IC5Notice: We have upgraded developerWorks Community to the latest version of IBM Connections. For more information, read our upgrade FAQ.
Topic
  • 1 reply
  • Latest Post - ‏2013-08-02T04:41:28Z by kark
RichardCheSo
RichardCheSo
1 Post

Pinned topic oauth2 problem with Websphere Liberty Profile 8.5.5

‏2013-08-01T12:46:54Z |

Hi,

Has anyone tested the Oauth2 feature in liberty profile with grant type of password and with the default mediatorClassName="com.ibm.ws.security.oauth20.mediator.ResourceOwnerValidationMedidator"  ?

I have the following class not found exception running OAuth2 feature on liberty profile.

at com.ibm.ws.security.oauth20.mediator.ResourceOwnerValidationMedidator.<clinit>(ResourceOwnerValidationMedidator.java:32)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
    .....
Caused by: java.lang.ClassNotFoundException: com.ibm.ejs.ras.Tr
    at com.ibm.ws.classloading.internal.AppClassLoader.findClassCommonLibraryClassLoaders(AppClassLoader.java:390)
    at com.ibm.ws.classloading.internal.AppClassLoader.findClass(AppClassLoader.java:247)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:423)
    at com.ibm.ws.classloading.internal.AppClassLoader.loadClass(AppClassLoader.java:366)
    ... 37 more
 

Specifically the problem happens only when I turn on the mediatorClass in the oauthProviderProfile to verify registry credentials. Without the mediator class, WLP returns a valid access_token but doesn't verify the user credentials except to ensure the existence of the username.

The CURL command used to test the feature was this:

curl -k -v -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -d "grant_type=password&client_id=client01&client_secret=secret&username=testuser&password=password" https://localhost:9443/oauth2/endpoint/jskendoProvider/token
 

Attached are the ffdc logs, server log and curl command output as well as my server.xml file:

 

 

  • kark
    kark
    26 Posts
    ACCEPTED ANSWER

    Re: oauth2 problem with Websphere Liberty Profile 8.5.5

    ‏2013-08-02T04:41:28Z  

    Hi,

    Thanks for the detailed note. It looks like the mediator implementation provided needs to be fixed. Please open a PMR.

    In the meantime, as a workaround, you can implement a custom mediator to fit your needs by implementing the OAuth20Mediator interface as described here. Note that this example is for the full profile so you need to make the appropriate changes for the Liberty profile  (for eg, getting the User Registry using com.ibm.wsspi.security.registry.RegistryHelper.getUserRegistry(null) the method and configure the mediator implementation using shared lib).

    Also, if you can use the Authorization code flow or the implicit grant flow you would not require the mediator as the resource owner credential's will be validated. For more information about the different flows click here.

    --Ajay

  • kark
    kark
    26 Posts

    Re: oauth2 problem with Websphere Liberty Profile 8.5.5

    ‏2013-08-02T04:41:28Z  

    Hi,

    Thanks for the detailed note. It looks like the mediator implementation provided needs to be fixed. Please open a PMR.

    In the meantime, as a workaround, you can implement a custom mediator to fit your needs by implementing the OAuth20Mediator interface as described here. Note that this example is for the full profile so you need to make the appropriate changes for the Liberty profile  (for eg, getting the User Registry using com.ibm.wsspi.security.registry.RegistryHelper.getUserRegistry(null) the method and configure the mediator implementation using shared lib).

    Also, if you can use the Authorization code flow or the implicit grant flow you would not require the mediator as the resource owner credential's will be validated. For more information about the different flows click here.

    --Ajay