cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Schyma <psch...@adeece.com>
Subject Re: CXF OAuth2 AuthorizationCodeGrantService in Karaf
Date Tue, 30 Oct 2012 11:48:56 GMT
Hi,

thank you for your answer.

I tried your suggestions, but none of them works. Every time the same 
result: a zero-length content.

Right now i am using a workaround. I implemented a MessageBodyWriter 
that creates the authorization site HTML code in plain Java.

I'll dig deeper into it on the weekend.

Greetings,
Peter

Am 30.10.2012 12:11, schrieb Sergey Beryozkin:
> Hi
> On 26/10/12 15:54, Peter Schyma wrote:
>> Hi,
>>
>> i am trying to setup an OAuth2 Server using CXFs implementation.
>> Following the documentation[1], i have implemented an OAuthDataProvider
>> and wired it to the AuthorizationCodeGrantService.
>>
>> Everything works fine. But when i request the authorization in my
>> browser, i only get a blank page/ zero-length content response.
>>
>> I am attaching an instance of RequestDispatcherProvider to the
>> jaxrs:server that serves the authorization. Like the documentation
>> suggested: the OAuthAuthorizationData is to be rendered by an JSP. In
>> the logs i see the expected output:
>> 'Setting an instance of
>> "org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData" as
>> HttpServletRequest attribute "data" and redirecting the response to
>> "/jsp/authorize.jsp"'.
>>
>> But i see this even when i map to an non-existing JSP without any errors
>> in the logs.
>>
> It appears the container (Jetty at least) does not enforce, when
> locating RequestDispatcher, the existence of the actual handler.
>
>> After messing arround with this issue, i tried XSLTJaxbProvider. This
>> provider at least emits warning about missing files and as a result
>> throws an exception when it tries to render the output: [2].
>>
>> Disabling both providers display the XML serialization of the
>> OAuthAuthorizationData instance.
>>
>> [3] shows a slightly shortend version of the blueprint context
>> definition i am using to startup the service.
>>
>> While inspecting the missing resource warning of the XSLTJaxbProvider
>> with my debugger, i noticed that it uses the ClassLoader (getting it by
>> CXF Bus) of another bundle that is exposing a REST service via CXF -
>> because that bundle is started earlier. So i tried to name the busses of
>> both bundles. But this doesn't have any impact on the output.
>>
>> JSP support is active as there is another bundle that uses JSPs to
>> render web pages but without CXF.
>>
>> I deactivated both bundles so that the OAuth service bundle is the only
>> one that uses CXF or JSPs. But still no output.
>>
>> I imported Servlet and JSP packages in the service bundle. Still no
>> output.
>>
>> The CXF version is 2.7.0 - but 2.6.2 yields the same result. Karaf
>> versions 2.2.9 and 2.3.0 yield also the same result with both CXF
>> versions. The installed features are: cxf, cxf-rs-security-oauth2 (and
>> their dependencies).
>>
>> Am i missing something from the docs? Any hints are appreciated.
>
> Actually, the demos I worked upon have not been tested within Karaf,
> which is a shame, I will look into it asap. I believe it is not a CXF
> issue, but at the moment I wonder if it is to do with the fact that the
> application bundle may not have been deployed as a war-bundle ? Would
> setting a RequestDispatcherProvider "dispatcherName" property to "jsp"
> help ? Perhaps jsp resources have to be exported from the app bundle ?
>
> I guess it is really about getting a jsp resource visible. You are
> probably the first person who attempts to do in OSGI - I'm hoping to
> help asap :-)
>
> Cheers, Sergey
>
>>
>>
>> Thanks
>> Peter
>>
>> [1] http://cxf.apache.org/docs/jax-rs-oauth2.html
>> [2] http://pastebin.com/vdqmNc0Q
>> [3] http://pastebin.com/CtCR6qRf
>


Mime
View raw message