堆棧內存溢出
  簡體   English   中英

不能使用curl來調用帶有tut-spring-security-and-angular-js“ pairs-oauth2”示例的資源

[英]Cannot use curl to call resource with tut-spring-security-and-angular-js “pairs-oauth2” example

 原文  2016-04-27 19:19:25       angularjs/ spring/ curl/ spring-security/ oauth2

問題描述

我遵循了Spring Security and Angular JS-Secure Single Page Application教程,並從GITHUB下載了其源代碼。 我正在嘗試使用“ client_credentials” grant_type模擬命中“資源” api的遠程應用程序。

我可以通過發出以下命令來獲得令牌: 

curl "http://acme:acmesecret@192.168.1.12:9999/uaa/oauth/token" -d grant_type=client_credentials -d client_id=acme

這給了我以下標記: 

    {"access_token":"eyJhbGciOiJSUzI1NiJ9.eyJhdWQiOlsiZGF0YS1jb25zdW1lci1zZXJ2aWNlIl0sInNjb3BlIjpbInJlYWQiLCJ3cml0ZSIsIm9wZW5pZCJdLCJleHAiOjE0NjE4MjUwMTIsImp0aSI6ImJkZjVhODA3LTFkYjktNDI2Ni1iMWQxLTMzMmNmZWQ0NDQ4NCIsImNsaWVudF9pZCI6ImFjbWUifQ.lcKodEkwuG6JXhakgk_W4Mat0chiXePcreFZ-WmX0RAAYhPexqxJSX-OHmgOPYLh9sdRqCFbvuZFxQL-xn34Q1N9fj3ppAzDNnXa-GNq7x83pnkcbEVwtXWyEjfSSjo1ui0Ui0N-gQ5XeecXG_JXyV9ZfjopRtyz0ReimietJMU6qgUfH59b9GC6LnAciL4wOzlzPPY2p_ZR0x8XuruBWluE5IZwe3jDxtcz_UGhvjwrdjczaYTONMTRul-pKZtieG18e4CLjiu0-z_EboVmW7JaQMOJKzDf_Ew2PkomMJwPaIk4CtJIm7U8JtwqO8j--n9GEfcb5pM07-wmHjqE7w","token_type":"bearer","expires_in":42813,"scope":"read write openid","jti":"bdf5a807-1db9-4266-b1d1-332cfed44484"}

但是,當我嘗試使用令牌訪問API時 

curl -v -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJhdWQiOlsiZGF0YS1jb25zdW1lci1zZXJ2aWNlIl0sInNjb3BlIjpbInJlYWQiLCJ3cml0ZSIsIm9wZW5pZCJdLCJleHAiOjE0NjE4MjUwMTIsImp0aSI6ImJkZjVhODA3LTFkYjktNDI2Ni1iMWQxLTMzMmNmZWQ0NDQ4NCIsImNsaWVudF9pZCI6ImFjbWUifQ.lcKodEkwuG6JXhakgk_W4Mat0chiXePcreFZ-WmX0RAAYhPexqxJSX-OHmgOPYLh9sdRqCFbvuZFxQL-xn34Q1N9fj3ppAzDNnXa-GNq7x83pnkcbEVwtXWyEjfSSjo1ui0Ui0N-gQ5XeecXG_JXyV9ZfjopRtyz0ReimietJMU6qgUfH59b9GC6LnAciL4wOzlzPPY2p_ZR0x8XuruBWluE5IZwe3jDxtcz_UGhvjwrdjczaYTONMTRul-pKZtieG18e4CLjiu0-z_EboVmW7JaQMOJKzDf_Ew2PkomMJwPaIk4CtJIm7U8JtwqO8j--n9GEfcb5pM07-wmHjqE7w" http://192.168.1.12/8080/resource/resources

我收到302響應,並重定向到登錄頁面。 這是身份驗證服務器的輸出: 

