Spring Boot OAuth2 Custom Login Form Use case

3
votes

The oauth2 JWT project from the "Getting Started Spring Security and Angular JS Series" has a custom login. Adding the same code for a custom login page to the oauth2-vanilla project fails as the authorization code is always empty in the login response. I also tried porting the Sparklr2 (https://github.com/spring-projects/spring-security-oauth/tree/master/samples/oauth2) code into Spring Boot, but the authorization code is still empty. If this is not a bug, are there any examples for this use case?
My problem was reported at this GitHub url:
Login form URL: https://github.com/dsyer/spring-security-angular/blob/master/oauth2/authserver/src/main/resources/templates/login.ftl
Authorize form URL: https://github.com/dsyer/spring-security-angular/blob/master/oauth2/authserver/src/main/resources/templates/authorize.ftl

HTTP TRACE FOLLOWS

ROOT CONTEXT

302 GET http://localhost:8080/user Request headers: Host: localhost:8080 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: application/json, text/plain, / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest X-XSRF-TOKEN: e73f9d6b-9d82-4f09-a327-520c45add5a0 Referer: http://localhost:8080/ Cookie: JSESSIONID=0A8D06F75D8DAEFE88441D80BA8C0C53; XSRF-TOKEN=e73f9d6b-9d82-4f09-a327-520c45add5a0 Connection: keep-alive Response headers: Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Tue, 19 May 2015 15:59:58 GMT Expires: 0 Location: http://localhost:8080/login Pragma: no-cache Server: Apache-Coyote/1.1 X-Frame-Options: DENY X-XSS-Protection: 1; mode=block x-content-type-options: nosniff

200 GET http://localhost:8080/home.html Request headers: Host: localhost:8080 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: application/json, text/plain, / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest X-XSRF-TOKEN: e73f9d6b-9d82-4f09-a327-520c45add5a0 Referer: http://localhost:8080/ Cookie: JSESSIONID=0A8D06F75D8DAEFE88441D80BA8C0C53; XSRF-TOKEN=e73f9d6b-9d82-4f09-a327-520c45add5a0 Connection: keep-alive Response headers: Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 219 Content-Type: text/html;charset=UTF-8 Date: Tue, 19 May 2015 15:59:58 GMT Expires: 0 Last-Modified: Wed, 25 Mar 2015 01:50:42 GMT Pragma: no-cache Server: Apache-Coyote/1.1 X-Application-Context: bootstrap X-Frame-Options: DENY X-XSS-Protection: 1; mode=block x-content-type-options: nosniff

302 GET http://localhost:8080/resource/ Request headers: Host: localhost:8080 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: application/json, text/plain, / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest X-XSRF-TOKEN: e73f9d6b-9d82-4f09-a327-520c45add5a0 Referer: http://localhost:8080/ Cookie: JSESSIONID=0A8D06F75D8DAEFE88441D80BA8C0C53; XSRF-TOKEN=e73f9d6b-9d82-4f09-a327-520c45add5a0 Connection: keep-alive Response headers: Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Tue, 19 May 2015 15:59:58 GMT Expires: 0 Location: http://localhost:8080/login Pragma: no-cache Server: Apache-Coyote/1.1 X-Frame-Options: DENY X-XSS-Protection: 1; mode=block x-content-type-options: nosniff

302 GET http://localhost:8080/login Request headers: Host: localhost:8080 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: application/json, text/plain, / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost:8080/ X-XSRF-TOKEN: e73f9d6b-9d82-4f09-a327-520c45add5a0 X-Requested-With: XMLHttpRequest Cookie: JSESSIONID=0A8D06F75D8DAEFE88441D80BA8C0C53; XSRF-TOKEN=e73f9d6b-9d82-4f09-a327-520c45add5a0 Connection: keep-alive Response headers: Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Tue, 19 May 2015 15:59:58 GMT Expires: 0 Location: http://localhost:9999/uaa/oauth/authorize?client_id=acme&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Flogin&response_type=code&state=ZORNNY Pragma: no-cache Server: Apache-Coyote/1.1 X-Frame-Options: DENY X-XSS-Protection: 1; mode=block x-content-type-options: nosniff

302 GET http://localhost:8080/login Request headers: Host: localhost:8080 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: application/json, text/plain, / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost:8080/ X-XSRF-TOKEN: e73f9d6b-9d82-4f09-a327-520c45add5a0 X-Requested-With: XMLHttpRequest Cookie: JSESSIONID=0A8D06F75D8DAEFE88441D80BA8C0C53; XSRF-TOKEN=e73f9d6b-9d82-4f09-a327-520c45add5a0 Connection: keep-alive Response headers: Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Tue, 19 May 2015 15:59:58 GMT Expires: 0 Location: http://localhost:9999/uaa/oauth/authorize?client_id=acme&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Flogin&response_type=code&state=knNsMF Pragma: no-cache Server: Apache-Coyote/1.1 X-Frame-Options: DENY X-XSS-Protection: 1; mode=block x-content-type-options: nosniff

LOGIN

302 GET http://localhost:8080/login

Request headers: Host: localhost:8080 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost:8080/ Cookie: JSESSIONID=681144B950A553779BA1722D4166DB78; XSRF-TOKEN=c46af943-e520-411b-b96d-e3e45f3196fb Connection: keep-alive

Response headers: Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Tue, 19 May 2015 15:06:32 GMT Expires: 0 Location: http://localhost:9999/uaa/oauth/authorize?client_id=acme&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Flogin&response_type=code&state=lpTB5d Pragma: no-cache Server: Apache-Coyote/1.1 X-Frame-Options: DENY X-XSS-Protection: 1; mode=block x-content-type-options: nosniff

302 GET http://localhost:9999/uaa/oauth/authorize?client_id=acme&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Flogin&response_type=code&state=lpTB5d

Request headers: Host: localhost:9999 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost:8080/ Cookie: JSESSIONID=681144B950A553779BA1722D4166DB78; XSRF-TOKEN=c46af943-e520-411b-b96d-e3e45f3196fb Connection: keep-alive

Response headers: Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Tue, 19 May 2015 15:06:32 GMT Expires: 0 Location: http://localhost:9999/uaa/login Pragma: no-cache Server: Apache-Coyote/1.1 Set-Cookie: JSESSIONID=FD174AF5EF78ECF13F0284101578C6F8; Path=/uaa/; HttpOnly X-Frame-Options: DENY X-XSS-Protection: 1; mode=block x-content-type-options: nosniff

200 GET http://localhost:9999/uaa/login

Request headers: Host: localhost:9999 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost:8080/ Cookie: JSESSIONID=FD174AF5EF78ECF13F0284101578C6F8; JSESSIONID=681144B950A553779BA1722D4166DB78; XSRF-TOKEN=c46af943-e520-411b-b96d-e3e45f3196fb Connection: keep-alive

Response headers: Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Type: text/html;charset=UTF-8 Date: Tue, 19 May 2015 15:06:32 GMT Expires: 0 Pragma: no-cache Server: Apache-Coyote/1.1 Transfer-Encoding: chunked X-Application-Context: application:9999 X-Frame-Options: DENY X-XSS-Protection: 1; mode=block x-content-type-options: nosniff

200 GET wro.css

200 GET wro.js

LOGIN SUBMIT

302 POST http://localhost:9999/uaa/login

Request headers: Host: localhost:9999 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost:9999/uaa/login Cookie: JSESSIONID=FD174AF5EF78ECF13F0284101578C6F8; JSESSIONID=681144B950A553779BA1722D4166DB78; XSRF-TOKEN=c46af943-e520-411b-b96d-e3e45f3196fb Connection: keep-alive

Response headers: Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Length: 0 Date: Tue, 19 May 2015 15:24:02 GMT Expires: 0 Location: http://localhost:9999/uaa/oauth/authorize?client_id=acme&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Flogin&response_type=code&state=lpTB5d Pragma: no-cache Server: Apache-Coyote/1.1 Set-Cookie: JSESSIONID=12D1C160B5CDDEAD0F9C96E9FB9E53A9; Path=/uaa/; HttpOnly X-Frame-Options: DENY X-XSS-Protection: 1; mode=block x-content-type-options: nosniff

Form Data Parameter: username:"######" password:"######" _csrf:"ba0f23da-8059-4b7b-89df-d9998d8de4fb"

200 GET http://localhost:9999/uaa/oauth/authorize?client_id=acme&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Flogin&response_type=code&state=lpTB5d

Request headers: Host: localhost:9999 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost:9999/uaa/login Cookie: JSESSIONID=12D1C160B5CDDEAD0F9C96E9FB9E53A9; JSESSIONID=681144B950A553779BA1722D4166DB78; XSRF-TOKEN=c46af943-e520-411b-b96d-e3e45f3196fb Connection: keep-alive

