New Oauth token generating for a user each time we hit the token url

[nayankakati]

Hi Bobby, Excellent sample code!!!

we are facing one issue where in for a particular user we are getting separate token each time we hit the url.

On embedded tomcat it is working fine but when we create a separate WAR file and deploy it, it starts behaving this way.

On oauth2_access_token table there are multiple entries for the same user.

environment :- Ubuntu 14.04, Grails 3 , Postgres 9.4 and Tomcat 8.0.23

http://stackoverflow.com/questions/34072814/grails-3-oauth2-not-working-with-tomcat-8

is it related to Tomcat?

[bobbywarner]

@nayankWebonise How are you producing the war file? gradle war, gradle assemble or grails war?

[vjnathe-webonise]

@bobbywarner grails war

[bobbywarner]

@vjnathe-webonise @nayankWebonise Can you please try gradle war and let me know if the same issue happens?

[nayankakati]

Hi @bobbywarner : we tried gradle war but it still not resolved, we debugged it and found that an error is occurring on JDBC side in spring library. So to move forward we temporarily used "Inmemory" token storage and it worked perfectly, but it just a short term goal , when users would get in a large numbers, we have to move to JDBC Token storage.

Following is the error we are getting on debugging on tomcat server :-

ERROR 2015-12-04 13:08:42,863 org.springframework.security.oauth2.provider.token.store.JdbcTokenStore - Could not extract access token for authentication org.springframework.security.oauth2.provider.OAuth2Authentication@f9ea55ec: Principal: org.springframework.security.core.userdetails.User@5437f414: Username: nayan.kakati@gmail.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_ADMIN

java.lang.IllegalArgumentException: java.io.StreamCorruptedException: invalid stream header: BB656430 at org.springframework.security.oauth2.common.util.SerializationUtils.deserialize(SerializationUtils.java:40) ~[spring-security-oauth2-2.0.7.RELEASE.jar:na] at org.springframework.security.oauth2.provider.token.store.JdbcTokenStore.deserializeAccessToken(JdbcTokenStore.java:397) ~[spring-security-oauth2-2.0.7.RELEASE.jar:na] at org.springframework.security.oauth2.provider.token.store.JdbcTokenStore$1.mapRow(JdbcTokenStore.java:115) ~[spring-security-oauth2-2.0.7.RELEASE.jar:na] at org.springframework.security.oauth2.provider.token.store.JdbcTokenStore$1.mapRow(JdbcTokenStore.java:1) ~[spring-security-oauth2-2.0.7.RELEASE.jar:na] at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:93) ~[spring-jdbc-4.1.7.RELEASE.jar:4.1.7.RELEASE] at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:60) ~[spring-jdbc-4.1.7.RELEASE.jar:4.1.7.RELEASE] at org.springframework.jdbc.core.JdbcTemplate$1.doInPreparedStatement(JdbcTemplate.java:708) ~[spring-jdbc-4.1.7.RELEASE.jar:4.1.7.RELEASE] at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:644) ~[spring-jdbc-4.1.7.RELEASE.jar:4.1.7.RELEASE]