Skip to Content
0
Apr 12, 2017 at 10:23 AM

Oauth Request is failing on Hybris 6.3 migrated from 5.7

347 Views

Hi Experts ,

I have done migration from 5.7 to hybris 6.3. I am able to run normal web-service as well resolved CSRF token issue login from storefront but trying make rest service run for mobile api .

I followed same step which has been mentioned https://help.hybris.com/6.3.0/hcd/8c189dc48669101496b594a9bb97a11b.html

As followed by document,I am not using v2 web-services so I changed in common security-spring.xml

and disabled csrf token.

 <http xmlns="http://www.springframework.org/schema/security" entry-point-ref="oauthAuthenticationEntryPoint"
             authentication-manager-ref="clientAuthenticationManager" create-session="stateless" pattern="/oauth/token">
             <security:csrf disabled="true"/>
             <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
             <!-- for PRODUCTION requires-channel="https" -->
             <anonymous enabled="false" />
             <http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
             <!-- include this only if you need to authenticate clients via request 
                 parameters -->
             <custom-filter before="BASIC_AUTH_FILTER" ref="clientCredentialsTokenEndpointFilter" />
             <access-denied-handler ref="oauthAccessDeniedHandler" />
         </http>
 
         <http  disable-url-rewriting="true"
             xmlns="http://www.springframework.org/schema/security">
             <security:csrf disabled="true"/>
             <access-denied-handler error-page="/login"/>
             <intercept-url pattern="/oauth/**" access="ROLE_CUSTOMERGROUP" />
             <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
 
             <form-login authentication-failure-url="/login.jsp?authentication_error=true" default-target-url="/index.jsp"
                 login-page="/login.jsp" login-processing-url="/login.do" />
             <logout logout-success-url="/index.jsp" logout-url="/logout.do" />
             <anonymous />
         </http>

..........................................................................................

after this ,I have created oauth clients via back-office as per documentation : https://help.hybris.com/6.0.0/hcd/627c92db29ce4fce8b01ffbe478a8b3b.html#loio4079b4327ac243b6b3bd507cda6d74ff

Now ,when I try to hit the rest service with URL:

https://localhost:9002/rest/oauth/token?response_type=code&client_id=mobile_android&siteid=lc&client_secret=secret&grant_type=password&password=1234&email=raushan0301483106@gmail.com

then I am receiving response:

{ "errors": [ { "message": Failed to evaluate expression 'IS_AUTHENTICATED_FULLY', "type": IllegalArgumentError } ] }

with backend exception :

 enter code herepringframework.security.web.access.ExceptionTranslationFilter@7f56559c, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@695d3126]]]]'!; nested exception is java.lang.Illega
 lArgumentException: Failed to evaluate expression 'IS_AUTHENTICATED_FULLY'] with root cause
 org.springframework.expression.spel.SpelEvaluationException: EL1008E:(pos 0): Property or field 'IS_AUTHENTICATED_FULLY' cannot be found on object of type 'org.springframework.security.web.access.expr
 ession.WebSecurityExpressionRoot' - maybe not public?
         at org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:224)
         at org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:94)
         at org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:81)
         at org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:131)
         at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:299)
         at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:26)
         at org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:52)
         at org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:33)
         at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:63)