Response headers: Cache-Control: no-cache, no-store Content-Language: en-US Content-Type: text/html;charset=UTF-8 Date: Tue, 19 May 2015 15:24:02 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Server: Apache-Coyote/1.1 Transfer-Encoding: chunked X-Application-Context: application:9999 X-Frame-Options: DENY X-XSS-Protection: 1; mode=block x-content-type-options: nosniff

304 GET wro.css

304 GET wro.js

APPROVE

302 POST http://localhost:9999/uaa/oauth/authorize

Request headers: Host: localhost:9999 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost:9999/uaa/oauth/authorize?client_id=acme&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Flogin&response_type=code&state=lpTB5d Cookie: JSESSIONID=12D1C160B5CDDEAD0F9C96E9FB9E53A9; JSESSIONID=681144B950A553779BA1722D4166DB78; XSRF-TOKEN=c46af943-e520-411b-b96d-e3e45f3196fb Connection: keep-alive

Response headers: Cache-Control: no-cache, no-store Content-Language: en-US Content-Length: 0 Date: Tue, 19 May 2015 15:31:51 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Location: http://localhost:8080/login?error=access_denied&error_description=User%20denied%20access&state=lpTB5d Pragma: no-cache Server: Apache-Coyote/1.1 X-Application-Context: application:9999 X-Frame-Options: DENY X-XSS-Protection: 1; mode=block x-content-type-options: nosniff

Form Data Parameter: user_oauth_approval:"true" _csrf:"32e46c90-0aac-4120-8d31-f31a7e6fe0ec"

401 GET http://localhost:8080/login?error=access_denied&error_description=User%20denied%20access&state=lpTB5d

Request headers: Host: localhost:8080 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost:9999/uaa/oauth/authorize?client_id=acme&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Flogin&response_type=code&state=lpTB5d Cookie: JSESSIONID=681144B950A553779BA1722D4166DB78; XSRF-TOKEN=c46af943-e520-411b-b96d-e3e45f3196fb Connection: keep-alive

Response headers: Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Language: en-US Content-Length: 341 Content-Type: text/html;charset=ISO-8859-1 Date: Tue, 19 May 2015 15:31:52 GMT Expires: 0 Pragma: no-cache Server: Apache-Coyote/1.1 X-Frame-Options: DENY X-XSS-Protection: 1; mode=block x-content-type-options: nosniff

LOGIN LOGS

2015-06-09 02:32:02.787 DEBUG 5312 --- [nio-9999-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login'; against '/login'
2015-06-09 02:32:02.788 DEBUG 5312 --- [nio-9999-exec-5] w.a.UsernamePasswordAuthenticationFilter : Request is to process authentication
2015-06-09 02:32:02.788 DEBUG 5312 --- [nio-9999-exec-5] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2015-06-09 02:32:02.814 INFO 5312 --- [nio-9999-exec-5] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Tue Jun 09
02:32:02 EDT 2015, principal=phil, type=AUTHENTICATION_SUCCESS, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails@fffed504: RemoteIpAddress: 127.0.0.1; SessionId: 4E22482896B7A9D7E427101CBC1187D2}]
2015-06-09 02:32:02.814 DEBUG 5312 --- [nio-9999-exec-5] s.CompositeSessionAuthenticationStrategy : Delegating to org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy@684222cb
2015-06-09 02:32:02.815 INFO 5312 --- [nio-9999-exec-5] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Tue Jun 09
02:32:02 EDT 2015, principal=phil, type=AUTHENTICATION_SUCCESS, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails@fffed504: RemoteIpAddress: 127.0.0.1; SessionId: 4E22482896B7A9D7E427101CBC1187D2}]
2015-06-09 02:32:02.815 DEBUG 5312 --- [nio-9999-exec-5] s.CompositeSessionAuthenticationStrategy : Delegating to org.springframework.security.web.csrf.CsrfAuthenticationStrategy@51738bda
2015-06-09 02:32:02.816 DEBUG 5312 --- [nio-9999-exec-5] w.a.UsernamePasswordAuthenticationFilter : Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@bbd7aa2f: Principal: org.springframework.security.core.userdetails.User@347d1b: Username: phil; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffed504: RemoteIpAddress: 127.0.0.1; SessionId: 4E22482896B7A9D7E427101CBC1187D2; Granted Authorities: ROLE_USER
2015-06-09 02:32:02.817 INFO 5312 --- [nio-9999-exec-5] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Tue Jun 09 02:32:02 EDT 2015, principal=phil, type=AUTHENTICATION_SUCCESS, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails@fffed504: RemoteIpAddress: 127.0.0.1; SessionId: 4E22482896B7A9D7E427101CBC1187D2}]
2015-06-09 02:32:02.817 DEBUG 5312 --- [nio-9999-exec-5] RequestAwareAuthenticationSuccessHandler : Redirecting to DefaultSavedRequest Url: http://localhost:9999/uaa/oauth/authorize?client_id=acme&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Flogin&response_type=code&state=4WtAHc
2015-06-09 02:32:02.818 DEBUG 5312 --- [nio-9999-exec-5] o.s.s.web.DefaultRedirectStrategy : Redirecting to 'http://localhost:9999/uaa/oauth/authorize?client_id=acme&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Flogin&response_type=code&state=4WtAHc'
2015-06-09 02:32:02.818 DEBUG 5312 --- [nio-9999-exec-5] w.c.HttpSessionSecurityContextRepository : SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@bbd7aa2f: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@bbd7aa2f: Principal: org.springframework.security.core.userdetails.User@347d1b: Username: phil; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffed504: RemoteIpAddress: 127.0.0.1; SessionId: 4E22482896B7A9D7E427101CBC1187D2; Granted Authorities: ROLE_USER'

