stackoom
  简体   繁体   中英

OAuth2 Client Authentication Spring

 原文  2013-07-21 05:57:59       spring/ spring-security/ oauth-2.0

Question

I'm trying to implement an Oauth2.0 Authorization server in Spring .

I've been able to retrieve an authorization_code for a user via:
/oauth/authorize

but when I take that code and try to redeem an oauth token for it at:
/oauth/token
I get an Error 401: "Bad credentials"

The url that I use to retrieve the authorization_code is: 

http://localhost:8084/Oauth/oauth/authorize?response_type=code&client_id=tonr&redirect_uri=www

and the curl command I use to attempt to grab the token is: 

curl --user tonr:secret --data "grant_type=authorization_code&code=1pzAm1&redirect_uri=www" http://localhost:8084/Oauth/oauth/token

I'm not sure if I have something misconfigured, or if I'm just misunderstanding how Oauth2 is supposed to work. any ideas?

here is my security.xml: 

<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
             xmlns:mvc="http://www.springframework.org/schema/mvc"
             xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.3.xsd
                    http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd
                        http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">

    <http auto-config='true'>
        <intercept-url pattern="/**" access="ROLE_USER" />
    </http>

    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" />
                <user name="bob" password="bobspassword" authorities="ROLE_USER" />
            </user-service>
        </authentication-provider>
    </authentication-manager>

    <oauth:client-details-service id="clientDetails">
        <oauth:client client-id="tonr" resource-ids="sparklr" authorized-grant-types="authorization_code,implicit"
                      authorities="ROLE_CLIENT" scope="read,write" secret="secret" />
    </oauth:client-details-service>

    <beans:bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore" />

    <beans:bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
        <beans:property name="tokenStore" ref="tokenStore" />
        <beans:property name="supportRefreshToken" value="true" />
        <beans:property name="clientDetailsService" ref="clientDetails" />
    </beans:bean>

    <beans:bean id="userApprovalHandler" class="org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler">
        <beans:property name="tokenServices" ref="tokenServices"/>
    </beans:bean>

    <oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices"
                                user-approval-handler-ref="userApprovalHandler">
        <oauth:authorization-code />
        <oauth:implicit />
        <oauth:refresh-token />
        <oauth:client-credentials />
        <oauth:password />
    </oauth:authorization-server>

    <mvc:annotation-driven />
</beans:beans>

and here is my web.xml : 

<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
    <display-name>Oauth</display-name>
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>

    <servlet>
        <servlet-name>spring</servlet-name>
        <servlet-class>
            org.springframework.web.servlet.DispatcherServlet
        </servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>spring</servlet-name>
        <url-pattern>/*</url-pattern>
    </servlet-mapping>

    <!-- this mapping is added so that view requests are not defaulted to the app-servlet declared above /\ -->
    <servlet-mapping>
        <servlet-name>jsp</servlet-name>
        <url-pattern>/WEB-INF/views/*</url-pattern>
    </servlet-mapping>

    <!-- security stuff-->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/security.xml</param-value>
    </context-param>
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

</web-app>

Any help is greatly appreciated!

1 answers

solution1
 4 ACCPTED  2013-07-21 19:59:20

Answering my own question:

It turns out that the spring app only had 2 viable users: 

<user-service>
    <user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" />
    <user name="bob" password="bobspassword" authorities="ROLE_USER" />
</user-service>

My tonr client was not in this user-service, so spring kept rejecting it. I just needed to add the client list to a ClientDetailsUserDetailsService : 

<beans:bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
        <beans:constructor-arg ref="clientDetails" />
</beans:bean>

and then add that UserDetailsService implementation to the <authentication-manager/> bean: 

<authentication-manager>
    <authentication-provider>
        <user-service>
            <user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" />
            <user name="bob" password="bobspassword" authorities="ROLE_USER" />
        </user-service>
    </authentication-provider>
    <authentication-provider user-service-ref="clientDetailsUserService" />
</authentication-manager>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to generate Client Secret in OAuth2 Authentication using Spring Authentication with OAuth2 in Webflux Spring Spring oauth2 basic authentication Spring OAuth2 authentication with token Oauth2 Client in Spring security oauth2 client in Spring Boot No Such Client Exception Spring Oauth2 Spring OAuth2 Provider Client Authentication 401 not authorized error using CloudFoundry as client Performing authentication via spring security oauth2 Spring oauth2 and digest authentication will work together
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM