Geek Answers Handbook

Spring security oauth2 ClassCastException setting DefaultTokenServices

I am trying to run a sample application using spring boot and spring security oauth with configured JdbcTokenStore and DefaultTokenServices with infinite life access tokens.

Starting this application with gradle bootRun, the application will not start and throws "Caused by: java.lang.ClassCastException: com.sun.proxy. $ Proxy51 cannot be passed to org.springframework.security.oauth2.provider.token.DefaultTokenServices"

Why is there a proxy wrapped around a DefaultTokenServices bean?

The strange thing is starting the application using InMemoryTokenStore ... everything works fine (see the inmemory branch).

Source code https://github.com/grafjo/oauth_demo/blob/master/src/main/java/demo/AuthorizationServerConfiguration.java

Full trace: http://pastebin.com/SUcwz4S5

+7
spring spring-security spring-security-oauth2
source share
5 answers

A quick look at the DefaultTokenService shows that it is annotated with @Transactional. Spring is going to wrap it in a proxy for serving transactions - as a result, you need to interact with the class by its interface.

For your tokenService bean:

@Bean public DefaultTokenServices tokenServices() { final DefaultTokenServices defaultTokenServices = new DefaultTokenServices(); defaultTokenServices.setAccessTokenValiditySeconds(-1); defaultTokenServices.setTokenStore(tokenStore()); return defaultTokenServices; }

try changing it to this:

 @Bean public AuthorizationServerTokenServices tokenServices() { final DefaultTokenServices defaultTokenServices = new DefaultTokenServices(); defaultTokenServices.setAccessTokenValiditySeconds(-1); defaultTokenServices.setTokenStore(tokenStore()); return defaultTokenServices; }
+7
source share

My application also had a similar exception, but when spring oauth version changed from 2.0.7.RELEASE to 2.0.3.RELEASE, it worked. Perhaps this is a bug in latests versions?

EDIT: from the error, it seems that the problem is with proxies created using spring. When I change the proxy type in CGLIB instead of the default dynamic proxies, it also works with version 2.0.7. This parameter can be set using the proxyTargetClass @EnableTransactionManagement(proxyTargetClass = true)

However, this solution is not attractive to me, since I prefer the default proxy method over CGLIB. Here is also an article explaining proxy methods http://thecafetechno.com/tutorials/spring/spring-proxying-mechanisms/

+3
source share

This works with version 2.0.7.RELEASE

  @Primary @Bean protected AuthorizationServerTokenServices tokenServices() throws Exception{

After you change DefaultTokenServices to AuthorizationServerTokenServices, Spring will throw an error:

No qualification bean of type [org.springframework.security.oauth2.provider.token.ResourceServerTokenServices] is defined: expected one-time bean match, but found 3: defaultAuthorizationServerTokenServices, consumerTokenServices, tokenServices "}}

+1
source share

I had the same problem using 2.0.9.RELEASE in the following combination:

pom.xml:

 ... <spring.version>4.1.4.RELEASE</spring.version> <spring-security.version>3.2.5.RELEASE</spring-security.version> <spring-security-oauth2.version>2.0.9.RELEASE</spring-security-oauth2.version> ...

and had the same Exception.

Go to

 ... <spring-security-oauth2.version>2.0.3.RELEASE</spring-security-oauth2.version> ...

solved the problem for me.

0
source share

add

 <aop:config proxy-target-class="true"/>

in spring configuration.

0
source share

More articles:


All Articles