堆棧內存溢出
  簡體   English   中英

帶有oAuth2 / oAuth / Token請求405方法的Spring Security不允許

[英]Spring Security with oAuth2 /oAuth/Token request 405 method not allow

 原文  2016-02-10 11:57:48       spring/ spring-mvc/ spring-security/ oauth-2.0/ spring-oauth2

問題描述

我在Spring Security中使用了oAuth2令牌。 如果我在Spring Boot 1.3.0中使用相同的配置,對我來說工作正常。 但是當我在Spring Mvc applicaito中使用相同的配置時。 然后會造成問題

/ oAuth / token ---> 405后方法不允許。

我的oAuth配置如下: 

import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;

@Configuration
public class OAuth2ServerConfiguration {

    @Configuration
    @EnableResourceServer
    protected static class ResourceServerConfiguration extends
            ResourceServerConfigurerAdapter {

        @Autowired
        private HttpUnauthorizedEntryPoint authenticationEntryPoint;

        @Override
        public void configure(HttpSecurity http) throws Exception {
            http
                .exceptionHandling()
                .authenticationEntryPoint(authenticationEntryPoint)
            .and()
                .csrf()
                .disable()
                .headers()
                .frameOptions().disable()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
                .authorizeRequests()
                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                .antMatchers("/webhook/**").permitAll() 
                .antMatchers("/app/**").permitAll() 
                .antMatchers("/api/**").authenticated() 
                .antMatchers("/protected/**").authenticated();

        }
    }

    @Configuration
    @EnableAuthorizationServer
    protected static class AuthorizationServerConfiguration extends
            AuthorizationServerConfigurerAdapter {

        @Autowired
        private DataSource dataSource;

        @Bean
        public TokenStore tokenStore() {
            return new JdbcTokenStore(dataSource);
        }

        @Autowired
        @Qualifier("authenticationManagerBean")
        private AuthenticationManager authenticationManager;

        @Override
        public void configure(AuthorizationServerEndpointsConfigurer endpoints)
                throws Exception {

            endpoints.tokenStore(tokenStore()).authenticationManager(
                    authenticationManager);
        }

        @Override
        public void configure(AuthorizationServerSecurityConfigurer oauthServer)
                throws Exception {
            oauthServer.allowFormAuthenticationForClients();
        }

        @Override
        public void configure(ClientDetailsServiceConfigurer clients) throws Exception { 
            clients
                .inMemory()
                .withClient(Constants.htgappClientId)
                .scopes("read", "write")
                .authorities("ROLE_ADMIN", "ROLE_USER") 
                .authorizedGrantTypes("password", "refresh_token", "authorization_code", "implicit")
                .secret(Constants.htgappClientSecret) 
                .accessTokenValiditySeconds(Constants.tokenValidityInSeconds);
        }
    }
}

任何人都可以在我錯的地方提供幫助。

2 個解決方案

解決方案1
 0  2016-03-07 13:13:47

您可以在配置中指定允許的方法,如下所示: 

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { 
    endpoints.tokenStore(tokenStore()).authenticationManager(authenticationManager);
    endpoints.allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST)
}

解決方案2
 0  2018-06-11 18:07:38

默認允許的僅是/oauth/token endpoint POST。 因此,要允許GET方法,我們必須配置REST端點。 僅使用XML配置,就不可能配置允許的令牌端點方法。 因此,創建一個額外的配置類,以在XML運行之后運行@PostConstruct方法,以完成工作。 

    @Configuration
    public class OauthTokenEndPointMethodConfig {

    @Autowired
    private TokenEndpoint tokenEndpoint;

    @PostConstruct
    public void reconfigure() {
        Set<HttpMethod> allowedMethods = new HashSet<>(Arrays.asList(HttpMethod.GET, HttpMethod.POST));
        tokenEndpoint.setAllowedRequestMethods(allowedMethods);
    }
  }

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 Spring oauth2 oauth/token http 405 錯誤不支持POST方法 Spring Security:如何在請求標頭中傳遞oauth2訪問令牌 令牌URL因Spring Security OAuth2而失敗 Spring 安全 OAuth2 令牌自省 Spring Security OAuth2 JWT 匿名令牌 Spring Security OAuth2-驗證訪問令牌 Spring Boot + OAuth2安全和請求過濾器 Spring 安全 oauth2 - 在 oauth/token 調用后添加過濾器 Spring OAuth2 令牌請求中的 StackOverflowError 在Spring Security OAuth2中使用用戶名密碼授予中的刷新令牌請求新的訪問令牌
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM