Wrox Programmer Forums
BOOK: Professional Java for Web Applications
This is the forum to discuss the Wrox book Professional Java for Web Applications by Nicholas S. Williams; ISBN: 978-1-118-65646-4
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Professional Java for Web Applications section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
Old July 31st, 2014, 10:00 AM
Authorized User
Join Date: Apr 2014
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default Spring OAuth2 wrong redirect page

I have implemented a WebService that use OAuth2 (using Spring) for authentication.

It works but, when i access the url authorize i have (sometime) different behaviour:
  1. I access to authorize and the service redirect me to Login Page
  2. After logged in the service redirect me on index.jsp page
The other behavior (that is the right):
  1. Access to autorize page and the service redirect me to Login Page
  2. After logged in, the service redirect me to authorize page where i can select "Accept" or "Decline", and after that i can access to the service (with given token)
I have seen that the behavior i have is this
  1. Acess to authorize -> Redirect to Login page
  2. After logged in -> i get redirected to index.jsp
  3. I close the browser
  4. Access to authorize -> Redirect to Login page
  5. After logged in -> I get redirected to authorize page (where i have Accept / Decline)
This is a part of my secdurityConfiguration.xml

        <authentication-provider ref="customAuthenticationProvider" />

    <authentication-manager id="oauthClientAuthenticationManager">
        <authentication-provider user-service-ref="clientDetailsUserService">
            <password-encoder ref="passwordEncoder" />

    <oauth2:authorization-server token-services-ref="tokenServices"
                 user-approval-page="oauth/authorize" error-page="oauth/error">
        <oauth2:authorization-code />

    <beans:bean id="resourceServerFilter"
        <beans:property name="authenticationEntryPoint"
                        ref="oauthAuthenticationEntryPoint" />
        <beans:property name="tokenServices" ref="tokenServices" />
        <beans:property name="resourceId" value="SUPPORT" />

   <global-method-security pre-post-annotations="enabled" order="0"
        <expression-handler ref="methodSecurityExpressionHandler" />

    <http security="none" pattern="/resource/**" />
    <http security="none" pattern="/favicon.ico" />

    <http use-expressions="true" create-session="stateless"
          entry-point-ref="oauthAuthenticationEntryPoint" pattern="/oauth/token">
        <intercept-url pattern="/oauth/token"
                       access="hasAuthority('OAUTH_CLIENT')" />
        <http-basic />
        <access-denied-handler ref="oauthAccessDeniedHandler" />
        <expression-handler ref="webSecurityExpressionHandler" />

    <http use-expressions="true" create-session="stateless"
          entry-point-ref="oauthAuthenticationEntryPoint" pattern="/services/**">
        <intercept-url pattern="/services/**"
                       access="hasAuthority('OWNER')" />
        <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
        <access-denied-handler ref="oauthAccessDeniedHandler" />
        <expression-handler ref="webSecurityExpressionHandler" />

    <http use-expressions="true">
        <intercept-url pattern="/oauth/**" access="hasAuthority('OWNER')" />
        <intercept-url pattern="/login/**" access="permitAll() "/>
        <intercept-url pattern="/push/**"  access="permitAll()" />
        <intercept-url pattern="/logout"   access="permitall()" />
        <intercept-url pattern="/**"       access="isFullyAuthenticated()" />
        <form-login default-target-url="/" login-page="/login"
                    username-parameter="username" password-parameter="password" />
         <logout logout-url="/logout" logout-success-url="/login?loggedOut"
                delete-cookies="JSESSIONID" invalidate-session="true" />
        <session-management invalid-session-url="/login"
            <concurrency-control error-if-maximum-exceeded="true" max-sessions="1000"
                                 session-registry-ref="sessionRegistry" />
        <expression-handler ref="webSecurityExpressionHandler"/>
I have the same behaviour un Chapter 28. Sometime i get redirected to "Accept/Decline" page and sometime to Ticket Home(this is wrong).

The behaviour is totally random. Sometime i get redirected well for 10 times, and sometime to all query i get redirected wrong (in Ticket Home Page)

Last edited by mistre83; November 3rd, 2014 at 12:58 PM..

Similar Threads
Thread Thread Starter Forum Replies Last Post
about wrong page redirect! jason_lai ASP.NET 2.0 Basics 2 June 6th, 2007 08:31 PM
redirect to page other than default page sarah lee ASP.NET 1.0 and 1.1 Basics 3 December 15th, 2006 05:45 PM
Redirect to new page without closing current page peter2004 ASP.NET 2.0 Basics 5 June 5th, 2006 08:49 PM
Redirect to next page qazi_nomi Javascript How-To 1 September 1st, 2004 02:07 AM
Redirect page Warbird Classic ASP Basics 4 June 20th, 2003 07:51 PM

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.