![](/img/trans.png)
[英]Java Spring Security: 401 Unauthorized for token OAuth2 end point
[英]Spring Security Oauth 2 custom token end point url
您好,我必须在我的项目中集成spring security oauth2。 因此,我添加了与配置相关的部分及其工作正常。 但是问题是令牌的第一个请求转到了“ / oauth / token”,我想将其更改为“ api / v1 / token”。 我进行了搜索,找到了一些解决方案,例如在oauth:authorization-server
添加token-endpoint-url
,还添加了将覆盖ClientCredentialsTokenEndpointFilter
并将URL传递给构造函数的自定义过滤器类。 但是这些没用。 我收到以下针对“ api / v1 / token”的请求的错误-
在SecurityContext中找不到身份验证对象
我的配置主要基于xml。 Spring-security.xml文件-
<http pattern="/api/v1/token" create-session="stateless"
authentication-manager-ref="authenticationManager"
xmlns="http://www.springframework.org/schema/security" >
<intercept-url pattern="/api/v1/token" access="IS_AUTHENTICATED_FULLY" />
<anonymous enabled="false" />
<http-basic entry-point-ref="clientAuthenticationEntryPoint"/>
<custom-filter ref="customClientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
<http pattern="/test/**" create-session="never"
entry-point-ref="oauthAuthenticationEntryPoint"
xmlns="http://www.springframework.org/schema/security">
<anonymous enabled="false" />
<intercept-url pattern="/test/**" access="ROLE_USER" />
<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
<beans:bean id="oauthAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
</beans:bean>
<beans:bean id="oauthAccessDeniedHandler"
class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler">
</beans:bean>
<beans:bean id="clientAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<beans:property name="realmName" value="springsec/client" />
<beans:property name="typeName" value="Basic" />
</beans:bean>
<beans:bean id="customClientCredentialsTokenEndpointFilter"
class="com.walletdoc.oauth.web.security.CustomClientCredentialsTokenEndpointFilter">
<beans:property name="authenticationManager" ref="authenticationManager" />
</beans:bean>
<authentication-manager alias="authenticationManager"
xmlns="http://www.springframework.org/schema/security">
<authentication-provider user-service-ref="clientDetailsUserService" />
</authentication-manager>
<beans:bean id="clientDetails" class="com.walletdoc.oauth.web.security.SpringSecurityClientService">
<beans:property name="id" value="mysupplycompany" />
<beans:property name="secretKey" value="mycompanykey" />
<beans:property name="authorities" value="ROLE_CLIENT" />
</beans:bean>
<beans:bean id="clientDetailsUserService"
class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
<beans:constructor-arg ref="clientDetails"/>
</beans:bean>
<authentication-manager id="userAuthenticationManager"
xmlns="http://www.springframework.org/schema/security">
<authentication-provider ref="customUserAuthenticationProvider">
</authentication-provider>
</authentication-manager>
<beans:bean id="customUserAuthenticationProvider"
class="com.walletdoc.oauth.web.security.ClientAuthenticationProvider">
</beans:bean>
<oauth:authorization-server
client-details-service-ref="clientDetails" token-services-ref="tokenServices" token-endpoint-url="/api/v1/token">
<oauth:authorization-code />
<oauth:implicit/>
<oauth:refresh-token/>
<oauth:client-credentials />
<oauth:password authentication-manager-ref="userAuthenticationManager" />
</oauth:authorization-server>
<oauth:resource-server id="resourceServerFilter"
resource-id="springsec" token-services-ref="tokenServices" />
<beans:bean id="tokenStore"
class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore" />
<beans:bean id="tokenServices"
class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
<beans:property name="tokenStore" ref="tokenStore" />
<beans:property name="supportRefreshToken" value="true" />
<beans:property name="accessTokenValiditySeconds" value="3600"></beans:property>
<beans:property name="clientDetailsService" ref="clientDetails" />
</beans:bean>
我从最近2天开始尝试解决此问题,因此将不胜感激。
路径“ / oauth / token”不是事实上的标准吗?
不幸的是,我没有XML配置的确切答案,但是也许此Java配置可以给您提示。
扩展AuthorizationServerConfigurerAdapter
时,可以通过以下方法访问构建器,从而可以访问授权服务器配置:
@Override
public void configure(AuthorizationServerEndpointsConfigurer oauthServer) throws Exception {
oauthServer
// Here you can override the default endpoints mappings
.pathMapping("/oauth/authorize", "/api/v1/authorize")
.pathMapping("/oauth/token", "/api/v1/token")
// .. rest of the authorization server customization
.authenticationManager(authenticationManager)
.tokenStore(tokenStore);
}
这有点奇怪,因为您通过Map覆盖了映射,您必须知道要覆盖的每个路径,并且AuthorizationServerEndpointsConfigurer
类中实际上没有任何提示或文档。
最后,它可以工作,因为授权服务器启动日志时显示:
...
.s.o.p.e.FrameworkEndpointHandlerMapping : Mapped "{[/api/v1/authorize],methods=[],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto ...
.s.o.p.e.FrameworkEndpointHandlerMapping : Mapped "{[/api/v1/token],methods=[POST],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto ...
...
我猜在XML中,它应该转换为<oauth:authorization-server>
内部的某些元素,例如:
<oauth:authorization-server>
<!-- ... -->
<pathMappings>
<!-- key/value here -->
</pathMappings>
</oauth:authorization-server>
编辑:检查XML模式后 ,您可能一开始就正确了,因为token-endpoint-url
元素应该根据注释进行数学运算:
<xs:attribute name="token-endpoint-url" type="xs:string">
<xs:annotation>
<xs:documentation>
The URL at which a request for an access token
will be serviced.
Default value: "/oauth/token"
</xs:documentation>
</xs:annotation>
</xs:attribute>
也许您应该在spring-security-oauth问题追踪器中提出问题 ?
终于成功了。 此问题中缺少的一件事是ClientCredentialsTokenEndpointFilter
Bean定义中的<beans:property name="filterProcessesUrl" value="/api/v1/token" />
。
在custom-filter
标记中,引用了ClientCredentialsTokenEndpointFilter
Bean,在该Bean中定义了一个属性id filterProcessesUrl
并将该值作为所需的url给出,在本例中为/api/v1/token
。 这就解决了问题。
因此,基本上,要更改token-endpoint-url,我们需要在4个位置进行更改-
在authorization-server
定义中添加token-endpoint-url
更改为<http pattern="changed URL"
更改为<intercept-url pattern="changed URL"
而且,加入filterProcessesUrl
属性与value="changed url"
中ClientCredentialsTokenEndpointFilter
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.