security - spring oauth2 token Handling error -


currently use spring mvc oauth2 secure web application.

i tried curl -x post "http://localhost:8080/project/oauth/token?client_id=the_client&grant_type=password&username=user&password=password&response_type=token"

i got reply. {"error":"unauthorized","error_description":"there no client authentication. try adding appropriate authentication filter."}

then checked code of tokenendpoint.java, show principal null.

the exception handling error: insufficientauthenticationexception, there no client authentication. try adding appropriate authentication filter.

here spring-security.xml

<?xml version="1.0" encoding="utf-8" ?> <beans xmlns="http://www.springframework.org/schema/beans"  xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"       xmlns:oauth2="http://www.springframework.org/schema/security/oauth2" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:security="http://www.springframework.org/schema/security" xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/security/oauth2  http://www.springframework.org/schema/security/spring-security-oauth2.xsd">  <bean id="tokenstore"     class="org.springframework.security.oauth2.provider.token.store.inmemorytokenstore" /> <bean id="tokenservices"     class="org.springframework.security.oauth2.provider.token.defaulttokenservices">     <property name="tokenstore" ref="tokenstore" />     <property name="supportrefreshtoken" value="true" /> </bean> <bean id="clientauthenticationentrypoint"     class="org.springframework.security.oauth2.provider.error.oauth2authenticationentrypoint" /> <bean id="accessdeniedhandler"     class="org.springframework.security.oauth2.provider.error.oauth2accessdeniedhandler" /> <bean id="userapprovalhandler"     class="org.springframework.security.oauth2.provider.approval.defaultuserapprovalhandler" />  <!--client --> <bean id="clientdetailsservice" class="oauth2.customjdbcclientdetailsservice">     <constructor-arg index="0" ref="datasource" /> </bean> <bean id="clientdetailsuserdetailsservice"     class="org.springframework.security.oauth2.provider.client.clientdetailsuserdetailsservice">     <constructor-arg ref="clientdetailsservice" /> </bean> <bean id="clientcredentialstokenendpointfilter"     class="org.springframework.security.oauth2.provider.client.clientcredentialstokenendpointfilter">     <property name="authenticationmanager" ref="clientauthenticationmanager" /> </bean> <security:authentication-manager id="clientauthenticationmanager">     <security:authentication-provider         user-service-ref="clientdetailsuserdetailsservice" /> </security:authentication-manager> <oauth2:authorization-server     client-details-service-ref="clientdetailsservice" token-services-ref="tokenservices"     user-approval-handler-ref="userapprovalhandler">     <oauth2:authorization-code />     <oauth2:implicit />     <oauth2:refresh-token />     <oauth2:client-credentials />     <oauth2:password /> </oauth2:authorization-server> <security:http pattern="/oauth/token" create-session="stateless">     <security:anonymous enabled="false" />     <security:http-basic entry-point-ref="clientauthenticationentrypoint" />     <security:custom-filter ref="clientcredentialstokenendpointfilter"         before="basic_auth_filter" />     <security:access-denied-handler ref="accessdeniedhandler" /> </security:http> <!--client -->  <!--user --> <bean id="userservice" class="services.userservicesimpl" /> <security:authentication-manager alias="authenticationmanager">     <security:authentication-provider         user-service-ref="userservice">         <!--<security:password-encoder hash="md5"/> -->     </security:authentication-provider> </security:authentication-manager> <!--user -->  <oauth2:resource-server id="mobileresourceserver"     resource-id="mobile-resource" token-services-ref="tokenservices" /> <bean id="accessdecisionmanager" class="org.springframework.security.access.vote.unanimousbased">     <constructor-arg>         <list>             <bean class="org.springframework.security.oauth2.provider.vote.scopevoter" />             <bean class="org.springframework.security.access.vote.rolevoter" />             <bean class="org.springframework.security.access.vote.authenticatedvoter" />         </list>     </constructor-arg> </bean> <security:http pattern="/rest/**" create-session="never"     entry-point-ref="clientauthenticationentrypoint"     access-decision-manager-ref="accessdecisionmanager" use-expressions="false">     <security:anonymous enabled="false" />     <security:intercept-url pattern="/rest/**"         access="role_driver" />     <security:custom-filter ref="mobileresourceserver"         before="pre_auth_filter" />     <security:access-denied-handler ref="accessdeniedhandler" /> </security:http> 

i don't know why wrong, please me thanks.


Comments

Popular posts from this blog

sublimetext3 - what keyboard shortcut is to comment/uncomment for this script tag in sublime -

java - No use of nillable="0" in SOAP Webservice -

ubuntu - Laravel 5.2 quickstart guide gives Not Found Error -