java - Spring Security shows default login instead of OAuth2 -

i writing restful web service (jersey running on tomcat) needs authenticate users. plan redirect them login google via oauth2. once grant permission see email address, we'll know if known user in our system.

i using spring security. had working basic authentication (hard-wired list of users , passwords.) added oauth2 elements xml configuration, when access service browser i'm still getting prompted login browser, instead of getting redirected google's website. there no particular errors logged console.

suggestions appreciated. here spring security configuration file: spring-security.xml (though without real client's id , secret.)

<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans"  xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:oauth="http://www.springframework.org/schema/security/oauth2"   xsi:schemalocation="http://www.springframework.org/schema/beans   http://www.springframework.org/schema/beans/spring-beans-3.2.xsd   http://www.springframework.org/schema/security   http://www.springframework.org/schema/security/spring-security-3.2.xsd   http://www.springframework.org/schema/security/oauth2    http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd">  <debug/>  <oauth:client id="oauth2clientfilter" />  <oauth:resource id="googleoauth2resource" type="authorization_code" client-id="myclientid.apps.googleusercontent.com" client-secret="myclientsecret"      access-token-uri="https://accounts.google.com/o/oauth2/v3/token" user-authorization-uri="https://accounts.google.com/o/oauth2/auth" scope="email" />  <http auto-config='true' xmlns="http://www.springframework.org/schema/security">     <intercept-url pattern="/v1/**" access="role_user" />     <intercept-url pattern="/**" access="is_authenticated_anonymously" />     <custom-filter ref="oauth2clientfilter" after="exception_translation_filter" /> </http>  <oauth:rest-template id="googleoauthresttemplate" resource="googleoauth2resource" />  <authentication-manager> </authentication-manager>  </beans:beans>

here guts of web.xml file. (nothing here changed when had hard-wired list of users , passwords.)

<!-- require https except /img (favicon) , /css. --> <security-constraint>     <web-resource-collection>         <web-resource-name>httpsonly</web-resource-name>         <url-pattern>/*</url-pattern>     </web-resource-collection>     <user-data-constraint>         <transport-guarantee>confidential</transport-guarantee>     </user-data-constraint> </security-constraint> <security-constraint>     <web-resource-collection>         <web-resource-name>httpsorhttp</web-resource-name>         <url-pattern>*.ico</url-pattern>         <url-pattern>/img/*</url-pattern>         <url-pattern>/css/*</url-pattern>     </web-resource-collection>     <user-data-constraint>         <transport-guarantee>none</transport-guarantee>     </user-data-constraint> </security-constraint>    <servlet>     <servlet-name>jersey rest service</servlet-name>     <servlet-class>org.glassfish.jersey.servlet.servletcontainer</servlet-class>     <!-- register resources , providers under com.vogella.jersey.first package. -->     <init-param>         <param-name>jersey.config.server.provider.packages</param-name>         <param-value>com.foobar.dataservices</param-value>     </init-param>     <load-on-startup>1</load-on-startup> </servlet>  <servlet-mapping>     <servlet-name>jersey rest service</servlet-name>     <url-pattern>/v1/*</url-pattern> </servlet-mapping>  <resource-ref>     <description>tae db connection pool</description>     <res-ref-name>jdbc/taedb</res-ref-name>     <res-type>javax.sql.datasource</res-type>     <res-auth>container</res-auth> </resource-ref>  <listener>     <listener-class>    org.springframework.web.context.contextloaderlistener     </listener-class>   </listener>  <filter>     <filter-name>springsecurityfilterchain</filter-name>     <filter-class>org.springframework.web.filter.delegatingfilterproxy</filter-class> </filter>  <context-param>     <param-name>contextconfiglocation</param-name>     <param-value>/web-inf/spring/spring-security.xml</param-value> </context-param>  <filter-mapping>     <filter-name>springsecurityfilterchain</filter-name>     <url-pattern>/*</url-pattern> </filter-mapping> </web-app>

suggestions getting oauth2 working appreciated.

removing auto-config="true" http element in spring-security.xml got rid of wrong login form.

this revealed new error:

configuration problem: no authenticationentrypoint established. please make sure have login mechanism configured through namespace (such form-login) or specify custom authenticationentrypoint 'entry-point-ref' attribute

so added missing entry-point-ref, , access-denied-handler while @ it:

<http xmlns="http://www.springframework.org/schema/security" entry-point-ref="oauthauthenticationentrypoint">     <intercept-url pattern="/v1/**" access="is_authenticated_fully" />     <intercept-url pattern="/**" access="is_authenticated_anonymously" />     <custom-filter ref="oauth2clientfilter" after="exception_translation_filter" />     <access-denied-handler ref="oauthaccessdeniedhandler" /> </http>  <beans:bean id="oauthauthenticationentrypoint"     class="org.springframework.security.oauth2.provider.error.oauth2authenticationentrypoint"> </beans:bean>  <beans:bean id="oauthaccessdeniedhandler"     class="org.springframework.security.oauth2.provider.error.oauth2accessdeniedhandler"> </beans:bean>

the service launches without logging errors , not show wrong login form.

(but note denies permission resources. thought spring security redirect google on behalf of restful service, maybe webpage needs authorization token before calling service? think that's new topic though.)

Search This Blog

hj

java - Spring Security shows default login instead of OAuth2 -

Popular posts from this blog

title2

title3

title3