我正在尝试创建一个Web应用程序,我们可以通过调用一些http基本请求来获取“密码”授权类型中的访问令牌
例如
当我打电话
我可以获得以下令牌
// Nested Types
.class nested public auto ansi sealed Dele
extends [mscorlib]System.MulticastDelegate
{
// Methods
.method public hidebysig specialname rtspecialname
instance void .ctor (
object 'object',
native int 'method'
) runtime managed
{
} // end of method Dele::.ctor
.method public hidebysig newslot virtual
instance int32 Invoke (
int32 x,
int32 y
) runtime managed
{
} // end of method Dele::Invoke
.method public hidebysig newslot virtual
instance class [mscorlib]System.IAsyncResult BeginInvoke (
int32 x,
int32 y,
class [mscorlib]System.AsyncCallback callback,
object 'object'
) runtime managed
{
} // end of method Dele::BeginInvoke
.method public hidebysig newslot virtual
instance int32 EndInvoke (
class [mscorlib]System.IAsyncResult result
) runtime managed
{
} // end of method Dele::EndInvoke
} // end of class Dele
但是我的令牌网站总是返回404.我尝试在网上进行一些搜索,但仍然没有帮助......
这是我的代码:
的web.xml
{"access_token":"4219a91f-45d5-4a07-9e8e-3acbadd0c23e","token_type":"bearer","refresh_token":"d41df9fd-3d36-4a20-b0b7-1a1883c7439d","expires_in":43199,"scope":"read write trust"}
安全-context.xml中
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/security-context.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>user-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
我的控制器类
<http pattern="/user/operation/Registration" security="none"
use-expressions="true" />
<http use-expressions="true" pattern="/oauth/token"
create-session="stateless" authentication-manager-ref="oauth2AuthenticationManager">
<anonymous enabled="false" />
<csrf disabled="true" />
<intercept-url pattern="/oauth/token" access="permitAll()" />
<http-basic entry-point-ref="oauth2AuthenticationEntryPoint" />
<custom-filter ref="clientCredentialsTokenEndpointFilter"
before="BASIC_AUTH_FILTER" />
<access-denied-handler ref="oauth2AccessDeniedHandler" />
</http>
<http auto-config="true">
<intercept-url pattern="/user/operation/Healthcheck**"
access="hasRole('ROLE_USER')" />
<form-login login-page="/user/operation/Login"
default-target-url="/user/operation/Healthcheck"
authentication-failure-url="/user/operation/Error" />
<anonymous />
</http>
<beans:bean id="customPasswordEncoder"
class="com.test.custom.project.password.CustomPasswordEncoder" />
<authentication-manager alias="authenticationManager">
<authentication-provider>
<password-encoder ref="customPasswordEncoder" />
<jdbc-user-service data-source-ref="jdbcTemplate"
users-by-username-query="select
username, password, 1 from app_users where username = ?"
authorities-by-username-query="select
u.username, r.role from app_users u left join app_role r on u.role_id=r.role_id
where username = ?" />
</authentication-provider>
</authentication-manager>
<beans:bean id="jdbcTemplate"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<beans:property name="driverClassName" value="com.mysql.jdbc.Driver" />
<beans:property name="url"
value="jdbc:mysql://test.test/test" />
<beans:property name="username" value="root" />
<beans:property name="password" value="root" />
</beans:bean>
<beans:bean id="tokenStore"
class="org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore" />
<beans:bean id="tokenServices"
class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
<beans:property name="tokenStore" ref="tokenStore" />
<beans:property name="supportRefreshToken" value="true" />
<beans:property name="clientDetailsService" ref="clientDetailsService" />
</beans:bean>
<oauth2:client-details-service id="clientDetailsService">
<oauth2:client client-id="mobile_1"
authorized-grant-types="password,authorization_code,refresh_token,implicit"
secret="secret_1" scope="read,write,trust" authorities="ROLE_USER" />
</oauth2:client-details-service>
<beans:bean id="oauth2ClientDetailsUserService"
class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
<beans:constructor-arg ref="clientDetailsService" />
</beans:bean>
<authentication-manager id="oauth2AuthenticationManager">
<authentication-provider user-service-ref="oauth2ClientDetailsUserService" />
</authentication-manager>
<oauth2:authorization-server
client-details-service-ref="clientDetailsService" token-services-ref="tokenServices"
user-approval-handler-ref="oauthUserApprovalHandler">
<oauth2:authorization-code />
<oauth2:implicit />
<oauth2:refresh-token />
<oauth2:client-credentials />
<oauth2:password />
</oauth2:authorization-server>
<beans:bean id="oauth2AuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<beans:property name="realmName" value="test.com" />
</beans:bean>
<beans:bean id="oauth2AccessDeniedHandler"
class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
<beans:bean id="oauthUserApprovalHandler"
class="org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler" />
<beans:bean id="oauth2AccessDecisionManager"
class="org.springframework.security.access.vote.UnanimousBased">
<beans:constructor-arg>
<beans:list>
<beans:bean
class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
<beans:bean
class="org.springframework.security.access.vote.RoleVoter" />
<beans:bean
class="org.springframework.security.access.vote.AuthenticatedVoter" />
<beans:bean
class="org.springframework.security.web.access.expression.WebExpressionVoter" />
</beans:list>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="clientCredentialsTokenEndpointFilter"
class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
<beans:property name="authenticationManager" ref="oauth2AuthenticationManager" />
</beans:bean>
在我提交一个http请求后,比如使用ajax post call,我得到了404错误代码和以下Tomcat7日志
@Controller
@RequestMapping("/operation")
public class UserOperationController {
private static final Logger logger = Logger.getLogger(UserOperationController.class);
@RequestMapping("/Login")
public ModelAndView home() {
return new ModelAndView("login");
}
@RequestMapping("/Error")
public ModelAndView error() {
return new ModelAndView("error");
}
@RequestMapping("/Healthcheck")
public ModelAndView healthCheck() {
...Some Operations....
return new ModelAndView("healthcheck", "result", "positive");
}
@RequestMapping(value = "/Registration", method = RequestMethod.POST, consumes = "application/json")
public @ResponseBody
void registration(@RequestBody UserModel user) {
...Some Operations....
}
}
我使用的Spring Security版本:
4.0.2.RELEASE