I'm working on an OAuth server implementation based on the jersey-oauth 1.16 contrib in GlassFish 3.1.2 container and I'm getting this exception when trying to connect to it via Scribe client API:
AuthFilter.filter:
com.sun.jersey.oauth.signature.UnsupportedSignatureMethodException: HMAC-SHA1
for com.sun.jersey.oauth.server.OAuthServerRequest#13a50796
https://wikis.oracle.com/display/Jersey/OAuth states "It supports the signature methods outlined in OAuth Core 1.0 specification: HMAC-SHA1, RSA-SHA1, and PLAINTEXT" so I'm confused.
Do I have some misconfiguration issue?
Any suggestion/pointer/idea would be welcome.
Thanks!
Should this happen to anyone else, I thought I would share how I resolved this issue.
GlassFish 3.1.2 seems to still be stuck to an old version of Jersey 1.11. I guess there's some sort of incompatibility between Jersey 1.11 and the oauth contrib 1.16.
http://jersey.java.net/nonav/documentation/latest/glassfish.html describes how Jersey may be updated in the GlassFish container.
It's a bit tricky to do, but I've now Jersey 1.17 and it's working like a charm. :)
Unfortunately, I cannot add comments yet, but I just wanted to point out that the latest Jersey libraries for GlassFish can be found in this location. I was able to follow the instructions and make OAuth+Jersey work with Glassfish v3. Thanks, TheArchitect!
Related
I'm having surprising difficulty getting hold of a JWT library which works with Grails 2.2.x, and I'm hoping someone can point me in the right direction. Stormpath's JJWT looks promising (https://github.com/jwtk/jjwt), but I am running into all kinds of dependency issues which I can't resolve. There seems to be a plugin which latches on to Spring Security (http://plugins.grails.org/plugin/grails/spring-security-rest) but I'm not actually using Spring Security - not sure if I have to. Any useful pointers would be welcome!
Figured it out. Nimbus JOSE + JWT (https://connect2id.com/products/nimbus-jose-jwt) works fine. I downloaded the 2 necessary jar files, nimbus-jose-jwt-4.34.2.jar and a dependency, json-smart-2.2.1.jar, from the Maven repo.
I'm attempting to get Recaptcha for .NET working with ASP.NET MVC 4.0 on an https site that is using SSL. I've been reading up on it and the problem seems prolific, but I'm having a hard time finding a solution.
I've seen this related topic here Stackoverflow Question and it did not solve the problem. I am following the documentation here : RecaptchaNET Documentation
I have made an ad-hoc solution work by running the page in non HTTPS and just copying and pasting the raw HTML code, and changing the various URLS. But I'd like to make this work with the actual HTML helper. Can anyone help? Has this changed since that original topic?
There are a few posts about this out there for the change google made to the api. Basically, RecaptchaNET wasn't supporting google's latest api endpoints for this.
If you check your version, this is fixed in version 1.3.
Try downloading the latest version from CodePlex and using that dll.
or the nuget here.
I am working with an app that uses spring-security 3.0 and oauth2 using spring-security-oauth-1.0.0.M3. It works fine. But it looks like migrating to spring-security 3.1 will not be trivial. I have been unable to find confirmation that the oauth module is still supported.
For example, the oauth tutorial mentions 3.0 not 3.1:
https://github.com/SpringSource/spring-security-oauth/wiki/tutorial
And I have encountered a problem similar to the Mar 4, 2012 comment in the following discussion when I attempt to do a straight upgrade to 3.1 using spring-security-oauth 1.0.0.M3 or M4:
http://code.google.com/p/spring-security-social/wiki/Usage
Specifically I see this in the Tomcat logs:
org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration
problem: Failed to import bean definitions from URL location ...
Offending resource: class path resource [spring/applicationContext.xml]; nested
exception is org.springframework.beans.factory.BeanDefinitionStoreException: Unexpected
exception parsing XML document from URL ...; nested exception is
org.springframework.beans.FatalBeanException: Invalid NamespaceHandler class
[org.springframework.security.oauth2.config.OAuth2SecurityNamespaceHandler] for namespace
[http://www.springframework.org/schema/security/oauth2]: problem with handler class file or
dependent class; nested exception is java.lang.NoClassDefFoundError:
org/springframework/security/web/util/AntUrlPathMatcher
Can someone suggest a solution to the above problem, or point to a reference for using spring-security 3.1 and spring-security-oauth, or else suggest a better alternative to implement oauth2 using spring-security 3.1?
Or if I'm missing a fundamental point of spring-security 3.1, that would also be useful to know.
Thanks!
Yes, Spring Security OAuth milestone build 1.0.0.M6, and specifically the oauth2 module, supports Spring Security 3.1.0. It is not yet considered a release. The OAuth 2.0 spec itself is not final.
The 1.0.0.M6 samples appear to be the most accurate and complete reference for implementation. The full 1.0.0.M6 tag zipball is here.
The OAuth 2 Developers Guide is a good textual reference. It's not 100% accurate, at least with respect to 1.0.0.M6. For example, the attribute user-approval-page belongs to authorization-server not authorization-code.
The Maven pom.xml must refer to artifactId spring-security-oauth2 (not spring-security-oauth as in older versions such as 1.0.0.M3).
Publishing contract first web services in Grails using cxf is not working with the following.
http://docs.codehaus.org/pages/viewpage.action?pageId=85983334. I could not find any other useful resources on this problem. Using spring-ws may not be a good idea because I don't want to create end points for each element.
Please share some resources if anybody succeeded in publishing web service using cxf in Grails?
Setup:
Grails 2.0.0
cxf - 2.4.1
Grails-cxf - 0.5.1 (Latest is not working)
Groovy - 1.7.6
I've used http://grails.org/plugin/cxf in several projects. It works great for me. What exactly goes wrong when you try?
Based on advice posted here and here, I looked into and installed MyFaces CODI with my application. My biggest concern was overcoming the shortcomings of Weld's implementation of #ConversationScoped feature. After some hiccups I got it running on my GlassFish 3.1 development platform, and I converted all my beans to use
import org.apache.myfaces.extensions.cdi.core.api.scope.conversation.ConversationScoped;
In the end it seems like I am now not much further along than I was before. I do not have to call the conversation.begin() method anymore, which is good, but the beans hang around after the browser has left the page and come back.
What I was hoping for was the functionality of JSF 2.0 #ViewScoped that works with CDI. Once the user leaves the page, the backing bean should be discarded and re-created again if the user comes back. Is there a way to do this with CODI?
Incidentally, the documentation says it will pick up the #ViewScoped annotations and process them properly. I tried this and got and Weld wouldn't deploy it.
P.S. I am using myfaces-extcdi-dist-jsf20 version 0.9.5. I tried installing the core and JSF 2 optional module akibe but it would not deploy on my GlassFish/Weld platform. Any advice here much appreciated.
UPDATE 1: I ended up trying the ViewAccessScope annotation supported by CODI, and that seems to do what I wanted.
Follow-up question. The latest bundle that the maven repository that Apache maintains is 0.9.5 -- Can someone post the pom.xml segment that fetches the latest version?
Call conversation.close() before returning - ensure that you imported the correct annotation org.apache... and not javax... - see Wiki or use the ViewAccessScope instead. We are using: bundle in Glassfish 3.1.1 without problems. myfaces-extcdi-bundle-jsf20-1.0.1.jar is the only jar you need. Please also note that there is no "it". With CODI you have fine-grained groupable conversations instead of the monolithic and inflexible stuff you get with standard CDI conversations.
The set-up for the latest version with a Maven build is also in the Wiki.