spring - Handle UserRedirectRequiredException (A redirect is required to get the users approval) -
introduction
one week ago, began development of application using oauth2 framework (with spring boot v1.3.0.m4). brand new experience me. try make simple possible understand better. using spring security oauth2 , facing difficulties use correctly.
what want do
authenticate user when 1 authorize application. actually, don't want him register on application can freely use without having fill boring forms register.
problem encountered
i can't find way handle userredirectrequired exception. because don't it, user never redirected authorization page , exception thrown (and unhandled).
my application
standardcontroller.java
package org.test.oauth.web; import java.security.principal; import org.springframework.web.bind.annotation.requestmapping; import org.springframework.web.bind.annotation.requestmethod; import org.springframework.web.bind.annotation.restcontroller; @restcontroller public class standardcontroller { @requestmapping(value = "/", method = requestmethod.get) public string gethelloworld() { return "hello world !"; } @requestmapping(value = "/user", method = requestmethod.get) public principal getuser(principal principal) { return principal; } }
standardconfiguration.java
package org.test.oauth.configuration; import java.util.arrays; import org.springframework.beans.factory.annotation.autowired; import org.springframework.boot.autoconfigure.security.oauth2.client.enableoauth2sso; import org.springframework.context.annotation.bean; import org.springframework.context.annotation.configuration; import org.springframework.security.config.annotation.web.builders.httpsecurity; import org.springframework.security.config.annotation.web.configuration.websecurityconfigureradapter; import org.springframework.security.oauth2.client.oauth2clientcontext; import org.springframework.security.oauth2.client.filter.oauth2clientcontextfilter; import org.springframework.security.oauth2.client.resource.oauth2protectedresourcedetails; import org.springframework.security.oauth2.client.token.grant.code.authorizationcoderesourcedetails; import org.springframework.security.web.access.exceptiontranslationfilter; @configuration @enableoauth2sso public class standardconfiguration extends websecurityconfigureradapter { @autowired private oauth2clientcontextfilter oauth2clientcontextfilter; @autowired private oauth2clientcontext oauth2clientcontext; @override protected void configure(httpsecurity http) throws exception { // @formatter:off http .authorizerequests().antmatchers("/login").anonymous().and() .authorizerequests().anyrequest().authenticated().and() .httpbasic().and() .addfilterafter(oauth2clientcontextfilter, exceptiontranslationfilter.class); // @formatter:on } // org.springframework.beans.factory.nouniquebeandefinitionexception: no qualifying bean of type [org.springframework.security.oauth2.client.oauth2restoperations] defined: expected single matching bean found 2: resttemplate,userinforesttemplate // @bean // public oauth2restoperations resttemplate() { // return new oauth2resttemplate(bnetresource(), oauth2clientcontext); // } @bean public oauth2protectedresourcedetails bnetresource() { authorizationcoderesourcedetails resource = new authorizationcoderesourcedetails(); resource.setid("bnet"); resource.setclientid("***"); resource.setclientsecret("***"); resource.setaccesstokenuri("https://eu.battle.net/oauth/token"); resource.setuserauthorizationuri("https://eu.battle.net/oauth/authorize"); resource.setscope(arrays.aslist("wow.profile")); return resource; } }
my problem
when on root application, spring security redirects me not authenticated. redirects me login page. many exceptions thrown , handled spring boot default configuration when userredirectrequiredexception created , thrown, no filter handles it. debugging application, found last exception found oauth2clientcontextfilter accessdeniedexception. doubt filter (which oauth2clientcontextfilter default configuration) not correctly set in filter chain.
