The following configuration is based on the web.xml class:
public class WebApp extends AbstractDispatcherServletInitializer { @Override protected WebApplicationContext createServletApplicationContext() { AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext(); context.scan(ClassUtils.getPackageName(getClass())); return context; } @Override protected String[] getServletMappings() { return new String[]{"/api/*"}; } @Override protected WebApplicationContext createRootApplicationContext() { return null; } @Override public void onStartup(ServletContext servletContext) throws ServletException { super.onStartup(servletContext); DelegatingFilterProxy filter = new DelegatingFilterProxy("springSecurityFilterChain"); filter.setServletContext(servletContext); filter.setContextAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher"); servletContext.addFilter("springSecurityFilterChain", filter).addMappingForUrlPatterns(null, false, "/api/*"); } }
When I try to access one of the oauth endpoints, I get the following result:
curl -u core:secret "http://localhost:8081/api/oauth/token?client_id=core&grant_type=password&username=user&password=123&response_type=token&scope=admin" {"error":"unauthorized","error_description":"There is no client authentication. Try adding an appropriate authentication filter."}%
Strange, when I change the servlet mapping from / api / * to / it, it works as expected. So something must be wrong, but I do not know what?
spring spring-mvc spring-security spring-security-oauth2
Jonas geiregat
source share