I found a solution by writing a shell controller and assigning a defaultkenkenEndpoint bean
@FrameworkEndpoint public class LoginContrller{ private static Logger logger = org.slf4j.LoggerFactory.getLogger(LoginContrller.class); private WebResponseExceptionTranslator providerExceptionHandler = new DefaultWebResponseExceptionTranslator(); @Autowired private UserManager userManager; @Autowired TokenEndpoint tokenEndPoint; @RequestMapping(value = "/user/login", method=RequestMethod.POST,consumes=MediaType.APPLICATION_JSON) public ResponseEntity<OAuth2AccessToken> postAccessToken(Principal principal, @RequestParam Map<String, String> parameters,@RequestBody(required=false) LoginModel loginModel) throws HttpRequestMethodNotSupportedException { ResponseEntity<OAuth2AccessToken> response = tokenEndPoint.postAccessToken(principal, parameters); if(!isRefreshTokenRequest(parameters)){ if(loginModel!=null){ loginModel.setUsername(parameters.get("username")); try { userManager.loginUser(loginModel); } catch (UserNotFoundException e) { logger.warn("Exception in custom login {} ",e); } } } return response; } private boolean isRefreshTokenRequest(Map<String, String> parameters) { return "refresh_token".equals(parameters.get("grant_type")) && parameters.get("refresh_token") != null; } private boolean isAuthCodeRequest(Map<String, String> parameters) { return "authorization_code".equals(parameters.get("grant_type")) && parameters.get("code") != null; } @ExceptionHandler(HttpRequestMethodNotSupportedException.class) public void handleHttpRequestMethodNotSupportedException(HttpRequestMethodNotSupportedException e) throws Exception { logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage()); throw e; } @ExceptionHandler(Exception.class) public ResponseEntity<OAuth2Exception> handleException(Exception e) throws Exception { logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage()); return getExceptionTranslator().translate(e); } @ExceptionHandler(ClientRegistrationException.class) public ResponseEntity<OAuth2Exception> handleClientRegistrationException(Exception e) throws Exception { logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage()); return getExceptionTranslator().translate(new BadClientCredentialsException()); } @ExceptionHandler(OAuth2Exception.class) public ResponseEntity<OAuth2Exception> handleException(OAuth2Exception e) throws Exception { logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage()); return getExceptionTranslator().translate(e); } private WebResponseExceptionTranslator getExceptionTranslator() { return providerExceptionHandler; } }
Change in web.xml: just replace the url with a new one
<servlet-mapping> <servlet-name>appServlet</servlet-name> <url-pattern>/user/login</url-pattern> </servlet-mapping>
Finally, create a bean using the logincontroller class and change the URL in spring -security.xml.
Change the oauth token url and clientCredentialsTokenEndpointFilter url as below.
<sec:http pattern="/user/login" create-session="stateless" authentication-manager-ref="clientAuthenticationManager" use-expressions="true" > <sec:intercept-url pattern="/user/login" access="isFullyAuthenticated()"/> <sec:csrf disabled="true"/> <sec:anonymous enabled="false" /> <sec:http-basic entry-point-ref="clientAuthenticationEntryPoint" /> <sec:custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER" /> </sec:http> <bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter"> <constructor-arg value="/user/login"></constructor-arg> <property name="authenticationManager" ref="clientAuthenticationManager" /> <property name="filterProcessesUrl" value="/user/login" /> </bean> <bean class="com.oauth2.provider.endpoint.LoginContrller" />