Fix WWW-Authenticate challenge for form-based client authentication

The default AuthenticationEntryPoint for the client credentials token filter was returning "Basic" style headers on a 401. This change fixes the default to be the same as it was in XML (I believe).
jwjiwon · Apr 14, 2015 · bbd7b70 · bbd7b70
1 parent 3a76715
commit bbd7b70
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 3 deletions.
diff --git a/...urity/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java b/...urity/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.java
@@ -174,6 +174,10 @@ private ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilte
 				frameworkEndpointHandlerMapping().getServletPath("/oauth/token"));
 		clientCredentialsTokenEndpointFilter
 				.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
+		OAuth2AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint();
+		authenticationEntryPoint.setTypeName("Form");
+		authenticationEntryPoint.setRealmName(realm);
+		clientCredentialsTokenEndpointFilter.setAuthenticationEntryPoint(authenticationEntryPoint);
 		clientCredentialsTokenEndpointFilter = postProcess(clientCredentialsTokenEndpointFilter);
 		http.addFilterBefore(clientCredentialsTokenEndpointFilter, BasicAuthenticationFilter.class);
 		return clientCredentialsTokenEndpointFilter;

diff --git a/...ation/common/src/main/java/sparklr/common/AbstractResourceOwnerPasswordProviderTests.java b/...ation/common/src/main/java/sparklr/common/AbstractResourceOwnerPasswordProviderTests.java
@@ -135,7 +135,7 @@ public void testTokenNotGrantedIfSecretNotProvided() throws Exception {
 			assertEquals(1, values.size());
 			String header = values.get(0);
 			assertTrue("Wrong header " + header,
-					header.contains("Basic realm=\"oauth2/client\""));
+					header.contains("realm=\"oauth2/client\""));
 		}
 	}
 

diff --git a/tests/annotation/form/src/test/java/demo/ResourceOwnerPasswordProviderTests.java b/tests/annotation/form/src/test/java/demo/ResourceOwnerPasswordProviderTests.java
@@ -1,13 +1,23 @@
 package demo;
 
 import org.springframework.boot.test.SpringApplicationConfiguration;
+import org.springframework.security.oauth2.client.resource.BaseOAuth2ProtectedResourceDetails;
+import org.springframework.security.oauth2.client.test.BeforeOAuth2Context;
+import org.springframework.security.oauth2.common.AuthenticationScheme;
 
 import sparklr.common.AbstractResourceOwnerPasswordProviderTests;
 
 /**
  * @author Dave Syer
  */
-@SpringApplicationConfiguration(classes=Application.class)
-public class ResourceOwnerPasswordProviderTests extends AbstractResourceOwnerPasswordProviderTests {
+@SpringApplicationConfiguration(classes = Application.class)
+public class ResourceOwnerPasswordProviderTests extends
+		AbstractResourceOwnerPasswordProviderTests {
+
+	@BeforeOAuth2Context
+	public void tweakClientAuthentication() {
+		((BaseOAuth2ProtectedResourceDetails)context.getResource())
+				.setClientAuthenticationScheme(AuthenticationScheme.form);
+	}
 
 }