Spring auth 服务器代码授权通过 Postman 为端点 /oauth2/authorize 返回 401 未授权
[英]Spring auth server code grant returns 401 unauthorized for endpoint /oauth2/authorize via Postman
问题描述
Using the spring auth server dependency 0.3.0:
使用 spring auth 服务器依赖 0.3.0:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-authorization-server</artifactId>
<version>0.3.0</version>
</dependency>
I got these two config files:我得到了这两个配置文件:
@Configuration
@ComponentScan(basePackageClasses = AuthorizationServerConfig.class)
@Import(OAuth2AuthorizationServerConfiguration.class)
public class AuthorizationServerConfig {
private final RegisteredClientProvider registeredClientProvider;
@Autowired
public AuthorizationServerConfig(RegisteredClientProvider registeredClientProvider) {
this.registeredClientProvider = registeredClientProvider;
}
@Bean
@Order(Ordered.HIGHEST_PRECEDENCE)
public SecurityFilterChain authServerSecurityFilterChain(HttpSecurity http) throws Exception {
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
return http.formLogin(Customizer.withDefaults()).build();
}
@Bean
@ConditionalOnMissingBean
public RegisteredClientRepository registeredClientRepository() {
RegisteredClient codeClient = RegisteredClient.withId(UUID.randomUUID().toString())
.clientId("code-auth-client")
.clientSecret("{noop}secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.redirectUri("http://127.0.0.1:8080/redirect/")
.scope("read-access")
.build();
return new InMemoryRegisteredClientRepository(codeClient);
}
}
__ __
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
public class SpringSecurityConfiguration {
@Bean
public InMemoryUserDetailsManager userDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder()
.username("user")
.password("password")
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user);
}
@Bean
SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
http.authorizeRequests(authorizeRequests ->
authorizeRequests.anyRequest().authenticated()
)
.formLogin(withDefaults());
return http.build();
}
}
I use the folloing parameters to fetch the authorization code in order to trade it for the token itself:我使用以下参数来获取授权码,以便将其换成令牌本身:
Unfortunately the application responses with 401 unauthorized:不幸的是,应用程序以未经授权的 401 响应:
GET http://localhost:9000/oauth2/authorize?response_type=code&state=&client_id=code-auth-client&scope=read-access&redirect_uri=http%3A%2F%2F127.0.0.1%3A8080%2Fredirect%2F 401
I tried to fix it in the SecurityFilterChain beans but I couldn't fix it so far.我试图在SecurityFilterChain bean 中修复它,但到目前为止我无法修复它。 Basically I am using this example https://www.baeldung.com/spring-security-oauth-auth-server (without the clients tho).基本上我正在使用这个例子https://www.baeldung.com/spring-security-oauth-auth-server (没有客户端)。
EDIT: I've noticed that the parameter "grant_type=authorization_code" was missing.编辑:我注意到参数“grant_type=authorization_code”丢失了。 Appending that parameter did not work tho.附加该参数不起作用。
1 个解决方案
解决方案1
0 已采纳 2022-06-03 06:51:03
删除@Import(OAuth2AuthorizationServerConfiguration.class)解决了这个问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.