APPROVE LOGS

2015-06-09 03:01:44.194 DEBUG 9104 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy : /oauth/authorize at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2015-06-09 03:01:44.194 DEBUG 9104 --- [nio-9999-exec-9] w.c.HttpSessionSecurityContextRepository : Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@bbd50027: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@bbd50027: Principal: org.springframework.security.core.userdetails.User@347d1b: Username: phil; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 96B6C1DF8C52F23738AB7732C2A7AD70; Granted Authorities: ROLE_USER'
2015-06-09 03:01:44.194 DEBUG 9104 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy : /oauth/authorize at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2015-06-09 03:01:44.195 DEBUG 9104 --- [nio-9999-exec-9] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@627aa865
2015-06-09 03:01:44.195 DEBUG 9104 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy : /oauth/authorize at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
2015-06-09 03:01:44.195 DEBUG 9104 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy : /oauth/authorize at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2015-06-09 03:01:44.195 DEBUG 9104 --- [nio-9999-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/authorize'; against '/logout'
2015-06-09 03:01:44.195 DEBUG 9104 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy : /oauth/authorize at position 6 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2015-06-09 03:01:44.195 DEBUG 9104 --- [nio-9999-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/authorize'; against '/login'
2015-06-09 03:01:44.195 DEBUG 9104 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy : /oauth/authorize at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2015-06-09 03:01:44.196 DEBUG 9104 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy : /oauth/authorize at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2015-06-09 03:01:44.196 DEBUG 9104 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy : /oauth/authorize at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2015-06-09 03:01:44.196 DEBUG 9104 --- [nio-9999-exec-9] o.s.s.w.a.AnonymousAuthenticationFilter : SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@bbd50027: Principal: org.springframework.security.core.userdetails.User@347d1b: Username: phil; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 96B6C1DF8C52F23738AB7732C2A7AD70; Granted Authorities: ROLE_USER'
2015-06-09 03:01:44.196 DEBUG 9104 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy : /oauth/authorize at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2015-06-09 03:01:44.196 DEBUG 9104 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy : /oauth/authorize at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2015-06-09 03:01:44.196 DEBUG 9104 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy : /oauth/authorize at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2015-06-09 03:01:44.196 DEBUG 9104 --- [nio-9999-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/authorize'; against '/admin/'
2015-06-09 03:01:44.196 DEBUG 9104 --- [nio-9999-exec-9] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /oauth/authorize; Attributes: [authenticated]
2015-06-09 03:01:44.196 DEBUG 9104 --- [nio-9999-exec-9] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@bbd50027: Principal: org.springframework.security.core.userdetails.User@347d1b: Username: phil; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 127.0.0.1; SessionId: 96B6C1DF8C52F23738AB7732C2A7AD70; Granted Authorities: ROLE_USER
2015-06-09 03:01:44.197 DEBUG 9104 --- [nio-9999-exec-9] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2b6b3792, returned: 1
2015-06-09 03:01:44.197 DEBUG 9104 --- [nio-9999-exec-9] o.s.s.w.a.i.FilterSecurityInterceptor : Authorization successful
2015-06-09 03:01:44.197 DEBUG 9104 --- [nio-9999-exec-9] o.s.s.w.a.i.FilterSecurityInterceptor : RunAsManager did not change Authentication object
2015-06-09 03:01:44.197 DEBUG 9104 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy : /oauth/authorize reached end of additional filter chain; proceeding with original chain
2015-06-09 03:01:44.198 DEBUG 9104 --- [nio-9999-exec-9] .s.o.p.e.FrameworkEndpointHandlerMapping : Looking up handler method for path /oauth/authorize
