Re: Problem in About Apache CFX Spring Security Samples

[Sergey Beryozkin <sb...@gmail.com>]

Hi Ertuğrul

Thanks for your question, I'm redirecting to the users list,
On 30/05/13 13:40, Ertuğrul Saruhan wrote:
> Hello
>
> I have problem. I would like to implement OAuth with Apache CFX. There is a
> sample  named "*oauth*" (server and client) directory  in "*Apache CFX 2.75*
> ".
> I make it run on Jetty , but ı would like to move  both *client *and *server
> samples *to Glassfish and Netbeans. Everything  is fine and working , But
> only final step  "*/auth/resources/person/get/john*" and "*
> /auth/resources/person/modify/john*" *gives  500 code and error is*
> *"**An Authentication object was not found in the SecurityContext**" .*
> *
> *
> when i debug the sample code both in glassfish and jetty ,*  *
> *in "demo.oauth.server.spring.SpringOAuthAuthenticationFilter" *class *, *
> *line 51==> "List<String> authorities =
> (List<String>)request.getAttribute(OAUTH_AUTHORITIES);"  *
> *returns empty list  in Glassfish.*
> *But in Jetty , *return  roles* ROLE_USER*, *ROLE_ADMIN. *
> It does not set attribute* "**OAUTH_AUTHORITIES".*
> * I could not solve the problem , what it should be in Glassfish ? I have
> problem in 3 days , still does not solve.*
> *Can you give me advice please ? *
Unfortunately I've no idea why that does not work in Glassfish, you may 
want to ask a specific question on Glassfish forums: omit the fact that 
it is a CXF demo, as it is not important, but ask them why a Spring 
Security filter can not have the roles made available as servlet request 
attributes...
As an alternative, consider not even using Spring Security to enforce 
RBAC if it is all you need, simply use CXF SimpleAuthorizingInterceptor, 
it is a lot simpler to use

Sergey

> *
> *
>