Trying to implement OAuth2 and running into a few issues following various resources on the web but could not find any resolutions. The issue is that when I access the /token endpoint I get a 404. Here is my config:
web.xml - Dispatcher servlet is mapped to /services/api/* and my security config security.xml is loaded by ContextLoaderListener.
OAuth2 mapping in security.xml:
<!-- OAUTH2 Configuration -->
<!-- Token request Endpoint configuration -->
<http pattern="/services/api/oauth2/token" use-expressions="true" create-session="stateless" authentication-manager-ref="OAuth2ClientAuthenticationManager">
<intercept-url pattern="/services/api/oauth2/token" access="hasAnyRole('ADMIN','USER')"/>
<anonymous enabled="false"/>
<http-basic entry-point-ref="OAuth2TokenEntryPoint"/>
<custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER"/> <!-- processes client credentials params on the request -->
<access-denied-handler ref="OAuth2AccessDeniedHandler"/>
</http>
<!-- Resource endpoints protected by Oauth2 -->
<http pattern="/services/api/oauth2/**" create-session="never" entry-point-ref="OAuth2EntryPoint" access-decision-manager-ref="OAuth2AccessDecisionManager">
<anonymous enabled="false"/>
<intercept-url pattern="/services/api/oauth2/**" access="hasAnyRole('ADMIN','USER')"/>
<custom-filter ref="OAuth2ResourceServer" before="PRE_AUTH_FILTER"/>
<access-denied-handler ref="OAuth2AccessDeniedHandler"/>
</http>
<!-- Authentication entrypoint for calls to obtain access tokens -->
<b:bean id="OAuth2TokenEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<b:property name="realmName" value="oauth/oauthClient"/>
<b:property name="typeName" value="Basic"/>
</b:bean>
<!-- Authentication entrypoint for calls to access Oauth2 protected resources -->
<b:bean id="OAuth2EntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<b:property name="realmName" value="oauth"/>
</b:bean>
<b:bean id="OAuth2AccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
<b:bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
<b:property name="authenticationManager" ref="OAuth2ClientAuthenticationManager" />
</b:bean>
<b:bean id="OAuth2AccessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
<b:constructor-arg>
<b:list>
<b:bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
<b:bean class="org.springframework.security.access.vote.RoleVoter" />
<b:bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
<b:bean class="org.springframework.security.web.access.expression.WebExpressionVoter"/>
</b:list>
</b:constructor-arg>
</b:bean>
<!-- Authentication Manager for OAuth2 clients -->
<authentication-manager id="OAuth2ClientAuthenticationManager">
<authentication-provider user-service-ref="OAuth2ClientDetailsUserService" />
</authentication-manager>
<b:bean id="OAuth2ClientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
<b:constructor-arg ref="OAuth2ClientDetails" />
</b:bean>
<!-- Configure Oauth2 Token storage and services -->
<b:bean id="OAuth2TokenStore" class="org.springframework.security.oauth2.provider.token.store.JdbcTokenStore">
<b:constructor-arg ref="pvDataSource" />
</b:bean>
<b:bean id="OAuth2TokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
<b:property name="tokenStore" ref="OAuth2TokenStore" />
<b:property name="supportRefreshToken" value="true" />
<b:property name="accessTokenValiditySeconds" value="120"/>
<b:property name="clientDetailsService" ref="OAuth2ClientDetails" />
</b:bean>
<b:bean id="OAuth2RequestFactory" class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory">
<b:constructor-arg name="clientDetailsService" ref="OAuth2ClientDetails" />
</b:bean>
<b:bean id="OAuth2UserApprovalHandler" class="org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler">
<b:property name="tokenStore" ref="OAuth2TokenStore"/>
<b:property name="requestFactory" ref="OAuth2RequestFactory" />
</b:bean>
<oauth:authorization-server client-details-service-ref="OAuth2ClientDetails" token-services-ref="OAuth2TokenServices">
<oauth:authorization-code />
<oauth:implicit/>
<oauth:refresh-token/>
<oauth:client-credentials />
<oauth:password/>
</oauth:authorization-server>
<oauth:resource-server id="OAuth2ResourceServer" resource-id="oauth" token-services-ref="OAuth2TokenServices" />
<!-- Configuration of OAuth2 clients -->
<oauth:client-details-service id="OAuth2ClientDetails">
<oauth:client client-id="client1" authorized-grant-types="password,authorization_code,refresh_token,implicit,client_credentials" authorities="ROLE_ADMIN,ROLE_USER" scope="read,write,trust" secret="secret"/>
