Giters

spring-guides / tut-spring-security-and-angular-js

Spring Security and Angular:: A tutorial on how to use Spring Security with a single page application with various backend architectures, ranging from a simple single server to an API gateway with OAuth2 authentication.

Home Page:https://spring.io/guides/tutorials/spring-security-and-angular-js/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

UserInfoRestTemplateCustomizer doesn't work in UI application

Pasha-gharibi opened this issue · comments

commented

I want to logout user completely, I log out successfuly but when I redirect to localhost:999/login I see this whitelable page whit this concept

Whitelabel Error Page

This application has no explicit mapping for /error, so you are seeing this as a fallback.

Tue Aug 09 19:12:22 IRDT 2016
There was an unexpected error (type=Unauthorized, status=401).
Authentication Failed: Could not obtain user details from token

I have removed access_token and refresh_token from my session store, so I have this log in uaa Application :

2016-08-09 19:12:22.789 DEBUG 2100 --- [io-9999-exec-10] o.s.security.web.FilterChainProxy : /oauth/check_token reached end of additional filter chain; proceeding with original chain
2016-08-09 19:12:22.790 DEBUG 2100 --- [io-9999-exec-10] .s.o.p.e.FrameworkEndpointHandlerMapping : Looking up handler method for path /oauth/check_token
2016-08-09 19:12:22.790 DEBUG 2100 --- [io-9999-exec-10] .s.o.p.e.FrameworkEndpointHandlerMapping : Returning handler method [public java.util.Map<java.lang.String, ?> org.springframework.security.oauth2.provider.endpoint.CheckTokenEndpoint.checkToken(java.lang.String)]
2016-08-09 19:12:22.797 INFO 2100 --- [io-9999-exec-10] o.s.s.o.p.endpoint.CheckTokenEndpoint : Handling error: InvalidTokenException, Token has expired
2016-08-09 19:12:22.799 DEBUG 2100 --- [io-9999-exec-10] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
2016-08-09 19:12:22.799 DEBUG 2100 --- [io-9999-exec-10] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed

and I see this log in UI application :

2016-08-09 19:12:22.803 DEBUG 5656 --- [nio-8080-exec-4] .a.SimpleUrlAuthenticationFailureHandler : No failure URL set, sending 401 Unauthorized error
2016-08-09 19:12:22.803 DEBUG 5656 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2016-08-09 19:12:22.803 DEBUG 5656 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2016-08-09 19:12:22.803 DEBUG 5656 --- [nio-8080-exec-4] o.s.b.c.web.OrderedRequestContextFilter : Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade@600d32ae
2016-08-09 19:12:22.803 DEBUG 5656 --- [nio-8080-exec-4] o.s.b.a.e.mvc.EndpointHandlerMapping : Looking up handler method for path /error
2016-08-09 19:12:22.803 DEBUG 5656 --- [nio-8080-exec-4] o.s.b.a.e.mvc.EndpointHandlerMapping : Did not find handler method for [/error]

there is a class in UI that I can configure it , but I don't know why it doesn't work :

// Remove this when upgrading to Spring Boot 1.3.1 (spring-projects/spring-boot#4553)

@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class WorkaroundRestTemplateCustomizer implements UserInfoRestTemplateCustomizer {


    @Override
    public void customize(OAuth2RestTemplate template) {
        template.setErrorHandler(new ResponseErrorHandlerImpl());
        template.setInterceptors(new ArrayList<>(template.getInterceptors()));
    }

    @Configuration
    public static  class ResponseErrorHandlerImpl implements ResponseErrorHandler {
        @Override
        public boolean hasError(ClientHttpResponse clientHttpResponse) throws IOException {
            System.out.println("here!");
            return false;
        }

        @Override
        public void handleError(ClientHttpResponse clientHttpResponse) throws IOException {
            System.out.println("here!");
        }
    }
}

I just want to don't see Whitelable page.
please help me.

commented

You are trying to customize the wrong thing I think. I'm not really sure what the actual problem is though. Can you fork the samples in this project and change one of them so that it has the issue you are describing, and then post back with steps to reproduce?

commented

Sure, thanks for new fork.
I changed JWT to JDBC token store and removed access_token and refresh_token from token store to logout from whole clients. but tokens remained in cookies in browser so oauthserver recieved a token which its session was removed and I saw that whitelable page.
let me pull new fork and check tokens behavior in new version I will inform you.
Thanks