![](/img/trans.png)
[英]Spring Security OAuth2 grants a token, then immediately can't remember it: Access is denied (user is anonymous)
[英]Spring security oauth2 - Can't access /oauth/token route
我剛剛開始按照本教程為我的 rest api 制作身份驗證服務器: https : //jugbd.org/2017/09/19/implementing-oauth2-spring-boot-spring-security/ 。 一切都很順利,直到最后我無法訪問 /oauth/token 路由以進行身份驗證。
我想我需要更多的解釋才能完全理解這種身份驗證。
謝謝你,馬修·莫尼耶
PS:這是我的課程:
資源服務器配置文件
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/api/secure/**").authenticated();
}
}
授權服務器配置文件
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerSecurityConfigurer serverSecurityConfigurer){
serverSecurityConfigurer
.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()")
.allowFormAuthenticationForClients();
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception{
clients.inMemory().withClient("android-client")
.authorizedGrantTypes("client-credentials", "password", "refresh_token")
.authorities("ROLE_CLIENT", "ROLE_ANDROID_CLIENT")
.scopes("read", "write", "trust")
.resourceIds("oauth2resource")
.accessTokenValiditySeconds(5000)
.secret("android-secret").refreshTokenValiditySeconds(50000);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints){
endpoints.authenticationManager(authenticationManager)
.allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
}
}
就在我的主要下面
@Autowired
CustomUserDetailsService userDetailsService;
@Autowired
public void authenticationManager(AuthenticationManagerBuilder builder) throws Exception{
builder.userDetailsService(userDetailsService);
}
最后是我的 CustomUserDetailsService 和 UserService
自定義用戶詳細信息服務.java
@Service
public class CustomUserDetailsService implements UserDetailsService {
private final UserService userService;
@Autowired
public CustomUserDetailsService(UserService userService) {
this.userService = userService;
}
@Override
public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
return this.userService.findByEmail(email);
}
}
用戶服務.java
@Service
public class UserService {
@Autowired
MembreRepository membreRepository;
public UserDetails findByEmail(String email){
return membreRepository.findOneByEmail(email);
}
}
默認情況下,端點 /oauth/token 是安全的,
因此,要調用此端點,您需要以客戶端身份進行身份驗證。 為此,根據您的設置,您需要在 POST 正文中傳遞 client_id 和 client_secret(您的設置允許客戶端身份驗證表單.allowFormAuthenticationForClients()
)。
嘗試使用參數調用端點:
網址
{{host}}/oauth/token
標題
Content-Type application/x-www-form-urlencoded
發布參數
grant_type: password
scope: read write
username: foo
password: bar
client_id: android-client
client_secret: android-secret
我用郵遞員來測試
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.