How To Configure /oauth/token ModelAndView in Spring - spring

I successfully configured an oauth spring application. However, my headache is how to make it return to the login page with a successful token; The log shows the following entry:
`DEBUG o.s.web.servlet.DispatcherServlet - Null ModelAndView returned to DispatcherServlet with name 'dispatcher': assuming HandlerAdapter completed request handling`
Here is my login page:
` <c:url value="/oauth/token" var="loginProcessingUrl"/>
<form:form action="${loginProcessingUrl}" method="post">
<fieldset>
<legend>Please Login</legend>
<!-- use param.error assuming FormLoginConfigurer#failureUrl contains the query parameter error -->
<c:if test="${param.error != null}">
<div>
Failed to login.
<c:if test="${SPRING_SECURITY_LAST_EXCEPTION != null}">
Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}" />
</c:if>
</div>
</c:if>
<!-- the configured LogoutConfigurer#logoutSuccessUrl is /login?logout and contains the query param logout -->
<c:if test="${param.logout != null}">
<div>
You have been logged out.
</div>
</c:if>
<c:if test="${param.success != null}">
<div>
You have been successfully been authenticated.
</div>
</c:if>
<p>
<label for="username">Username</label>
<input type="text" id="username" name="username"/>
</p>
<p>
<label for="password">Password</label>
<input type="password" id="password" name="password"/>
</p>
<!-- if using RememberMeConfigurer make sure remember-me matches RememberMeConfigurer#rememberMeParameter -->
<p>
<label for="remember-me">Remember Me?</label>
<input type="checkbox" id="remember-me" name="remember-me"/>
<input type="hidden" id="client_id" name="client_id" value="11111111"/>
<input type="hidden" id="client_secret" name="client_secret" value="2222222"/>
<input type="hidden" id="grant_type" name="grant_type" value="password"/>
<input type="hidden" id="response_type" name="response_type" value="token"/>
<input type="hidden" id="redirect_uri" name="redirect_uri" value="/login?success=1"/>
</p>
<div>
<button type="submit" class="btn">Log in</button>
</div>
</fieldset>
`
And here's my spring-security.xml file:
`<http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="authenticationManager"
xmlns="http://www.springframework.org/schema/security">
<intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
<anonymous enabled="false" />
<http-basic entry-point-ref="clientAuthenticationEntryPoint" />
<custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER"/>
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>`
Why can't I go back to the login page once a token is successfully issued. Any help is appreciated.
Thanks

Related

Password reset using spring through mail

I have implemented, mailing feature through which a confirmation token is send to the user and on clicking the url provided, a page opens that fills the email id of the user to which the email is sent.
Then they can reset, however when i am trying to submit the form with the new password. It is not passing the value to the function i have provided.
#PostMapping("/resetUserPassword")
public String accountPasswordReset(#Valid #ModelAttribute("updateUserPassword") ResetPassword user, BindingResult theBindingResult, Model theModel){
//this line outputs null value
System.out.println("accountPasswordReset: email="+user.getEmail());
if(user.getEmail()!=null) {
User tokenUser = userService.findByEmailIdIgnoreCase(user.getEmail());
tokenUser.setPassword(passwordEncoder.encode(user.getPassword()));
userService.save(tokenUser);
return "successPasswordReset";
}else {
return "error";
}
}
<form:form action="${pageContext.request.contextPath}/register/resetUserPassword" modelAttribute="updateUserPassword" class="form-horizontal" method="POST">
<!-- Email -->
<div class="form-group">
<label for="emailId">Email (*)</label>
<form:input path="email" id="emailId" placeholder="email (*)"
class="form-control" disabled="true" readonly="true" />
<form:errors path="email" cssClass="error" />
</div>
<!-- Password -->
<div class="form-group">
<label for="password">Password (*)</label>
<form:password path="password" id="password"
placeholder="password (*)" class="form-control" />
<form:errors path="password" cssClass="error" />
</div>
<!-- Reset Button -->
<div style="margin-top: 10px" class="form-group">
<div class="col-sm-6 controls">
<button type="submit" class="btn btn-primary">Reset</button>
</div>
</div>
</form:form>
I was missing smallest thing, in this line i just removed disabled="true" and it works
<form:input path="email" id="emailId" placeholder="email (*)" class="form-control" disabled="true" readonly="true" />
to
<form:input path="email" id="emailId" placeholder="email (*)" class="form-control" readonly="true" />

Changing Google CSE custom search from http to https

I am using Google Custom Search box with below code
<div class="cse">
<form action="http://www.google.com/cse" id="cse-search-box">
<div>
<input type="hidden" name="cx" value="xxxxxxxxxx" />
<input type="hidden" name="ie" value="UTF-8" />
<input type="text" name="q" size="30" />
<input type="submit" name="sa" value="Search" />
</div>
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script></td></p>
</div>
However as now going to shift all pages to https - has to replace the code
<div class="cse">
<form action="https://cse.google.com/cse" id="cse-search-box">
<div>
<input type="hidden" name="cx" value="xxxxxxxxxx" />
<input type="hidden" name="ie" value="UTF-8" />
<input type="text" name="q" size="30" />
<input type="submit" name="sa" value="Search" />
</div>
</form>
<script type="text/javascript" src="https://cse.google.com/cse.js?cx=' + cx/brand?form=cse-search-box&lang=en"></script></td></p>
</div>
Can anyone help and assist if the above modified code is correct
That seems like it should work, but you should consider switching to the Custom Search Element --- It's the modern, supported way to use Google Custom Search