2015-06-09 03:01:44.199 DEBUG 9104 --- [nio-9999-exec-9] .s.o.p.e.FrameworkEndpointHandlerMapping : Returning handler method [public org.springframework.web.servlet.View org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.approveOrDeny(java.util.Map,java.util.Map,org.springframework.web.bind.support.SessionStatus,java.security.Principal)]
2015-06-09 03:01:44.219 DEBUG 9104 --- [nio-9999-exec-9] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
2015-06-09 03:01:44.219 DEBUG 9104 --- [nio-9999-exec-9] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2015-06-09 03:01:44.252 DEBUG 9104 --- [io-9999-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/authorize'; against '/css/'
2015-06-09 03:01:44.252 DEBUG 9104 --- [io-9999-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/authorize'; against '/js/'
2015-06-09 03:01:44.252 DEBUG 9104 --- [io-9999-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/authorize'; against '/images/'
2015-06-09 03:01:44.252 DEBUG 9104 --- [io-9999-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/authorize'; against '/**/favicon.ico'
2015-06-09 03:01:44.252 DEBUG 9104 --- [io-9999-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/authorize'; against '/error'
2015-06-09 03:01:44.253 DEBUG 9104 --- [io-9999-exec-10] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/metrics']
2015-06-09 03:01:44.253 DEBUG 9104 --- [io-9999-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/authorize'; against '/metrics'
2015-06-09 03:01:44.253 DEBUG 9104 --- [io-9999-exec-10] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/login']
2015-06-09 03:01:44.253 DEBUG 9104 --- [io-9999-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/authorize'; against '/login'
2015-06-09 03:01:44.253 DEBUG 9104 --- [io-9999-exec-10] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/authorize']
2015-06-09 03:01:44.253 DEBUG 9104 --- [io-9999-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/authorize'; against '/oauth/authorize'
2015-06-09 03:01:44.253 DEBUG 9104 --- [io-9999-exec-10] o.s.s.web.util.matcher.OrRequestMatcher : matched
2015-06-09 03:01:44.253 DEBUG 9104 --- [io-9999-exec-10] o.s.security.web.FilterChainProxy : /oauth/authorize at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2015-06-09 03:01:44.253 DEBUG 9104 --- [io-9999-exec-10] o.s.security.web.FilterChainProxy : /oauth/authorize at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2015-06-09 03:01:44.253 DEBUG 9104 --- [io-9999-exec-10] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2015-06-09 03:01:44.253 DEBUG 9104 --- [io-9999-exec-10] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2015-06-09 03:01:44.254 DEBUG 9104 --- [io-9999-exec-10] o.s.security.web.FilterChainProxy : /oauth/authorize at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2015-06-09 03:01:44.254 DEBUG 9104 --- [io-9999-exec-10] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@627aa865
2015-06-09 03:01:44.254 DEBUG 9104 --- [io-9999-exec-10] o.s.security.web.FilterChainProxy : /oauth/authorize at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
2015-06-09 03:01:44.254 DEBUG 9104 --- [io-9999-exec-10] o.s.security.web.csrf.CsrfFilter : Invalid CSRF token found for http://localhost:9999/uaa/oauth/authorize
2015-06-09 03:01:44.255 DEBUG 9104 --- [io-9999-exec-10] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2015-06-09 03:01:44.255 DEBUG 9104 --- [io-9999-exec-10] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
1
spring-bootspring-security-oauth2
In github, you have mentioned that the AccessConfirmationController is not getting the token. But here you have mentioned that the login response does not contain authorization code. Can you rephrase your question and explain the exact situation.FFL
In /login shouldn't the form data parameter name be username instead of user_name.FFL
There was also a Invalid CSRF token in the logs after I approved the client.Paul
Can you post the code for the custom login page?FFL
I added links to forms and corrected the typo I made for user_name form parameter.Paul

1 Answers

1
votes
   <input type="hidden" name="scope.openid" value="true"/>
   <input type="hidden" name="scope.openid" value="false"/>

The client scope is not set in the authorize form. Add extra inputs to the form for approve and deny requests as shown above.