                 user-approval-handler-ref="userapprovalhandler">         <oauth:authorization-code/>         <oauth:implicit/>         <oauth:refresh-token/>         <oauth:client-credentials/>         <oauth:password authentication-manager-ref="authenticationmanager"/>     </oauth:authorization-server>      <oauth:resource-server id="resourceserverfilter"         resource-id="xapp" token-services-ref="tokenservices" />      <oauth:client-details-service id="clientdetails">         <!-- client -->              <oauth:client client-id="xapp"             authorized-grant-types="password,authorization_code,refresh_token,implicit"             secret="xapp" scope="read,write,trust" authorities="administrator" access-token-validity="300" refresh-token-validity="600"/>      </oauth:client-details-service>     <authentication-manager alias="authenticationmanager">       <authentication-provider ref="jaasauthenticationprovider"/>    </authentication-manager>     <beans:bean id="remembermeservices"       class="com.xapp.xapp.web.authentication.rememberme.remembermeservices">       <beans:property name="userdetailsservice" ref="userdetailsservice" />       <beans:property name="key" value="xappwebclient" />    </beans:bean>     <beans:bean id="jaasnamecallbackhandler"        class="com.xapp.xapp.web.authentication.xappnamecallbackhandler">       <beans:property name="userdetailsservice" ref="userdetailsservice" />       <beans:property name="callbackhandler">          <beans:bean class="org.springframework.security.authentication.jaas.jaasnamecallbackhandler"/>       </beans:property>    </beans:bean>     <beans:bean id="jaasauthenticationprovider"        class="org.springframework.security.authentication.jaas.jaasauthenticationprovider">       <beans:property name="refreshconfigurationonstartup" value="false"/>        <beans:property name="loginconfig" value="/web-inf/login.conf" />       <beans:property name="logincontextname" value="xapp" />       <beans:property name="callbackhandlers">          <beans:list>             <beans:ref bean="jaasnamecallbackhandler" />             <beans:bean class="org.springframework.security.authentication.jaas.jaaspasswordcallbackhandler" />          </beans:list>       </beans:property>       <beans:property name="authoritygranters">          <beans:list>             <beans:bean class="com.xapp.xapp.web.authentication.xappauthoritygranter" />          </beans:list>       </beans:property>    </beans:bean>     <beans:bean id="userdetailsservice" class="com.xapp.xapp.web.authentication.xappuserdetailsservice">    </beans:bean>     <beans:bean id="jbosssecurityfilter" class="com.xapp.xapp.web.authentication.jbosssecurityfilter">       <beans:property name="clientlogindomain" value="client-login" />       <beans:property name="callbackhandler">          <beans:bean class="com.xapp.xapp.web.authentication.securitycontextholderawarecallbackhandler" />       </beans:property>    </beans:bean>     <beans:bean id="authsuccesshandler"       class="org.springframework.security.web.authentication.savedrequestawareauthenticationsuccesshandler">       <beans:property name="redirectstrategy" ref="xappredirectstrategy"></beans:property>    </beans:bean>     <beans:bean id="xappredirectstrategy"       class="com.xapp.xapp.web.authentication.xappredirectstrategy">    </beans:bean>     <beans:bean id="formauthenticationentrypoint" class="org.springframework.security.web.authentication.loginurlauthenticationentrypoint">       <beans:property name="loginformurl" value="/login" />    </beans:bean>     <beans:bean id="authenticationchooser" class="org.springframework.security.web.authentication.delegatingauthenticationentrypoint">       <beans:constructor-arg>          <beans:map>              <beans:entry key="#{new com.xapp.xapp.web.authentication.datarequestmatcher()}" value-ref="oauthauthenticationentrypoint" />          </beans:map>       </beans:constructor-arg>       <beans:property name="defaultentrypoint" ref="formauthenticationentrypoint" />    </beans:bean> </beans:beans>

controller class path :

@controller @requestmapping("/data/product") public final class appcontroller extends abstractdatacontroller {  @requestmapping(value = "/index", method = requestmethod.get) @responsebody public list<data> getproducts() throws serverexception  {   final list<datato> datatos = productlogic.finddatatosforcurrentuser();   collections.sort(datatos, hasname.comparator);   return listconverter.convert(datatos, fromdatato);  } }

stack trace on debugging second request accesstokenstore not stored access token empty :

