Spring OAuth 2 Call /oauth/token Resulted in 401 (Unauthorized) -

-

greeting everyone, try configure simple authorization code flow via spring security oauth.

i tested authorisation , resource server configuration via following approaches:

  1. create web application client , use page fire http post call /oauth/authorize.
  2. after getting code, use same page fire http post code , token.
  3. at end, use curl -h place token inside header , response protected resource.

but when try use rest template. throw error message 401 unauthorised error.

server side - security configure:

<http auto-config="true" pattern="/protected/**"     authentication-manager-ref="authenticationmanager">     <custom-filter ref="resourcefilter" before="pre_auth_filter" />     <csrf disabled="true" /> </http>  <http auto-config="true">     <intercept-url pattern="/**" access="hasrole('role_user')" />     <form-login default-target-url="/admin.html" />     <logout logout-success-url="/welcome.html" logout-url="/logout"/>     <csrf disabled="true" /> </http>  <authentication-manager alias="authenticationmanager">     <authentication-provider>         <user-service>             <user name="admin" password="123456" authorities="role_user,role_admin" />         </user-service>     </authentication-provider> </authentication-manager>

server side - authorisation , resource configure:

<oauth:authorization-server     client-details-service-ref="clientdetails" error-page="error">     <oauth:authorization-code /> </oauth:authorization-server>  <oauth:client-details-service id="clientdetails">     <oauth:client client-id="admin" secret="foosecret" /> </oauth:client-details-service>  <oauth:resource-server id="resourcefilter" />

client side: 

<oauth:client id="oauth2clientcontextfilter" /> <oauth:resource id="sso" client-id="admin"     access-token-uri="http://localhost:8080/tough/oauth/token"     user-authorization-uri="http://localhost:8080/tough/oauth/authorize"     use-current-uri="true" client-secret="secret"     client-authentication-scheme="header" type="authorization_code"     scope="trust" /> <oauth:rest-template id="template" resource="sso"/>

if knows goes wrong, please let me know.

phew... got problem solved. there 2 issues configuration above.

  1. i noticed client used wrong secret communicate authorization server.
  2. token endpoint @ authorization server use authentication manager serve user authentication. result client rejected times until create new security realm token endpoint , configure use authentication manger designed client.

note client different user. client third party want access resource belong user(also called resource owner). hope above helps

:) cheers


Comments

Post a Comment

Popular posts from this blog

javascript - Karma not able to start PhantomJS on Windows - Error: spawn UNKNOWN -

-
i lost "unknown" error: karma.conf.js: frameworks: ['mocha', 'should'], plugins: ['karma-mocha', 'karma-should', 'karma-phantomjs-launcher'], ... browsers: ['phantomjs'], error: 23 07 2015 14:35:37.691:warn [karma]: no captured browser, open http://localhost:9876/ 23 07 2015 14:35:37.701:info [karma]: karma v0.13.3 server started @ http://localhost:9876/ 23 07 2015 14:35:37.707:info [launcher]: starting browser phantomjs 23 07 2015 14:35:37.738:error [karma]: { [error: spawn unknown] code: 'unknown', errno: 'unknown', syscall: 'spawn' } error: spawn unknown @ exports._errnoexception (util.js:749:11) @ childprocess.spawn (child_process.js:1093:11) @ exports.spawn (child_process.js:933:9) @ object._execcommand (c:\users\jinga4x\git\mdl-sample-project\node_modules\karma\lib\launchers\process.js:63:21) @ object._start (c:\users\jinga4x\git\md...
Read more

Nuget pack csproj using nuspec -

-
i want create nuget package contains specified in nuspec file, still version csproj. in order use token have pack like: nuget pack myproj.csproj but when adds dependencies , creates unwanted folder in nuget package. nuspec file is: <?xml version="1.0" encoding="utf-8"?> <package xmlns="http://schemas.microsoft.com/packaging/2011/08/nuspec.xsd"> <metadata> <id>test</id> <version>$version$</version> <title>test</title> <authors>test</authors> <owners>test</owners> <requirelicenseacceptance>false</requirelicenseacceptance> <description>test</description> <summary>test</summary> <releasenotes>test</releasenotes> <copyright>test</copyright> </metadata> <files> <file src="bin\debug\*.dll" target="lib\net45" /> <file s...
Read more

c# - Display ASPX Popup control in RowDeleteing Event (ASPX Gridview) -

-
i have aspxgridview includes new , delete button. delete button includs gv_rowdeleting event. want show aspxpopupcontrol (id="pupconfirm"). want user have confirm password delete item. tried: protected void gv_rowdeleting(object sender, devexpress.web.data.aspxdatadeletingeventargs e) { pupconfirm.showonpageload = true; } but nothing happened. please me. !!! you can create template column javascript prompt confirmation. <itemtemplate> <asp:linkbutton id="btndelete" runat="server" text="delete" commandname="delete" onclientclick="javascript:if(!confirm('are sure want delete record?')){return false;}"> </asp:linkbutton> </itemtemplate>
Read more