堆栈内存溢出
  繁体   English   中英

带有oAuth2 / oAuth / Token请求405方法的Spring Security不允许

[英]Spring Security with oAuth2 /oAuth/Token request 405 method not allow

 原文  2016-02-10 11:57:48       spring/ spring-mvc/ spring-security/ oauth-2.0/ spring-oauth2

问题描述

我在Spring Security中使用了oAuth2令牌。 如果我在Spring Boot 1.3.0中使用相同的配置,对我来说工作正常。 但是当我在Spring Mvc applicaito中使用相同的配置时。 然后会造成问题

/ oAuth / token ---> 405后方法不允许。

我的oAuth配置如下: 

import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;

@Configuration
public class OAuth2ServerConfiguration {

    @Configuration
    @EnableResourceServer
    protected static class ResourceServerConfiguration extends
            ResourceServerConfigurerAdapter {

        @Autowired
        private HttpUnauthorizedEntryPoint authenticationEntryPoint;

        @Override
        public void configure(HttpSecurity http) throws Exception {
            http
                .exceptionHandling()
                .authenticationEntryPoint(authenticationEntryPoint)
            .and()
                .csrf()
                .disable()
                .headers()
                .frameOptions().disable()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
                .authorizeRequests()
                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                .antMatchers("/webhook/**").permitAll() 
                .antMatchers("/app/**").permitAll() 
                .antMatchers("/api/**").authenticated() 
                .antMatchers("/protected/**").authenticated();

        }
    }

    @Configuration
    @EnableAuthorizationServer
    protected static class AuthorizationServerConfiguration extends
            AuthorizationServerConfigurerAdapter {

        @Autowired
        private DataSource dataSource;

        @Bean
        public TokenStore tokenStore() {
            return new JdbcTokenStore(dataSource);
        }

        @Autowired
        @Qualifier("authenticationManagerBean")
        private AuthenticationManager authenticationManager;

        @Override
        public void configure(AuthorizationServerEndpointsConfigurer endpoints)
                throws Exception {

            endpoints.tokenStore(tokenStore()).authenticationManager(
                    authenticationManager);
        }

        @Override
        public void configure(AuthorizationServerSecurityConfigurer oauthServer)
                throws Exception {
            oauthServer.allowFormAuthenticationForClients();
        }

        @Override
        public void configure(ClientDetailsServiceConfigurer clients) throws Exception { 
            clients
                .inMemory()
                .withClient(Constants.htgappClientId)
                .scopes("read", "write")
                .authorities("ROLE_ADMIN", "ROLE_USER") 
                .authorizedGrantTypes("password", "refresh_token", "authorization_code", "implicit")
                .secret(Constants.htgappClientSecret) 
                .accessTokenValiditySeconds(Constants.tokenValidityInSeconds);
        }
    }
}

任何人都可以在我错的地方提供帮助。

2 个解决方案

解决方案1
 0  2016-03-07 13:13:47

您可以在配置中指定允许的方法,如下所示: 

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { 
    endpoints.tokenStore(tokenStore()).authenticationManager(authenticationManager);
    endpoints.allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST)
}

解决方案2
 0  2018-06-11 18:07:38

默认允许的仅是/oauth/token endpoint POST。 因此,要允许GET方法,我们必须配置REST端点。 仅使用XML配置,就不可能配置允许的令牌端点方法。 因此,创建一个额外的配置类,以在XML运行之后运行@PostConstruct方法,以完成工作。 

    @Configuration
    public class OauthTokenEndPointMethodConfig {

    @Autowired
    private TokenEndpoint tokenEndpoint;

    @PostConstruct
    public void reconfigure() {
        Set<HttpMethod> allowedMethods = new HashSet<>(Arrays.asList(HttpMethod.GET, HttpMethod.POST));
        tokenEndpoint.setAllowedRequestMethods(allowedMethods);
    }
  }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring oauth2 oauth/token http 405 错误不支持POST方法 Spring Security:如何在请求标头中传递oauth2访问令牌 令牌URL因Spring Security OAuth2而失败 Spring 安全 OAuth2 令牌自省 Spring Security OAuth2 JWT 匿名令牌 Spring Security OAuth2-验证访问令牌 Spring Boot + OAuth2安全和请求过滤器 Spring 安全 oauth2 - 在 oauth/token 调用后添加过滤器 Spring OAuth2 令牌请求中的 StackOverflowError 在Spring Security OAuth2中使用用户名密码授予中的刷新令牌请求新的访问令牌
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM