OAuth for Spring Security

411 Length Required - Google OAuthGetRequestToken

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: None
  • Fix Version/s: None
  • Component/s: None
  • Labels:
    None
  • Environment:
    Windows XP, Java 1.6, Spring Oauth security version 3.12
  • Number of attachments :
    0

Description

I keep getting HTTP response 411 - Length Required when sending request to Google OAuthGetRequestToken. Anybody had the same problem when requesting token from Google.

https://www.google.com/accounts/OAuthGetRequestToken

It says that the content type must be "Content-Type: application/x-www-form-urlencoded", and I don't see this being set in the code.

Further info: http://code.google.com/apis/accounts/docs/OAuth_ref.html#RequestToken

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Ryan Heaton added a comment -

Thanks, we'll take a look.

Show
Ryan Heaton added a comment - Thanks, we'll take a look.
Hide
Permalink
Ryan Heaton added a comment -

fixed in 3.13 snapshot. a release will be cut soon.

Show
Ryan Heaton added a comment - fixed in 3.13 snapshot. a release will be cut soon.
Hide
Permalink
Rubens Gomes added a comment -

411 - Length required persists.

I do not see the additional parameters being added to the HTTP Post. I am adding additional parameters to the ProtectedResourceDetails. However, they do not appear on the POST command. Should they appear? Or Am I missing something? Or is this a bug in the oauth code?

Here is the printout of the post. Notice that the parameters "xoauth_displayname" and "scopoe" are not found.

POST /accounts/OAuthGetRequestToken HTTP/1.1
Authorization: OAuth
oauth_consumer_key="www.ezlista.com",
oauth_signature_method="HMAC-SHA1",
oauth_signature="9gRMn2qyae1JYFZb6aErDlp043M%3D",
oauth_timestamp="1268101028",
oauth_nonce="06d51c32-19bb-4786-b5dd-84a7ce75e711",
oauth_version="1.0",
oauth_callback="http%3A%2F%2Fezlista.com%2Fsecure%2Fcontacts%2FgoogleContactsImport.do"
Content-Type: application/x-www-form-urlencoded
User-Agent: Java/1.6.0_13
Host: www.google.com
Accept: text/html, image/gif, image/jpeg, ; q=.2, */; q=.2
Connection: keep-alive

....
details = new BaseProtectedResourceDetails();
....
Map<String,String> additionalParameters = new HashMap<String, String>();
additionalParameters.put("oauth_signature", ApplicationProperty.getInstance().getGoogleOAuthConsumerSecret());

additionalParameters.put("oauth_callback", ApplicationProperty.getInstance().getGoogleOAuthCallbackURL());

additionalParameters.put("xoauth_displayname", "EZLista.com");
additionalParameters.put("scope", ApplicationProperty.getInstance().getGoogleScope());

details.setAdditionalParameters(additionalParameters);

Show
Rubens Gomes added a comment - 411 - Length required persists. I do not see the additional parameters being added to the HTTP Post. I am adding additional parameters to the ProtectedResourceDetails. However, they do not appear on the POST command. Should they appear? Or Am I missing something? Or is this a bug in the oauth code? Here is the printout of the post. Notice that the parameters "xoauth_displayname" and "scopoe" are not found. POST /accounts/OAuthGetRequestToken HTTP/1.1 Authorization: OAuth oauth_consumer_key="www.ezlista.com", oauth_signature_method="HMAC-SHA1", oauth_signature="9gRMn2qyae1JYFZb6aErDlp043M%3D", oauth_timestamp="1268101028", oauth_nonce="06d51c32-19bb-4786-b5dd-84a7ce75e711", oauth_version="1.0", oauth_callback="http%3A%2F%2Fezlista.com%2Fsecure%2Fcontacts%2FgoogleContactsImport.do" Content-Type: application/x-www-form-urlencoded User-Agent: Java/1.6.0_13 Host: www.google.com Accept: text/html, image/gif, image/jpeg, ; q=.2, */; q=.2 Connection: keep-alive .... details = new BaseProtectedResourceDetails(); .... Map<String,String> additionalParameters = new HashMap<String, String>(); additionalParameters.put("oauth_signature", ApplicationProperty.getInstance().getGoogleOAuthConsumerSecret()); additionalParameters.put("oauth_callback", ApplicationProperty.getInstance().getGoogleOAuthCallbackURL()); additionalParameters.put("xoauth_displayname", "EZLista.com"); additionalParameters.put("scope", ApplicationProperty.getInstance().getGoogleScope()); details.setAdditionalParameters(additionalParameters);
Hide
Permalink
Ryan Heaton added a comment -

Fixed in 3.13.

