[英]No Bean for ResourceServerTokenServices found - Spring-Security-Oauth2
I'm building a sample project with spring-boot just to learn something about it. 我正在用spring-boot构建一个示例项目,只是为了学习一些东西。
Specifically, i'm trying to integrate spring-security-oauth2 module to secure my rest services. 具体来说,我正在尝试集成spring-security-oauth2模块来保护我的其余服务。 I followed this sample project that shows a very simple in-memory login system: https://github.com/royclarkson/spring-rest-service-oauth 我跟随着这个示例项目,该示例项目显示了一个非常简单的内存登录系统: https : //github.com/royclarkson/spring-rest-service-oauth
It works, and this is good. 它有效,这很好。
Anyway, when I tried to integrate it in my application i get the following exception: 无论如何,当我尝试将其集成到应用程序中时,出现以下异常:
...
Caused by: java.lang.IllegalStateException: Could not wire ResourceServerTokenServices: please create a bean definition and mark it as @Primary.
at org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration.resolveTokenServices(ResourceServerConfiguration.java:170) ~[spring-security-oauth2-2.0.4.RELEASE.jar:na]
at org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration.configure(ResourceServerConfiguration.java:140) ~[spring-security-oauth2-2.0.4.RELEASE.jar:na]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.getHttp(WebSecurityConfigurerAdapter.java:199) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:283) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:68) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration$$EnhancerByCGLIB$$71f30f65.init(<generated>) ~[spring-core-4.0.1.RELEASE.jar:na]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:367) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:320) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:39) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:92) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerByCGLIB$$373175f.CGLIB$springSecurityFilterChain$3(<generated>) ~[spring-core-4.0.1.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerByCGLIB$$373175f$$FastClassByCGLIB$$ffddf00e.invoke(<generated>) ~[spring-core-4.0.1.RELEASE.jar:3.2.5.RELEASE]
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228) ~[spring-core-4.0.1.RELEASE.jar:4.0.1.RELEASE]
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:326) ~[spring-context-4.0.1.RELEASE.jar:4.0.1.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerByCGLIB$$373175f.springSecurityFilterChain(<generated>) ~[spring-core-4.0.1.RELEASE.jar:3.2.5.RELEASE]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0]
at java.lang.reflect.Method.invoke(Method.java:483) ~[na:1.8.0]
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:166) ~[spring-beans-4.0.1.RELEASE.jar:4.0.1.RELEASE]
... 27 common frames omitted
From what i know, the DefaultTokenServices implementation of ResourceServerTokenServices should be ready to use, without further implementation (at leas for this simple scenario). 据我所知,ResourceServerTokenServices的DefaultTokenServices实现应准备使用,而无需进一步实现(针对这种简单情况)。 Am I wrong? 我错了吗?
The following snippets are my oauth configuration classes: 以下代码片段是我的oauth配置类:
AuthorizationServerConfiguration: AuthorizationServerConfiguration:
@Configuration @EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
private TokenStore tokenStore = new InMemoryTokenStore();
@Inject
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Inject
private ResourceIdProvider resourceIdProvider;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.tokenStore(tokenStore)
.authenticationManager(authenticationManager);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient("clientapp")
.authorizedGrantTypes("password", "refresh_token")
.authorities("USER")
.scopes("read", "write")
.resourceIds(this.resourceIdProvider.getResourceId())
.secret("123456");
}
@Bean
public ResourceServerTokenServices tokenServices() {
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setSupportRefreshToken(true);
tokenServices.setTokenStore(this.tokenStore);
return tokenServices;
} }
ResourceServerConfigurationImpl: ResourceServerConfigurationImpl:
@Configuration @EnableResourceServer
public class ResourceServerConfigurationImpl extends ResourceServerConfigurerAdapter {
@Inject
private ResourceIdProvider resourceIdProvider;
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.resourceId(this.resourceIdProvider.getResourceId());
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/rest/user")
.authenticated();
} }
InMemoryWebSecurityConfiguration: InMemoryWebSecurityConfiguration:
@Configuration @EnableWebSecurity
public class InMemoryWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("roy")
.password("spring")
.roles("USER");
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
Can somebody help me get this running? 有人可以帮我运行这个程序吗?
If you need more code let me know. 如果您需要更多代码,请告诉我。
Thanks in advance! 提前致谢!
There's a hint in the error message (mark your token services as @Primary). 错误消息中有提示(将令牌服务标记为@Primary)。 That should work. 那应该工作。 Also (I think) you can just inject a TokenStore
into the ResourceServerConfigurer
and share it with the rest of the context. 另外(我认为),您可以将TokenStore
注入ResourceServerConfigurer
并与其余上下文共享。
I am having the same problem since 2.0.5-RELEASE version, it didn't happen on 2.0.4-BUILD-SNAPSHOT. 从2.0.5-RELEASE版本开始,我遇到了同样的问题,但在2.0.4-BUILD-SNAPSHOT上却没有发生。 I opened a issue here: https://github.com/spring-projects/spring-security-oauth/issues/342 我在这里打开了一个问题: https : //github.com/spring-projects/spring-security-oauth/issues/342
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.