stacktrace
org.springframework.security.oauth2.client.resource.userredirectrequiredexception: redirect required users approval @ org.springframework.security.oauth2.client.token.grant.code.authorizationcodeaccesstokenprovider.getredirectforauthorization(authorizationcodeaccesstokenprovider.java:347) ~[spring-security-oauth2-2.0.7.release.jar:na] @ org.springframework.security.oauth2.client.token.grant.code.authorizationcodeaccesstokenprovider.obtainaccesstoken(authorizationcodeaccesstokenprovider.java:194) ~[spring-security-oauth2-2.0.7.release.jar:na] @ org.springframework.security.oauth2.client.oauth2resttemplate.acquireaccesstoken(oauth2resttemplate.java:221) ~[spring-security-oauth2-2.0.7.release.jar:na] @ org.springframework.security.oauth2.client.oauth2resttemplate.getaccesstoken(oauth2resttemplate.java:173) ~[spring-security-oauth2-2.0.7.release.jar:na] @ org.springframework.security.oauth2.client.filter.oauth2clientauthenticationprocessingfilter.attemptauthentication(oauth2clientauthenticationprocessingfilter.java:94) ~[spring-security-oauth2-2.0.7.release.jar:na] @ org.springframework.security.web.authentication.abstractauthenticationprocessingfilter.dofilter(abstractauthenticationprocessingfilter.java:217) ~[spring-security-web-4.0.2.release.jar:4.0.2.release] @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:330) ~[spring-security-web-4.0.2.release.jar:4.0.2.release] @ org.springframework.security.web.authentication.logout.logoutfilter.dofilter(logoutfilter.java:120) ~[spring-security-web-4.0.2.release.jar:4.0.2.release] @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:330) ~[spring-security-web-4.0.2.release.jar:4.0.2.release] @ org.springframework.security.web.csrf.csrffilter.dofilterinternal(csrffilter.java:96) ~[spring-security-web-4.0.2.release.jar:4.0.2.release] @ org.springframework.web.filter.onceperrequestfilter.dofilter(onceperrequestfilter.java:107) ~[spring-web-4.2.0.release.jar:4.2.0.release] @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:330) ~[spring-security-web-4.0.2.release.jar:4.0.2.release] @ org.springframework.security.web.header.headerwriterfilter.dofilterinternal(headerwriterfilter.java:64) ~[spring-security-web-4.0.2.release.jar:4.0.2.release] @ org.springframework.web.filter.onceperrequestfilter.dofilter(onceperrequestfilter.java:107) ~[spring-web-4.2.0.release.jar:4.2.0.release] @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:330) ~[spring-security-web-4.0.2.release.jar:4.0.2.release] @ org.springframework.security.web.context.securitycontextpersistencefilter.dofilter(securitycontextpersistencefilter.java:91) ~[spring-security-web-4.0.2.release.jar:4.0.2.release] @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:330) ~[spring-security-web-4.0.2.release.jar:4.0.2.release] @ org.springframework.security.web.context.request.async.webasyncmanagerintegrationfilter.dofilterinternal(webasyncmanagerintegrationfilter.java:53) ~[spring-security-web-4.0.2.release.jar:4.0.2.release] @ org.springframework.web.filter.onceperrequestfilter.dofilter(onceperrequestfilter.java:107) ~[spring-web-4.2.0.release.jar:4.2.0.release] @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:330) ~[spring-security-web-4.0.2.release.jar:4.0.2.release] @ org.springframework.security.web.filterchainproxy.dofilterinternal(filterchainproxy.java:213) ~[spring-security-web-4.0.2.release.jar:4.0.2.release] @ org.springframework.security.web.filterchainproxy.dofilter(filterchainproxy.java:176) ~[spring-security-web-4.0.2.release.jar:4.0.2.release] @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:239) ~[tomcat-embed-core-8.0.23.jar:8.0.23] @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:206) ~[tomcat-embed-core-8.0.23.jar:8.0.23] @ org.springframework.web.filter.httpputformcontentfilter.dofilterinternal(httpputformcontentfilter.java:87) ~[spring-web-4.2.0.release.jar:4.2.0.release]
looking @ stacktrace, tried change order of filter in filter chain. tried put oauth2clientcontextfilter after oauth2clientauthenticationprocessingfilter. unfortunately, when launch application, error occurs telling me filter unregistered.
change
.addfilterafter(oauth2clientcontextfilter, exceptiontranslationfilter.class);
to
.addfilterafter(oauth2clientcontextfilter, oauth2clientauthenticationprocessingfilter.class);
stacktrace
2015-08-25 12:05:50.990 error 9132 --- [ost-startstop-1] o.s.b.c.embedded.tomcat.tomcatstarter : error starting tomcat context: org.springframework.beans.factory.unsatisfieddependencyexception 2015-08-25 12:05:51.054 warn 9132 --- [ main] ationconfigembeddedwebapplicationcontext : exception encountered during context initialization - cancelling refresh attempt java.lang.illegalargumentexception: cannot register after unregistered filter class org.springframework.security.oauth2.client.filter.oauth2clientauthenticationprocessingfilter @ org.springframework.security.config.annotation.web.builders.filtercomparator.registerafter(filtercomparator.java:145) ~[spring-security-config-4.0.2.release.jar:4.0.2.release] @ org.springframework.security.config.annotation.web.builders.httpsecurity.addfilterafter(httpsecurity.java:960) ~[spring-security-config-4.0.2.release.jar:4.0.2.release] @ org.test.oauth.configuration.standardconfiguration.configure(standardconfiguration.java:36) ~[classes/:na] @ org.springframework.security.config.annotation.web.configuration.websecurityconfigureradapter.gethttp(websecurityconfigureradapter.java:199) ~[spring-security-config-4.0.2.release.jar:4.0.2.release] @ sun.reflect.nativemethodaccessorimpl.invoke0(native method) ~[na:1.8.0_45]
so ask me getting through , rid of problem. aware there lot of questions issue answered couldn't me wanted.
thanking time dedicated took me.
cédric
changing .addfilterafter(oauth2clientcontextfilter, exceptiontranslationfilter.class);
.addfilterafter(oauth2clientcontextfilter, securitycontextpersistencefilter.class);
makes unhandled userredirectrequiredexception getting handled.
Comments
Post a Comment