Hi
On 26/10/12 15:54, Peter Schyma wrote:
Hi,
i am trying to setup an OAuth2 Server using CXFs implementation.
Following the documentation[1], i have implemented an OAuthDataProvider
and wired it to the AuthorizationCodeGrantService.
Everything works fine. But when i request the authorization in my
browser, i only get a blank page/ zero-length content response.
I am attaching an instance of RequestDispatcherProvider to the
jaxrs:server that serves the authorization. Like the documentation
suggested: the OAuthAuthorizationData is to be rendered by an JSP. In
the logs i see the expected output:
'Setting an instance of
"org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData" as
HttpServletRequest attribute "data" and redirecting the response to
"/jsp/authorize.jsp"'.
But i see this even when i map to an non-existing JSP without any errors
in the logs.
It appears the container (Jetty at least) does not enforce, when
locating RequestDispatcher, the existence of the actual handler.
After messing arround with this issue, i tried XSLTJaxbProvider. This
provider at least emits warning about missing files and as a result
throws an exception when it tries to render the output: [2].
Disabling both providers display the XML serialization of the
OAuthAuthorizationData instance.
[3] shows a slightly shortend version of the blueprint context
definition i am using to startup the service.
While inspecting the missing resource warning of the XSLTJaxbProvider
with my debugger, i noticed that it uses the ClassLoader (getting it by
CXF Bus) of another bundle that is exposing a REST service via CXF -
because that bundle is started earlier. So i tried to name the busses of
both bundles. But this doesn't have any impact on the output.
JSP support is active as there is another bundle that uses JSPs to
render web pages but without CXF.
I deactivated both bundles so that the OAuth service bundle is the only
one that uses CXF or JSPs. But still no output.
I imported Servlet and JSP packages in the service bundle. Still no output.
The CXF version is 2.7.0 - but 2.6.2 yields the same result. Karaf
versions 2.2.9 and 2.3.0 yield also the same result with both CXF
versions. The installed features are: cxf, cxf-rs-security-oauth2 (and
their dependencies).
Am i missing something from the docs? Any hints are appreciated.
Actually, the demos I worked upon have not been tested within Karaf,
which is a shame, I will look into it asap. I believe it is not a CXF
issue, but at the moment I wonder if it is to do with the fact that the
application bundle may not have been deployed as a war-bundle ? Would
setting a RequestDispatcherProvider "dispatcherName" property to "jsp"
help ? Perhaps jsp resources have to be exported from the app bundle ?
I guess it is really about getting a jsp resource visible. You are
probably the first person who attempts to do in OSGI - I'm hoping to
help asap :-)
Cheers, Sergey
Thanks
Peter
[1] http://cxf.apache.org/docs/jax-rs-oauth2.html
[2] http://pastebin.com/vdqmNc0Q
[3] http://pastebin.com/CtCR6qRf
