OAuth for Spring Security
  1. OAuth for Spring Security
  2. OAUTHSS-49

simplify the ability to set consumer key and shared secret in a properties file


    • Type: Improvement Improvement
    • Status: Closed Closed
    • Priority: Minor Minor
    • Resolution: Incomplete
    • Affects Version/s: None
    • Fix Version/s: 3.18
    • Labels:
    • Number of attachments :


      We would like to use a properties file to set the variable properties of the oauth:resource:

      <oauth:resource id="protectedResource"





      The values of oauth.consumerkey and oauth.secret would be defined in the config file oauth.properties. The properties file looks like this:


      One way to do this would be with property placeholder configurer. This requires the directive:

      <context:property-placeholder location="classpath:META-INF/spring/oauth.properties" />

      Unfortunately the properties are not expanded into the values when you do this. Looking at the code for PropertyPlaceholderConfigurer it operates on beans. I suspect that this does not work because in the parser that is instantiated by the namespace handler, the resource-details-service is created as a bean but the individual protected resources are not beans. They are java objects contained within the resource-details-service bean.

      I tried a different approach, using the property override configurer. This uses the directive:

      <context:property-override location="classpath*:META-INF/spring/oauth.properties"/>

      In this case the properties file looks different, namely:


      This also does not work because the shared secret property on the BaseProtectedResource is not of type String and BeanWrapperImpl cannot figure out how to do the conversion.

      I created a property editor, SharedSecretEditor:

      public class SignatureSecretEditor extends PropertyEditorSupport {

      public void setAsText(String text) throws IllegalArgumentException

      { SharedConsumerSecret secret = new SharedConsumerSecret(text); super.setValue(secret); }


      The property editor must be registered with CustomEditorConfigurer.

      This last approach worked.

      I would like this to be simplified a bit. There are two ways I can think of that the library could make this easier:

      1) When parsing the oauth:resource-details-service, register each oauth:resource as a bean. I am not sure of this but I suspect that would expose the resources to the PropertyPlaceholderConfigurer.
      2) Create a custom BeanFactoryPostProcessor and use the parser to register it that does the same thing as PropertyPlaceholderConfigurer
      3) Include the above property editor in the library and have the parser register it.

      There might be other approaches. I think that the first one, if it worked, would be the best because it would work the way that other bean work and the config file looks nicer.


        Ryan Heaton made changes -
        Field Original Value New Value
        Fix Version/s 3.17 [ 16539 ]
        Ryan Heaton made changes -
        Fix Version/s 3.18 [ 16540 ]
        Fix Version/s 3.17 [ 16539 ]
        Ryan Heaton made changes -
        Status Open [ 1 ] Closed [ 6 ]
        Resolution Incomplete [ 4 ]


          • Assignee:
            Ryan Heaton
            Robert Blumen


            • Created: