From 2fc4ce177c74b9724189b66d9045b57b2505a8da Mon Sep 17 00:00:00 2001
From: Amanda Anganes <aanganes@mitre.org>
Date: Wed, 11 Apr 2012 15:55:19 -0400
Subject: [PATCH] This commit fixes the infinite redirect, somewhat. See
 updated issue #8.

---
 .../org/mitre/oauth2/web/OAuthConfirmationController.java     | 2 +-
 .../main/webapp/WEB-INF/spring/appServlet/servlet-context.xml | 4 +++-
 .../src/main/webapp/WEB-INF/spring/application-context.xml    | 3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
index 7a9952a5a..56340ed24 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
@@ -34,7 +34,7 @@ public class OAuthConfirmationController {
 		this.clientService = clientService;
 	}
 	
-	@PreAuthorize("hasRole('ROLE_USER')")
+	//@PreAuthorize("hasRole('ROLE_USER')")
 	@RequestMapping("/oauth/confirm_access")
 	public ModelAndView confimAccess(@ModelAttribute AuthorizationRequest clientAuth, 
 			ModelAndView modelAndView) {
diff --git a/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml b/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
index 63167f9e2..2033d04af 100644
--- a/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
@@ -54,7 +54,9 @@
 	<oauth:authorization-server client-details-service-ref="defaultOAuth2ClientDetailsEntityService" 
 		token-services-ref="defaultOAuth2ProviderTokenService" token-granter-ref="connectAuthCodeTokenGranter"
 		user-approval-handler-ref="userApprovalHandler"
-		authorization-endpoint-url="/openidconnect/auth" token-endpoint-url="/openidconnect/token">
+		authorization-endpoint-url="/openidconnect/auth" token-endpoint-url="/openidconnect/token"
+		user-approval-page="redirect:/oauth/confirm_access"
+		>
 		<oauth:authorization-code authorization-code-services-ref="authCodeServices" />
 	</oauth:authorization-server>
 
diff --git a/openid-connect-server/src/main/webapp/WEB-INF/spring/application-context.xml b/openid-connect-server/src/main/webapp/WEB-INF/spring/application-context.xml
index 2b4b20f83..4051cc918 100644
--- a/openid-connect-server/src/main/webapp/WEB-INF/spring/application-context.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/spring/application-context.xml
@@ -23,7 +23,8 @@
 
 	<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="springSecurityAuthenticationManager"/>
 
-	<http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager" 
+<!-- 4/11 AANGANES trying:remove "create-session="stateless"" from below statement -->
+	<http pattern="/oauth/token" authentication-manager-ref="clientAuthenticationManager" 
 		xmlns="http://www.springframework.org/schema/security">
 		<intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
 		<anonymous enabled="false" />