![](/img/trans.png)
[英]status=401, error=Unauthorized, message=Full authentication is required to access this resource in Spring Framework when trying to receive a token
[英]Full authentication is required to access this resource when trying to get authentication token for REST service
我的個人項目需要oauth2,因此我將在Spring網站上閱讀本教程。
我的配置主要來自他們的示例項目 ,安全模塊。
但是,當我啟動該應用程序時,我無法獲得令牌。 當我嘗試向http:// localhost:8080 / oauth / token發出POST請求時,服務器始終顯示“需要完全驗證才能訪問此資源”。
我正在使用郵遞員創建請求。 使用導入將其轉換為:
curl -X POST -vu android-bookmarks:123456 http://localhost:8080/oauth/token -H "Accept: application/json" -d "password=password&username=defaultuser&grant_type=password&scope=write&client_secret=123456&client_id=android-gps_tracker_server"
我花了一些時間來尋找答案,但是我發現的所有情況都不適合我。 可能是什么問題呢?
這是配置代碼:WebSecurityConfiguration:
@Configuration
public class WebSecurityConfiguration extends GlobalAuthenticationConfigurerAdapter{
final private PlayerRepository playerRepository;
@Autowired
public WebSecurityConfiguration(PlayerRepository playerRepository) {
this.playerRepository = playerRepository;
}
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService());
}
@Bean
UserDetailsService userDetailsService() {
return (username) -> playerRepository.findByUserName(username)//@formatter:off
.map(a -> new User(a.getUserName(), a.getPassword(), true, true, true, true, AuthorityUtils.createAuthorityList("ROLE_USER", "write")))
.orElseThrow(() -> new UsernameNotFoundException("could not find the user '" + username + "'"));//@formatter:on
}
}
OAuth2配置:
@Configuration
@EnableResourceServer
@EnableAuthorizationServer
public class OAuth2Configuration extends AuthorizationServerConfigurerAdapter{
private final String applicationName = "gps_tracker_server";
private final AuthenticationManagerBuilder authenticationManager;
@Autowired
public OAuth2Configuration(AuthenticationManagerBuilder authenticationManager) {
this.authenticationManager = authenticationManager;
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(new AuthenticationManager(){
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
return authenticationManager.getOrBuild().authenticate(authentication);
}
});
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("android-" + applicationName)
.authorizedGrantTypes("password", "authorization_code", "refresh_token")
.authorities("ROLE_USER")
.scopes("write")
.resourceIds(applicationName)
.secret("123456");
}
和主要的應用程序:
@SpringBootApplication
public class GpsTrackerServerApplication{
public static void main(String[] args) {
SpringApplication.run(GpsTrackerServerApplication.class, args);
}
@Bean
FilterRegistrationBean corsFilter(@Value("${tagit.origin:http://localhost:9000}") String origin) {
return new FilterRegistrationBean(new Filter(){
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String method = request.getMethod();
response.setHeader("Access-Control-Allow-Origin", origin);
response.setHeader("Access-Control-Allow-Methods", "POST,GET,OPTIONS,DELETE");
response.setHeader("Access-Control-Max-Age", Long.toString(60 * 60));
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Headers", "Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization");
if ("OPTIONS".equals(method)) {
response.setStatus(HttpStatus.OK.value());
} else {
chain.doFilter(req, res);
}
}
public void init(FilterConfig filterConfig) { }
public void destroy() { }
});
}
}
還有兩個YML文件,一個應用程序-https.yml和另一個application.yml。 后者僅包含數據庫憑證和“ profiles.active:https”。 第一個看起來像這樣:
server:
port: 8443
ssl:
key-store: classpath:tomcat.keystore
key-store-password: defaultuser
key-password: defaultuser
我找到了答案。 我必須將client_id和client_secret放入“授權”選項卡的郵遞員的“用戶名”和“密碼”字段中,並啟用“基本驗證”選項。 然后,我可以獲取訪問令牌。
使用從Curl語句導入時,郵遞員將id和secret放入x-www-form-urlencoded主體中,該主體不起作用。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.