OAuth2 Got 401 calling /authorize of AuthorizationCodeGrantService with DefaultEHCacheCodeDataProvider

Tue, 04 Aug 2015 03:34:09 -0700 

guys,

I am getting started with the DefaultEHCacheCodeDataProvider implementation
but stuck calling the /authorize rest call.
I used cxf release v3.1.1 and here is how I configured the beans:

    <bean id="oauthProvider"
class="org.apache.cxf.rs.security.oauth2.grants.code.DefaultEHCacheCodeDataProvider"/>

    <bean id="accessTokenService"
class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
        <property name="dataProvider" ref="oauthProvider"/>
    </bean>
    <bean id="accessTokenValidatorService"
class="org.apache.cxf.rs.security.oauth2.services.AccessTokenValidatorService">
        <property name="dataProvider" ref="oauthProvider"/>
    </bean>
    <bean id="authorizationService"
class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
        <property name="dataProvider" ref="oauthProvider"/>
    </bean>

   <jaxrs:server id="oauth2_service" address="/">
        <jaxrs:features>
            <cxf:logging />
        </jaxrs:features>

        <jaxrs:serviceBeans>
            <ref bean="accessTokenService"/>
            <!--<ref bean="accessTokenValidatorService"/>-->
            <ref bean="authorizationService"/>
        </jaxrs:serviceBeans>
        <jaxrs:providers>
            <bean
class="com.wordnik.swagger.jaxrs.listing.ResourceListingProvider"/>
            <bean class="com.wordnik.swagger.jaxrs.json.JacksonJsonProvider"/>
            <bean
class="com.wordnik.swagger.jaxrs.listing.ApiDeclarationProvider"/>
        </jaxrs:providers>
    </jaxrs:server>

And here is the rest request (as suggested in
http://cxf.apache.org/docs/jax-rs-oauth2.html)

GET 
http://localhost:8080/oauth2/rest/authorize?client_id=123456789&scope=updateCalendar-7&response_type=code&redirect_uri=http%3A//localhost%3A8080/services/reservations/reserve/complete&state=1

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Authorization: Basic YmFycnlAc29jaWFsLmNvbToxMjM0
Cookie: JSESSIONID=suj2wyl54c4g
Referer: http://localhost:8080/services/forms/reservation.jsp

But the result is a 401 error.

I followed the source code and caught the exception source in
org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.getAndValidateSecurityContext

if (securityContext == null || securityContext.getUserPrincipal() == null) {
    throw ExceptionUtils.toNotAuthorizedException(null, null);
}

securityContext is not null but getUserPrincipal returns null. Is that
means the security context is not correctly generated given the
Authorization: Basic header is provided? Or do I need register a
custom request filter to do this?

I am new to CXF and thanks for any suggestion/hints.

Reply via email to