2016-02-02 11:11:16,268 debug [org.springframework.security.web.context.httpsessionsecuritycontextrepository] (default task-3) httpsession returned null object spring_security_context 2016-02-02 11:11:16,269 debug [org.springframework.security.web.context.httpsessionsecuritycontextrepository] (default task-3) no securitycontext available httpsession: io.undertow.servlet.spec.httpsessionimpl@4439d585. new 1 created. 2016-02-02 11:11:16,315 debug [org.springframework.security.web.filterchainproxy] (default task-3) /data/product/index @ position 2 of 10 in additional filter chain; firing filter: 'webasyncmanagerintegrationfilter' 2016-02-02 11:11:16,315 debug [org.springframework.security.web.filterchainproxy] (default task-3) /data/product/index @ position 3 of 10 in additional filter chain; firing filter: 'oauth2authenticationprocessingfilter' 2016-02-02 11:11:16,315 debug [org.springframework.security.oauth2.provider.authentication.oauth2authenticationprocessingfilter] (default task-3) entering filter>>>>>>>>>>>>>>>>>>>> 2016-02-02 11:11:16,316 debug [org.springframework.security.oauth2.provider.authentication.oauth2authenticationprocessingfilter] (default task-3) !!!!!!!!!!request>>>>>>>>> org.springframework.security.web.context.httpsessionsecuritycontextrepository$servlet3savetosessionrequestwrapper@590ca42d 2016-02-02 11:11:16,317 debug [org.springframework.security.oauth2.provider.authentication.oauth2authenticationprocessingfilter] (default task-3) !!!!!!!!!!authentication>>>>>>>>> org.springframework.security.web.authentication.preauth.preauthenticatedauthenticationtoken@763c08a: principal: 34a81f49-528d-4087-b192-414b6e2224b6; credentials: [protected]; authenticated: false; details: remoteaddress=127.0.0.1, sessionid=<session>, tokentype=bearertokenvalue=<token>; not granted authorities 2016-02-02 11:11:16,317 debug [org.springframework.security.oauth2.provider.authentication.oauth2authenticationmanager] (default task-3) >>>call authenticate>>>> token 34a81f49-528d-4087-b192-414b6e2224b6 2016-02-02 11:11:16,317 debug [org.springframework.security.oauth2.provider.token.defaulttokenservices] (default task-3) >>>>>>accesstokenvalue>>>>>>>>>>>>>>> 34a81f49-528d-4087-b192-414b6e2224b6 2016-02-02 11:11:16,317 debug [org.springframework.security.oauth2.provider.token.store.inmemorytokenstore] (default task-3) >>>>map>>>>>>>{} 2016-02-02 11:11:16,317 debug [org.springframework.security.oauth2.provider.authentication.oauth2authenticationprocessingfilter] (default task-3) <<<<<<<<<<<trace error>>>>>>>>>>>>>>>>>> 2016-02-02 11:11:16,339 error [stderr] (default task-3) error="invalid_token", error_description="invalid access token: 34a81f49-528d-4087-b192-414b6e2224b6"  2016-02-02 11:11:16,339 error [stderr] (default task-3)     @ org.springframework.security.oauth2.provider.token.defaulttokenservices.loadauthentication(defaulttokenservices.java:237)  2016-02-02 11:11:16,340 error [stderr] (default task-3)     @ org.springframework.security.oauth2.provider.authentication.oauth2authenticationmanager.authenticate(oauth2authenticationmanager.java:88)  2016-02-02 11:11:16,340 error [stderr] (default task-3)     @ org.springframework.security.oauth2.provider.authentication.oauth2authenticationprocessingfilter.dofilter(oauth2authenticationprocessingfilter.java:152)  2016-02-02 11:11:16,340 error [stderr] (default task-3)     @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:342)  2016-02-02 11:11:16,340 error [stderr] (default task-3)     @ org.springframework.security.web.context.request.async.webasyncmanagerintegrationfilter.dofilterinternal(webasyncmanagerintegrationfilter.java:50)  2016-02-02 11:11:16,340 error [stderr] (default task-3)     @ org.springframework.web.filter.onceperrequestfilter.dofilter(onceperrequestfilter.java:107)  2016-02-02 11:11:16,340 error [stderr] (default task-3)     @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:342)  2016-02-02 11:11:16,340 error [stderr] (default task-3)     @ org.springframework.security.web.context.securitycontextpersistencefilter.dofilter(securitycontextpersistencefilter.java:87)  2016-02-02 11:11:16,340 error [stderr] (default task-3)     @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:342)  2016-02-02 11:11:16,340 error [stderr] (default task-3)     @ org.springframework.security.web.filterchainproxy.dofilterinternal(filterchainproxy.java:192)

might duplicate of oauth2: invalid access token not answered. tried on other links in stack couldn't resolve problem. or suggestions on configuring oauth2 spring security 2.0.8 great.

we config using jdbctokenstore , jwttokenstore posted in below answer still can't use inmemorystore on great !!!

from resource apis looks passing access_token in request parameters. you'll have pass access_token in request headers :

authorization: bearer <access_token>

curl example :

curl -x -h "authorization: bearer 89af6541-f87f-4c63-be6d-6012426bb745" -h "cache-control: no-cache" "http://localhost:8080/xapp/data/product/api/index"


Comments

Post a Comment

Popular posts from this blog

php - Wordpress website dashboard page or post editor content is not showing but front end data is showing properly -

Image
recently have uploaded wordpress site onto server. have uploaded wordpress site in sub-folder under root folder ../root(domain root folder)/wordpress (where host wordpress folder). now problem content data in page or post in dashboard of wordpress admin panel not showing - see image. but data showing in front view - see image. if not browser cache issue , not issue happened tinymce editor during upgrade; try add config file: define('concatenate_scripts', false);
Read more

How to get the ip address of VM and use it to configure SSH connection dynamically in Ansible -

i trying ip address of vm , trying use establish ssh vm. following script: --- - hosts: localhost become: yes connection: local gather_facts: false serial: 1 vars_files: - createvmvars.yml tasks: - name: gathering vm info. vsphere_guest: vcenter_hostname: "{{vcenter_hostname}}" username: "{{vcenter_username}}" password: "{{vcenter_password}}" guest: "{{guest_name}}" vmware_guest_facts: yes register: var - debug: msg="{{var.ansible_facts.hw_eth0.ipaddresses[0]}}" - name: establishing ssh connection. script: /home/shasha/devops/scripts/ssh_configure.sh "{{var.ansible_facts.hw_eth0.ipaddresses[0]}}" following content of ssh_configure.sh : #!/bin/sh ssh-keygen -t rsa ssh-copy-id $1 but when running playbook, getting following error while executing third task: error! 'var' undefined but debug module(second task) printin
Read more

javascript - Get parameter of GET request -

i make request: createxhrrequest( "get", fileurl, function( err, response ) { if( err ) { alert( "error get!" ); } alert(response); }); and full response: { "status" : "ok", "message" : "jvberi0xljqkjdduxdgkmy how can jvberi0xlj ? i try response.message , response["message"]. nothing works. just simple access this: var json = json.parse(response); json.message
Read more