tim tim - 3 months ago 56
Java Question

Spring Oauth2 RemoteTokenServices error on extractAuthentication

I have a resource server and an auth server.

On resource request it verifies the received access_token with the auth server on a

/oauth/check_token
endpoint. This gives a response that makes my request crash.

The response is sent as:

Written [{exp=1433335640, scope=[read, write], authorities=[ROLE_USER], client_id=client-w-s}] as "application/json;charset=UTF-8" using [org.springframework.http.converter.json.MappingJackson2HttpMessageConverter@58a88f5a]


When my resource server receives it:

2015-06-03 14:17:48.277 DEBUG 9492 --- [nio-8181-exec-3] o.s.web.client.RestTemplate : POST request for "http://localhost:6707/oauth/check_token" resulted in 200 (OK)
2015-06-03 14:17:48.277 DEBUG 9492 --- [nio-8181-exec-3] o.s.web.client.RestTemplate : Reading [interface java.util.Map] as "application/json;charset=UTF-8" using [org.springframework.http.converter.json.MappingJackson2HttpMessageConverter@67409450]
2015-06-03 14:17:48.283 ERROR 9492 --- [nio-8181-exec-3] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception

java.lang.ArrayStoreException: null
at java.util.ArrayList.toArray(Unknown Source)
at org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter.extractAuthentication(DefaultAccessTokenConverter.java:139)


This is the piece of code it fails on:

Collection<? extends GrantedAuthority> authorities = null;
if (user==null && map.containsKey(AUTHORITIES)) {
@SuppressWarnings("unchecked")
String[] roles = ((Collection<String>)map.get(AUTHORITIES)).toArray(new String[0]);
authorities = AuthorityUtils.createAuthorityList(roles);
}


I ran in debug mode to check the values in
map
, and everything looks like I think it should judging from the response my auth server built.

Please tell me if I need to post more information.

Has anyone experienced this or have any clue on how to solve it?

tim tim
Answer

I found the "solution".

There was a version mismatch in my pom files. While my auth server was running spring-security-oauth2-2.0.5.RELEASE my resource server was running spring-security-oauth2-2.0.7.RELEASE .

The versions declare the response differently.

Comments