OAuth for Spring Security
  1. OAuth for Spring Security
  2. OAUTHSS-49

simplify the ability to set consumer key and shared secret in a properties file

    Details

    • Type: Improvement Improvement
    • Status: Closed Closed
    • Priority: Minor Minor
    • Resolution: Incomplete
    • Affects Version/s: None
    • Fix Version/s: 3.18
    • Labels:
      None
    • Number of attachments :
      0

      Description

      We would like to use a properties file to set the variable properties of the oauth:resource:

      <oauth:resource id="protectedResource"
      key="$

      {oauth.consumerkey}

      "
      secret="$

      {oauth.secret}

      "

      The values of oauth.consumerkey and oauth.secret would be defined in the config file oauth.properties. The properties file looks like this:

      oauth.consumerkey=my.consumer.key
      oauth.secret=my.secret

      One way to do this would be with property placeholder configurer. This requires the directive:

      <context:property-placeholder location="classpath:META-INF/spring/oauth.properties" />

      Unfortunately the properties are not expanded into the values when you do this. Looking at the code for PropertyPlaceholderConfigurer it operates on beans. I suspect that this does not work because in the parser that is instantiated by the namespace handler, the resource-details-service is created as a bean but the individual protected resources are not beans. They are java objects contained within the resource-details-service bean.

      I tried a different approach, using the property override configurer. This uses the directive:

      <context:property-override location="classpath*:META-INF/spring/oauth.properties"/>

      In this case the properties file looks different, namely:

      resource-details-service.resourceDetailsStore['protectedResource'].consumerKey=my.consumer.key
      resource-details-service.resourceDetailsStore['protectedResource'].sharedSecret=my.secret

      This also does not work because the shared secret property on the BaseProtectedResource is not of type String and BeanWrapperImpl cannot figure out how to do the conversion.

      I created a property editor, SharedSecretEditor:

      public class SignatureSecretEditor extends PropertyEditorSupport {

      @Override
      public void setAsText(String text) throws IllegalArgumentException

      { SharedConsumerSecret secret = new SharedConsumerSecret(text); super.setValue(secret); }

      }

      The property editor must be registered with CustomEditorConfigurer.

      This last approach worked.

      I would like this to be simplified a bit. There are two ways I can think of that the library could make this easier:

      1) When parsing the oauth:resource-details-service, register each oauth:resource as a bean. I am not sure of this but I suspect that would expose the resources to the PropertyPlaceholderConfigurer.
      2) Create a custom BeanFactoryPostProcessor and use the parser to register it that does the same thing as PropertyPlaceholderConfigurer
      3) Include the above property editor in the library and have the parser register it.

      There might be other approaches. I think that the first one, if it worked, would be the best because it would work the way that other bean work and the config file looks nicer.

        Activity

        Hide
        Ryan Heaton added a comment -

        sorry... didn't make it into 3.17... moving to 3.18.

        Show
        Ryan Heaton added a comment - sorry... didn't make it into 3.17... moving to 3.18.
        Hide
        Ryan Heaton added a comment -
        Show
        Ryan Heaton added a comment - Moved to https://jira.springsource.org/browse/SECOAUTH-9

          People

          • Assignee:
            Ryan Heaton
            Reporter:
            Robert Blumen
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: