Spring-boot oauth2拆分授权服务器和资源服务器
我试图在spring-boot中将资源服务器从授权服务器中分离出来。 我有两个不同的应用程序,我分开运行。 在授权服务器中,我可以从oauth / token获取承载令牌,但是当我试图访问资源(在头部中发送令牌)时,我收到了无效的令牌错误。 我的目的是使用InMemoryTokenStore和承载令牌。 谁能告诉我我的代码有什么问题?
授权服务器:
@SpringBootApplication public class AuthorizationServer extends WebMvcConfigurerAdapter { public static void main(String[] args) { SpringApplication.run(AuthorizationServer.class, args); } @Configuration @EnableAuthorizationServer protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter { private TokenStore tokenStore = new InMemoryTokenStore(); @Autowired private AuthenticationManager authenticationManager; @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { endpoints .authenticationManager(authenticationManager) .tokenStore(tokenStore); } @Override public void configure(AuthorizationServerSecurityConfigurer security) throws Exception { security.checkTokenAccess("hasAuthority('ROLE_USER')"); } @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients .inMemory() .withClient("user") .secret("password") .authorities("ROLE_USER") .authorizedGrantTypes("password") .scopes("read", "write") .accessTokenValiditySeconds(1800); } } 资源服务器:
@SpringBootApplication @RestController @EnableOAuth2Resource @EnableWebSecurity @Configuration public class ResourceServer extends WebSecurityConfigurerAdapter { public static void main(String[] args){ SpringApplication.run(ResourceServer.class, args); } @RequestMapping("/") public String home(){ return "Hello Resource World!"; } @Bean public ResourceServerTokenServices tokenService() { RemoteTokenServices tokenServices = new RemoteTokenServices(); tokenServices.setClientId("user"); tokenServices.setClientSecret("password"); tokenServices.setTokenName("tokenName"); tokenServices.setCheckTokenEndpointUrl("http://localhost:8080/oauth/check_token"); return tokenServices; } @Override public AuthenticationManager authenticationManagerBean() throws Exception { OAuth2AuthenticationManager authenticationManager = new OAuth2AuthenticationManager(); authenticationManager.setTokenServices(tokenService()); return authenticationManager; } @Configuration @EnableResourceServer protected static class ResourceServerConfig extends ResourceServerConfigurerAdapter { @Override public void configure(HttpSecurity http) throws Exception { http .requestMatchers() .antMatchers("/","/home") .and() .authorizeRequests() .anyRequest().access("#oauth2.hasScope('read')"); } @Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { TokenStore tokenStore = new InMemoryTokenStore(); resources.resourceId("Resource Server"); resources.tokenStore(tokenStore); } }
您已创建2个InMemoryTokenStore实例。 如果要在auth服务器和资源服务器之间共享令牌,则需要使用相同的存储。