Use GET (not POST). For some reason, Google requires a content-length header when using POST. I added a new test (TestGoogleOAuth) to verify the fix.

Show
Ryan Heaton added a comment - Fixed in 3.13. Use GET (not POST). For some reason, Google requires a content-length header when using POST. I added a new test (TestGoogleOAuth) to verify the fix.
Hide
Permalink
Ryan Heaton added a comment -

Closing for 3.13; feel free up open again as necessary.

Show
Ryan Heaton added a comment - Closing for 3.13; feel free up open again as necessary.
Hide
Permalink
Rajeev B added a comment -

I am using spring-security-oauth version 3.15 and I am still getting this error.
I actually enhanced the tonr sample app to talk to google. I want to list google contacts.

If forcing GET method solves the problem, how do I do it?
Here is my spring config snippet to add a google contacts resource:

<oauth:consumer resource-details-service-ref="resourceDetails" oauth-failure-page="/oauth_error.jsp">
<oauth:url pattern="/sparklr/**" resources="sparklrPhotos"/>
<oauth:url pattern="/contacts/**" resources="googleContacts"/>
</oauth:consumer>

<oauth:resource-details-service id="resourceDetails">
<oauth:resource id="sparklrPhotos"
key="tonr-consumer-key"
secret="SHHHHH!!!!!!!!!!"
request-token-url="http://localhost:8080/sparklr/oauth/request_token"
user-authorization-url="http://localhost:8080/sparklr/oauth/confirm_access"
access-token-url="http://localhost:8080/sparklr/oauth/access_token"/>
<oauth:resource id="googleContacts"
key="contacts-consumer-key"
secret="SHHHHH!!!!!!!!!!"
request-token-url="https://www.google.com/accounts/OAuthGetRequestToken?scope=http%3A%2F%2Fwww.google.com%2Fm8%2Ffeeds%2F"
user-authorization-url="https://www.google.com/accounts/OAuthAuthorizeToken"
access-token-url="https://google.com/accounts/OAuthGetAccessToken"/>
</oauth:resource-details-service>

Show
Rajeev B added a comment - I am using spring-security-oauth version 3.15 and I am still getting this error. I actually enhanced the tonr sample app to talk to google. I want to list google contacts. If forcing GET method solves the problem, how do I do it? Here is my spring config snippet to add a google contacts resource: <oauth:consumer resource-details-service-ref="resourceDetails" oauth-failure-page="/oauth_error.jsp"> <oauth:url pattern="/sparklr/**" resources="sparklrPhotos"/> <oauth:url pattern="/contacts/**" resources="googleContacts"/> </oauth:consumer> <oauth:resource-details-service id="resourceDetails"> <oauth:resource id="sparklrPhotos" key="tonr-consumer-key" secret="SHHHHH!!!!!!!!!!" request-token-url="http://localhost:8080/sparklr/oauth/request_token" user-authorization-url="http://localhost:8080/sparklr/oauth/confirm_access" access-token-url="http://localhost:8080/sparklr/oauth/access_token"/> <oauth:resource id="googleContacts" key="contacts-consumer-key" secret="SHHHHH!!!!!!!!!!" request-token-url="https://www.google.com/accounts/OAuthGetRequestToken?scope=http%3A%2F%2Fwww.google.com%2Fm8%2Ffeeds%2F" user-authorization-url="https://www.google.com/accounts/OAuthAuthorizeToken" access-token-url="https://google.com/accounts/OAuthGetAccessToken"/> </oauth:resource-details-service>

People

Vote (0)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Codehaus. Try JIRA - bug tracking software for your team.