C# Launching Yodlee FastLink

I'm doing a project to launch yodlee fastlink. I was able to get the token and userSession and trying the below codes. I'm only getting "Cannot POST resource". I'm trying to find a more detailed/simpler documentation. Any help would be appreciated.
<form action="https://node.developer.yodlee.com/authenticate/restserver" method="post" name="rsessionPost" id="rsessionPost" target="yodleeIframe">
<input style="visibility: hidden" type="text" name="rsession" placeholder="rsession" value="08312016_0:149676f79ace306255a2c7827f9db590ccabd7350ad5d952f31fc503675bba9ec522728c213a9e5c3e98bd8ceff795c88f9a6f80040a68ce325ae54759f6e504" id="rsession" /><br />
<input style="visibility: hidden" type="text" name="app" placeholder="FinappId" value="10003600" id="finappId" /><br />
<input style="visibility: hidden" type="text" name="redirectReq" placeholder="true/false" value="true" /><br />
<input style="visibility: hidden" type="text" name="token" placeholder="token" value="e59f51a169f52925cd715a945630686e59667d2d1fae511fd50b4e292a8e7342" id="token" /><br />
<input type="submit" name="submit" />
</form>
It seems like there is a forward slash '/' missing at the end of the URL.
Please put it there and submit the form you should be able to access Fastlink.
"https://node.developer.yodlee.com/authenticate/restserver/"

spring authentication: can't logout

I'm new to Spring. I can't logout with spring security.
Login works fine, and I'm following this post to implement the logout function.
but I can't make it work.
here's my spring-security.xml:
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/index" access="hasRole('ROLE_USER')" />
<security:logout logout-success-url="/index" logout-url="/logout" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="matt3o" password="secret" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
and here's my index.jsp:
<c:if test="${pageContext.request.userPrincipal.name != null}">
<h2>Welcome : ${pageContext.request.userPrincipal.name}
</c:if>
<p>Logout</p>
Please can somebody explain to me how loggin/loggout works and why my logout doesn't ?
In index.jsp I'm trying to logout in different ways, none of them works:
<!--1-->
<c:url value="/logout" var="logoutUrl" />
<form id="logout" action="${logoutUrl}" method="post" >
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
</form>
<c:if test="${pageContext.request.userPrincipal.name != null}">
Logout
</c:if>
<br><br>
<!--2-->
logout1
<br><br>
<!--3-->
<a href='<c:url value="j_spring_security_logout" />'>logout</a>
Spring Security 4 requires a POST request to logout instead of a GET. Next to that by default it is secured using a CSFR token, which you would need to add to the form (see the javadoc).
So instead of a link use a form to invoke the logout.
<c:url var="logoutUrl" value="/logout"/>
<form action="${logoutUrl}" method="post">
<input type="submit" value="Log out" />
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
</form>
or when using the security tag library
<c:url var="logoutUrl" value="/logout"/>
<form action="${logoutUrl}" method="post">
<input type="submit" value="Log out" />
<sec:csrfInput />
</form>
See also here and here in the reference guide.
If you want to use a GET either configure the logout functionality as such that it supports GET requests (for this you need to provide an ant matcher) or by disabling CSFR which can be done by adding <sec:csfr disabled="true" /> to your xml configuration.
you can use
href="<c:url value="/logout"/>"

how to call two submit buttons in spring form, one calls j_spring_security_check and another one calling controller method

How to call two submit buttons in spring form,
one button calls j_spring_security_check and another button one calling controller method.
following is login form
<form action="../../j_spring_security_check" method="post" >
<div class="right">
<ul>
<li>
<spring:message code="label.userName" text="UserName" />
<input id="j_username" name="j_username" type="text" />
<form:errors path="firstName" cssclass="error"> </form:errors>
</li>
<li>
<spring:message code="label.password" text="Password" />
<input id="j_password" name="j_password" type="password" />
<form:errors path="password" cssclass="error"></form:errors>
</li>
<li>
<input type="submit" value="Login" />
</li>
</ul>
</div>
</form>
<form action="/portal/main/resetForgetPassword" method="POST">
<input type="submit" value="ForgetPassword">
</form>
thanks advance
I guess your problem is that for every URL it is going to Security form of spring.
So you need to permit for some url so that it should not go to j_spring_security_check
You can do this in the security.xml (whatever may be the name of that file).
<intercept-url pattern="/portal/main/forgetPassword*" access="permitAll" />
<intercept-url pattern="/*" access="hasRole('ROLE_ADMIN_ASSUMED')">
And also in your html code
Forget Password

Resources