</oauth:client-details-service>
In my database I have a record for the client in the oauth_client_details table with client_id = client1, client_secret = secret, authorities = ROLE_ADMIN, scope = read,trust, authorized_grant_types = client_credentials,authorization_code,implicit
My request is to URL: http://localhost:8080/springsec/services/api/oauth2/token?grant_type=client_credentials
Header: Basic Auth with username: client1, password: secret
In the log I see the following, note that the OAuth2 client account was found in the database and the Authorization was successful, after this point I expected it to return a valid OAuth2 token and populate the respective tables with token information but it goes off into a 404 because the endpoint pattern was not found which is really bizzare:
16:28:39.853 [tomcat-http--3] DEBUG o.s.s.w.a.w.BasicAuthenticationFilter - Basic Authentication Authorization header found for user 'client1'
16:28:39.855 [tomcat-http--3] DEBUG o.s.s.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
16:28:39.861 [tomcat-http--3] DEBUG o.s.s.w.a.w.BasicAuthenticationFilter - Authentication success: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@c80a02b4: Principal: org.springframework.security.core.userdetails.User@334b85c6: Username: client1; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ADMIN, ROLE_USER
16:28:39.861 [tomcat-http--3] DEBUG o.s.security.web.FilterChainProxy - /services/api/oauth2/token?grant_type=client_credentials at position 7 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
16:28:39.863 [tomcat-http--3] DEBUG o.s.security.web.FilterChainProxy - /services/api/oauth2/token?grant_type=client_credentials at position 8 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
16:28:39.863 [tomcat-http--3] DEBUG o.s.security.web.FilterChainProxy - /services/api/oauth2/token?grant_type=client_credentials at position 9 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
Checking match of request : '/services/api/oauth2/token'; against '/services/api/oauth2/token'
16:28:39.863 [tomcat-http--3] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /services/api/oauth2/token?grant_type=client_credentials; Attributes: [hasAnyRole('ADMIN','USER')]
16:28:39.863 [tomcat-http--3] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@c80a02b4: Principal: org.springframework.security.core.userdetails.User@334b85c6: Username: client1; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ADMIN, ROLE_USER
16:28:39.871 [tomcat-http--3] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2105b1f8, returned: 1
16:28:39.871 [tomcat-http--3] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful
16:28:39.871 [tomcat-http--3] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object
16:28:39.871 [tomcat-http--3] DEBUG o.s.security.web.FilterChainProxy - /services/api/oauth2/token?grant_type=client_credentials reached end of additional filter chain; proceeding with original chain
16:28:39.876 [tomcat-http--3] DEBUG o.s.web.servlet.DispatcherServlet - DispatcherServlet with name 'webservices' processing GET request for [/springsec/services/api/oauth2/token]
16:28:39.880 [tomcat-http--3] DEBUG o.s.w.s.m.m.a.RequestMappingHandlerMapping - Looking up handler method for path /oauth2/token
16:28:39.886 [tomcat-http--3] DEBUG o.s.w.s.m.m.a.RequestMappingHandlerMapping - Did not find handler method for [/oauth2/token]
16:28:39.886 [tomcat-http--3] DEBUG o.s.s.o.p.e.FrameworkEndpointHandlerMapping - Looking up handler method for path /oauth2/token
16:28:39.887 [tomcat-http--3] DEBUG o.s.s.o.p.e.FrameworkEndpointHandlerMapping - Did not find handler method for [/oauth2/token]
16:28:39.887 [tomcat-http--3] WARN o.s.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/springsec/services/api/oauth2/token] in DispatcherServlet with name 'webservices'
16:28:39.887 [tomcat-http--3] DEBUG o.s.web.servlet.DispatcherServlet - Successfully completed request
16:28:39.888 [tomcat-http--3] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Chain processed normally
16:28:39.888 [tomcat-http--3] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
What am I doing wrong here? Any help is appreciated.
<context:component-scan base-package="org.springframework.security.oauth2.provider.endpoint"/>
into my configuration but got an error message:"Caused by: java.lang.IllegalStateException: TokenGranter must be provided
– SBKDeveloper