使用Postman访问受Spring Boot 2和OAuth 2保护的REST API
[英]Accessing REST API secured with Spring Boot 2 and OAuth 2 using Postman
问题描述
我正在使用Spring Boot 2和Spring Security 5构建REST API服务器。我正在使用基于OAuth2的IDP,该IDP在远程服务器上运行,我可以将OAuth2客户端配置为使用IDP,并且当我尝试访问任何URL时从网络浏览器显示出来的是Spring生成的UI。 https://imgur.com/3x98x5A.png
我能够完成身份验证流程,并且能够从Web浏览器访问受保护的资源。
现在,我尝试使用Postman执行相同的操作,在其中生成访问令牌,并要求Postman使用请求标头将令牌传递到我的API服务器(资源服务器),如下所示: https : //imgur.com/z4OvUu4巴纽
但是,当我对我的API进行GET请求时,它会返回spring生成的登录页面的HTML :(
我的spring boot application.properties文件如下:
spring.security.oauth2.client.registration.wso2.client-id=<removed>
spring.security.oauth2.client.registration.wso2.client-secret=<removed>
spring.security.oauth2.client.registration.wso2.client-authentication-method=basic
spring.security.oauth2.client.registration.wso2.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.wso2.redirect-uri-template={baseUrl}/login/oauth2/code/{registrationId}
spring.security.oauth2.client.registration.wso2.scope = openid, profile
spring.security.oauth2.client.registration.wso2.client-name=WSO2 ID Provider
spring.security.oauth2.client.provider.wso2.authorization-uri=https://localidpserver:9443/oauth2/authorize
spring.security.oauth2.client.provider.wso2.token-uri=https://localidpserver:9443/oauth2/token
spring.security.oauth2.client.provider.wso2.user-info-uri=https://localidpserver:9443/oauth2/userinfo
spring.security.oauth2.client.provider.wso2.jwk-set-uri=https://localidpserver:9443/oauth2/jwks
我的POM文件如下:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.okta.developer</groupId>
<artifactId>oidc</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>oidc</name>
<description>Demo project for Spring Boot</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.2.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.projectreactor</groupId>
<artifactId>reactor-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
我非常感谢您的回应:)
1 个解决方案
解决方案1
0 2018-08-09 10:39:39
待确认,但是Spring Security Oauth与基于Spring Boot 2.0的Webflux实现不兼容,这是由于基于Servlet framwework的spring安全实现。
您需要移至2.1.0.M1和Spring安全性5.1.0.M1,检查
How to secure a Spring Boot app using Azure AD (oauth2) AND call Devops REST API (secured by Oauth2)
[英]How to secure a Spring Boot app using Azure AD (oauth2) AND call Devops REST API (secured by Oauth2)
如何修复 401 - 未经授权 - 在通过邮递员测试使用 google oauth2 保护的 Spring Rest API 时 - DB 中的角色
[英]How to fix 401 - unauthorized - when testing spring rest API secured with google oauth2 via postman - roles in DB
rest API 在 postman 中工作,但不在 Z2A2D595E6ED9A0B24F027F2B63B134 中工作
[英]rest API working in postman but not in spring boot
Spring Boot:使用Spring Social和Spring Security保护RESTful API
[英]Spring Boot: Secured RESTful API using Spring Social and Spring Security
使用 swagger 生成的 ApiClient 使用受 OAuth2 保护的 REST API
[英]Consume OAuth2 secured REST API using swagger generated ApiClient
使用Spring Boot,Eureka,Zuul和Spring Oauth创建OAuth安全的微服务的问题
[英]Issues creating OAuth secured Microservices using Spring boot, Eureka, Zuul, Spring Oauth
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Spring 引导客户端调用 REST API 由 OAuth2 保护
Spring Boot Secured Rest API
How to secure a Spring Boot app using Azure AD (oauth2) AND call Devops REST API (secured by Oauth2)
从 Spring Batch 访问 OAuth 安全 API
如何修复 401 - 未经授权 - 在通过邮递员测试使用 google oauth2 保护的 Spring Rest API 时 - DB 中的角色
使用Spring oauth2使用OAuth安全的REST Web服务
rest API 在 postman 中工作,但不在 Z2A2D595E6ED9A0B24F027F2B63B134 中工作
Spring Boot:使用Spring Social和Spring Security保护RESTful API
使用 swagger 生成的 ApiClient 使用受 OAuth2 保护的 REST API
使用Spring Boot,Eureka,Zuul和Spring Oauth创建OAuth安全的微服务的问题
相关标签