OAuth2Client 每次都返回相同的令牌
[英]OAuth2Client return the same token every time
问题描述
I have the AuthorizationServer.
我有授权服务器。 Besides standard functions i have controller who let to create user.除了标准功能,我还有允许创建用户的控制器。 After successful user creates the method must to return token for this user.用户成功创建后,该方法必须为该用户返回令牌。 The problem is that the method return valid token only at first call.问题是该方法仅在第一次调用时返回有效令牌。 At next calls - following users will get the first user's token.在下一次通话中 - 后续用户将获得第一个用户的令牌。 I tried to set scope(request) for restTemplate - but obtained the error: " Scope 'request' is not active for the current thread"我试图为 restTemplate 设置范围(请求) - 但得到错误:“当前线程的范围'请求'未激活”
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(ClientDetailsServiceConfigurer configurer) throws Exception {
...
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
...
}
protected ResourceOwnerPasswordResourceDetails getOwnerPasswordResource(){
ResourceOwnerPasswordResourceDetails resource = new ResourceOwnerPasswordResourceDetails();
List scopes = new ArrayList<String>(3);
scopes.add(SCOPE_READ);
scopes.add(SCOPE_WRITE);
scopes.add(SCOPE_TRUST);
resource.setAccessTokenUri(tokenUrl);
resource.setClientId(CLIENT_ID);
resource.setClientSecret(CLIENT_SECRET_UNCODED);
resource.setGrantType(GRANT_TYPE_PASSWORD);
resource.setScope(scopes);
return resource;
}
}
Here the OAuth2Client:这里是 OAuth2Client:
@EnableOAuth2Client
@Configuration
public class ClientConfig {
@Autowired
AuthorizationServerConfig authorizationServerConfig;
@Bean
//@Scope("request")
public OAuth2RestOperations restTemplate() {
AccessTokenRequest atr = new DefaultAccessTokenRequest();
return new OAuth2RestTemplate(authorizationServerConfig.getOwnerPasswordResource(), new DefaultOAuth2ClientContext(atr));
}
}
And my controller:还有我的控制器:
@RestController
public class UserRestController {
@Autowired
private OAuth2RestOperations restTemplate;
@PostMapping("/user")
public OAuth2AccessToken createUserCredential(@RequestBody UserCredential user) {
user.validate();
userCredentialService.checkAndSaveUser(user, getClientIp(request));
restTemplate.getOAuth2ClientContext().getAccessTokenRequest().set("username", user.getLogin());
restTemplate.getOAuth2ClientContext().getAccessTokenRequest().set("password", user.getPassword);
return restTemplate.getAccessToken();
}
}
May be exists more correct way to obtain token inside of AuthorizationServer ?可能存在更正确的方法来获取 AuthorizationServer 内部的令牌?
2 个解决方案
解决方案1
0 已采纳 2018-06-22 11:47:32
I thought have some special way.. but not found it.我想有一些特殊的方式..但没有找到。 And solved problem on following way并通过以下方式解决了问题
@EnableOAuth2Client
@Configuration
public class OAuthClientConfig {
@Autowired
AuthorizationServerConfig authorizationServerConfig;
public OAuth2RestOperations restTemplate() {
AccessTokenRequest atr = new DefaultAccessTokenRequest();
return new OAuth2RestTemplate(authorizationServerConfig.getOwnerPasswordResource(), new DefaultOAuth2ClientContext(atr));
}
}
And my controller:还有我的控制器:
@RestController
public class UserRestController {
@Autowired
private OAuthClientConfig oAuthClientConfig;
@PostMapping("/user")
public OAuth2AccessToken createUserCredential(@RequestBody UserCredential user) {
user.validate();
userCredentialService.checkAndSaveUser(user, getClientIp(request));
OAuth2RestOperations restTemplate = oAuthClientConfig.restTemplate();
restTemplate.getOAuth2ClientContext().getAccessTokenRequest().set("username", user.getLogin());
restTemplate.getOAuth2ClientContext().getAccessTokenRequest().set("password", user.getPassword);
return restTemplate.getAccessToken();
}
}
May be it will help to someone可能对某人有帮助
解决方案2
0 2020-06-08 11:14:40
I was facing the same issue I found this other way to make it work我遇到了同样的问题,我发现用另一种方式让它工作
@Bean
@Primary
@Scope(value = WebApplicationContext.SCOPE_REQUEST, proxyMode = ScopedProxyMode.TARGET_CLASS)
public OAuth2RestTemplate oauth2RestTemplate(OAuth2ClientContext context,
OAuth2ProtectedResourceDetails details) {
AccessTokenRequest atr = new DefaultAccessTokenRequest();
OAuth2RestTemplate template = new OAuth2RestTemplate(resource(), new DefaultOAuth2ClientContext(atr));
AccessTokenProvider accessTokenProvider = new AccessTokenProviderChain(Arrays.<AccessTokenProvider>asList(
new AuthorizationCodeAccessTokenProvider(), new ImplicitAccessTokenProvider(),
new ResourceOwnerPasswordAccessTokenProvider(), new ClientCredentialsAccessTokenProvider()));
template.setAccessTokenProvider(accessTokenProvider);
return template;
}
And then I just did the injection然后我就做了注射
private final OAuth2RestTemplate oauth2RestTemplate;
@GetMapping(path = "/token")
public String token(Credentials credentials) {
oauth2RestTemplate.getOAuth2ClientContext()
.getAccessTokenRequest().add("username", credentials.getEmail());
oauth2RestTemplate.getOAuth2ClientContext()
.getAccessTokenRequest().add("password", credentials.getPass());
final OAuth2AccessToken accessToken = oauth2RestTemplate.getAccessToken();
final String accessTokenAsString = accessToken.getValue();
return accessTokenAsString ;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.