堆棧內存溢出
  簡體   English   中英

Spring oauth2 基本認證

[英]Spring oauth2 basic authentication

 原文  2018-03-26 17:50:18       spring/ spring-mvc/ authentication/ spring-security/ oauth-2.0

問題描述

我正在嘗試使用 OAuth2 實現開發具有 spring 安全性的 rest api。 但是如何刪除基本身份驗證。 我只想將用戶名和密碼發送到 body 並在郵遞員上獲取令牌。

@Configuration
public class OAuthServerConfigration {

private static final String SERVER_RESOURCE_ID = "oauth2-server";

private static InMemoryTokenStore tokenStore = new InMemoryTokenStore();


@Configuration
@EnableResourceServer
protected static class ResourceServer extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.resourceId(SERVER_RESOURCE_ID).stateless(false);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
         http.anonymous().disable().requestMatchers().antMatchers("/api/**").and().authorizeRequests().antMatchers("/api/**").access("#oauth2.hasScope('read')");
    }
}

@Configuration
@EnableAuthorizationServer
protected static class AuthConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private AuthenticationManager authenticationManager;


    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.authenticationManager(authenticationManager).tokenStore(tokenStore).approvalStoreDisabled();
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
            .withClient("client")
            .secret("$2a$10$5OkeCLKNs/BkdO0qcYRri.MdIcKhFvElAllhPgLfRQqG7wkEiPmq2")
                .authorizedGrantTypes("password","authorization_code","refresh_token")
                .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
              .scopes("read", "write", "trust")
                .resourceIds(SERVER_RESOURCE_ID)
                  //.accessTokenValiditySeconds(ONE_DAY)
                  .accessTokenValiditySeconds(300)
                  .refreshTokenValiditySeconds(50);

    }


    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {

        oauthServer
                // we're allowing access to the token only for clients with 'ROLE_TRUSTED_CLIENT' authority
                .tokenKeyAccess("hasAuthority('ROLE_TRUSTED_CLIENT')")
                .checkTokenAccess("hasAuthority('ROLE_TRUSTED_CLIENT')");

    }

 }

}

@Configuration
@Order(2)
public static class ApiLoginConfig extends 
WebSecurityConfigurerAdapter{   
    @Autowired
    DataSource dataSource;

    @Autowired
    ClientDetailsService clientDetailsService;


    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/oauth/**");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.httpBasic().disable().csrf().disable().antMatcher("/oauth/token").authorizeRequests().anyRequest().permitAll();


    }
    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public TokenStore tokenStore() {
        return new InMemoryTokenStore();
    }

    @Bean
    @Autowired
    public TokenStoreUserApprovalHandler userApprovalHandler(TokenStore tokenStore){
        TokenStoreUserApprovalHandler handler = new TokenStoreUserApprovalHandler();
        handler.setTokenStore(tokenStore);
        handler.setRequestFactory(new DefaultOAuth2RequestFactory(clientDetailsService));
        handler.setClientDetailsService(clientDetailsService);
        return handler;
    }

    @Bean
    @Autowired
    public ApprovalStore approvalStore(TokenStore tokenStore) throws Exception {
        TokenApprovalStore store = new TokenApprovalStore();
        store.setTokenStore(tokenStore);
        return store;
    }
}

想要刪除基本身份驗證並在郵遞員的正文標簽中發送用戶名密碼以獲取令牌

我遇到了一些問題 { "error": "unauthorized", "error_description": "沒有客戶端身份驗證。嘗試添加適當的身份驗證過濾器。" }

1 個解決方案

解決方案1
 5 已采納  2018-03-26 18:46:51

在方法中的@EnableAuthorizationServer配置類中:-

@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer)

嘗試添加以下內容:-

oauthServer.allowFormAuthenticationForClients()

完成后,您將不得不調用 oauth get token url,如下所示:-

URL 將與 http(s)://{HOST_NAME}/oauth/token 相同

HTTP 方法類型現在將是POST

標題:-

Content-Type=application/x-www-form-urlencoded

參數將是 postman 正文中 x-www-form-urlencoded 中的鍵值對

對於 client_credentials grant_type:-

grant_type=client_credentials
client_id=client_id_value
client_secret=client_secret_value
scope=scopes

對於密碼 grant_type:-

grant_type=password
client_id=client_id_value
client_secret=client_secret_value
scope=scopes
username=username
password=password

范圍將在此處以逗號分隔

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 結合 OAuth2 與 http 基本認證 spring 安全 Spring 使用令牌進行 OAuth2 身份驗證 在Webflux Spring中使用OAuth2進行身份驗證 OAuth2客戶端身份驗證Spring 基本身份驗證過濾器和身份驗證入口點實際上並未使用spring oauth2令牌請求 通過Spring Security oauth2執行認證 Spring oauth2和摘要身份驗證將一起工作 Spring引導oauth2管理httpbasic認證 Spring Security OAuth2-存儲的身份驗證對象 身份驗證在spring boot 1.5.2和Oauth2中不起作用
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM