Spring security oauth2 – 无法访问/ oauth / token路由
我刚刚开始通过以下教程为我的其他api创建一个身份validation服务器: https : //jugbd.org/2017/09/19/implementing-oauth2-spring-boot-spring-security/ 。 一切顺利,直到最后我无法访问/ oauth / token路由以进行身份validation。
我想我需要更多的解释才能完全理解这种认证。
谢谢你,Matthieu Meunier
PS:这是我的课程:
ResourceServerConfig.java
@Configuration @EnableResourceServer public class ResourceServerConfig extends ResourceServerConfigurerAdapter { @Override public void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/").permitAll() .antMatchers("/api/secure/**").authenticated(); } }
AuthorizationServerConfig.java
@Configuration @EnableAuthorizationServer public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter { @Autowired private AuthenticationManager authenticationManager; @Override public void configure(AuthorizationServerSecurityConfigurer serverSecurityConfigurer){ serverSecurityConfigurer .tokenKeyAccess("permitAll()") .checkTokenAccess("isAuthenticated()") .allowFormAuthenticationForClients(); } @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception{ clients.inMemory().withClient("android-client") .authorizedGrantTypes("client-credentials", "password", "refresh_token") .authorities("ROLE_CLIENT", "ROLE_ANDROID_CLIENT") .scopes("read", "write", "trust") .resourceIds("oauth2resource") .accessTokenValiditySeconds(5000) .secret("android-secret").refreshTokenValiditySeconds(50000); } @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints){ endpoints.authenticationManager(authenticationManager) .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST); } }
就在我的主要下方
@Autowired CustomUserDetailsService userDetailsService; @Autowired public void authenticationManager(AuthenticationManagerBuilder builder) throws Exception{ builder.userDetailsService(userDetailsService); }
最后是我的CustomUserDetailsService和UserService
CustomUserDetailsService.java
@Service public class CustomUserDetailsService implements UserDetailsService { private final UserService userService; @Autowired public CustomUserDetailsService(UserService userService) { this.userService = userService; } @Override public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException { return this.userService.findByEmail(email); } }
UserService.java
@Service public class UserService { @Autowired MembreRepository membreRepository; public UserDetails findByEmail(String email){ return membreRepository.findOneByEmail(email); } }
默认情况下,端点/ oauth /令牌是安全的,
因此,要调用此端点,您需要作为客户端进行身份validation。 为此,根据您的设置,您需要在POST主体上传递client_id和client_secret(您的设置允许客户端身份validation表单.allowFormAuthenticationForClients()
)。
尝试使用参数调用端点:
url
{{host}}/oauth/token
HEADER
Content-Type application/x-www-form-urlencoded
邮政参与
grant_type: password scope: read write username: foo password: bar client_id: android-client client_secret: android-secret
我用Postman来测试