2016-04-27 12:38:52.563 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/css/**']
2016-04-27 12:38:52.563 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/oauth/authorize'; against '/css/**'
2016-04-27 12:38:52.563 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/js/**']
2016-04-27 12:38:52.563 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/oauth/authorize'; against '/js/**'
2016-04-27 12:38:52.563 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/images/**']
2016-04-27 12:38:52.563 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/oauth/authorize'; against '/images/**'
2016-04-27 12:38:52.563 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/**/favicon.ico']
2016-04-27 12:38:52.563 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/oauth/authorize'; against '/**/favicon.ico'
2016-04-27 12:38:52.563 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/error']
2016-04-27 12:38:52.563 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/oauth/authorize'; against '/error'
2016-04-27 12:38:52.563 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : No matches found
2016-04-27 12:38:52.563 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/login']
2016-04-27 12:38:52.563 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/oauth/authorize'; against '/login'
2016-04-27 12:38:52.563 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/oauth/authorize']
2016-04-27 12:38:52.563 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/oauth/authorize'; against '/oauth/authorize'
2016-04-27 12:38:52.564 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : matched
2016-04-27 12:38:52.564 DEBUG 2691 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy        : /oauth/authorize?client_id=acme&redirect_uri=http://192.168.1.12:8080/login&response_type=code&state=g9DTvR at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2016-04-27 12:38:52.564 DEBUG 2691 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy        : /oauth/authorize?client_id=acme&redirect_uri=http://192.168.1.12:8080/login&response_type=code&state=g9DTvR at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2016-04-27 12:38:52.564 DEBUG 2691 --- [nio-9999-exec-9] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2016-04-27 12:38:52.564 DEBUG 2691 --- [nio-9999-exec-9] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2016-04-27 12:38:52.564 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@53614cb0
2016-04-27 12:38:52.564 DEBUG 2691 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy        : /oauth/authorize?client_id=acme&redirect_uri=http://192.168.1.12:8080/login&response_type=code&state=g9DTvR at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
2016-04-27 12:38:52.564 DEBUG 2691 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy        : /oauth/authorize?client_id=acme&redirect_uri=http://192.168.1.12:8080/login&response_type=code&state=g9DTvR at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2016-04-27 12:38:52.564 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /oauth/authorize' doesn't match 'POST /logout
2016-04-27 12:38:52.564 DEBUG 2691 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy        : /oauth/authorize?client_id=acme&redirect_uri=http://192.168.1.12:8080/login&response_type=code&state=g9DTvR at position 6 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2016-04-27 12:38:52.564 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /oauth/authorize' doesn't match 'POST /login
2016-04-27 12:38:52.564 DEBUG 2691 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy        : /oauth/authorize?client_id=acme&redirect_uri=http://192.168.1.12:8080/login&response_type=code&state=g9DTvR at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2016-04-27 12:38:52.564 DEBUG 2691 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy        : /oauth/authorize?client_id=acme&redirect_uri=http://192.168.1.12:8080/login&response_type=code&state=g9DTvR at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2016-04-27 12:38:52.564 DEBUG 2691 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy        : /oauth/authorize?client_id=acme&redirect_uri=http://192.168.1.12:8080/login&response_type=code&state=g9DTvR at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2016-04-27 12:38:52.564 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.w.a.AnonymousAuthenticationFilter  : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2016-04-27 12:38:52.564 DEBUG 2691 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy        : /oauth/authorize?client_id=acme&redirect_uri=http://192.168.1.12:8080/login&response_type=code&state=g9DTvR at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2016-04-27 12:38:52.564 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.w.session.SessionManagementFilter  : Requested session ID CCFF7CFAC451E5D4E219B975C94780EF is invalid.
2016-04-27 12:38:52.564 DEBUG 2691 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy        : /oauth/authorize?client_id=acme&redirect_uri=http://192.168.1.12:8080/login&response_type=code&state=g9DTvR at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2016-04-27 12:38:52.564 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.w.a.i.FilterSecurityInterceptor    : Secure object: FilterInvocation: URL: /oauth/authorize?client_id=acme&redirect_uri=http://192.168.1.12:8080/login&response_type=code&state=g9DTvR; Attributes: [authenticated]
2016-04-27 12:38:52.564 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.w.a.i.FilterSecurityInterceptor    : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2016-04-27 12:38:52.564 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.access.vote.AffirmativeBased       : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@6276271, returned: -1
2016-04-27 12:38:52.565 DEBUG 2691 --- [nio-9999-exec-9] o.s.s.w.a.ExceptionTranslationFilter     : Access is denied (user is anonymous); redirecting to authentication entry point

我確實更改了OAuth2AuthorizationConfig以添加“ client_credentials”授予類型 

        @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                .withClient("acme")
                .secret("acmesecret")
                .scopes("read","write")
                .authorizedGrantTypes("authorization_code", "refresh_token","password","client_credentials")
                .scopes("openid");
    }

但是我一定想念其他東西。 非常感謝您的協助!

1 個解決方案

解決方案1
 0  2016-05-03 19:32:33

我找到了解決方案。 在將具有“ @ EnableOAuth2Sso”的資源服務器添加到您的類時,可以使用access_token訪問資源。 例如: 

    @Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration
        extends ResourceServerConfigurerAdapter {
    @Override
    public void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        http
                .antMatcher("/user")
                .authorizeRequests().anyRequest().authenticated()
                .and()
                .antMatcher("/data")
                .authorizeRequests().anyRequest().authenticated();
        // @formatter:on
    }
}

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 URL路徑中的Spring Security oauth2和Angular JS令牌? Spring Security + Angular JS + Spring MVC Rest 在此示例中,Angular js使用控制器 將數據庫添加到 Spring Security 和 Angular JS 如何在Angular js中調用cURL post方法 JS / Angular應用程序安全性-oauth2是否足以用於“主”應用程序? 使用spring security和angular js登錄返回403 Spring Security和Angular JS基本身份驗證不起作用 Siteminder SSO + Spring Security + Angular JS 努力為angular js應用程序添加spring security
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM