在使用spring security oauth时,如何配置两个身份验证管理器,分别对客户端和用户进行身份验证?

时间:2015-12-25 18:08:30

标签: java spring spring-security spring-security-oauth2

我是Spring安全新手,并尝试使用以下配置分别配置两个身份验证管理器来验证客户端和用户。但是,它一直向我显示"没有请求id的客户端:admin"在日志文件中。专家可以提供建议吗?感谢。

配置:     

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:security="http://www.springframework.org/schema/security"
       xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
                                http://www.springframework.org/schema/beans/spring-beans.xsd
                                http://www.springframework.org/schema/context
                                http://www.springframework.org/schema/context/spring-context.xsd
                                http://www.springframework.org/schema/mvc
                                http://www.springframework.org/schema/mvc/spring-mvc.xsd
                                http://www.springframework.org/schema/security
                                http://www.springframework.org/schema/security/spring-security.xsd
                                http://www.springframework.org/schema/security/oauth2
                                http://www.springframework.org/schema/security/spring-security-oauth2.xsd">

    <mvc:annotation-driven />
    <mvc:default-servlet-handler />

    <security:http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager">
        <security:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
        <security:anonymous enabled="false" />
        <security:http-basic entry-point-ref="clientAuthenticationEntryPoint" />
        <security:custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER" />
        <security:access-denied-handler ref="oauthAccessDeniedHandler" />
    </security:http>

    <!-- authentication manager for user -->
    <security:authentication-manager alias="userAuthenticationManager">
        <security:authentication-provider user-service-ref="inMemoryUserSerivce" />
    </security:authentication-manager>

    <security:user-service id="inMemoryUserSerivce">
        <security:user name="admin" password="Abcd1234" authorities="ROLE_USER" />
    </security:user-service>

    <bean id="clientAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
        <property name="realmName" value="test" />
        <property name="typeName" value="Basic" />
    </bean>

    <bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />

    <bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
        <property name="authenticationManager" ref="clientAuthenticationManager" />
    </bean>

    <security:authentication-manager alias="clientAuthenticationManager">
        <security:authentication-provider user-service-ref="clientDetailsUserService"/>
    </security:authentication-manager>

    <bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
        <constructor-arg ref="clientDetails" />
    </bean>

    <!-- specify API client applications -->
    <oauth:client-details-service id="clientDetails">
        <oauth:client client-id="mobile_android" secret="secret123" authorized-grant-types="password"
                      authorities="ROLE_CLIENT" redirect-uri="http://localhost:8080/oauth2_callbak" />
    </oauth:client-details-service>

    <oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices">
        <oauth:authorization-code />
        <oauth:implicit />
        <oauth:refresh-token />
        <oauth:client-credentials />
        <oauth:password />
    </oauth:authorization-server>

    <bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore" />

    <!-- This is where we defined token based configurations, token validity and other things -->
    <bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
        <property name="tokenStore" ref="tokenStore" />
        <property name="supportRefreshToken" value="true" />
    </bean>
</beans>

日志文件异常消息:

Caused by: org.springframework.security.oauth2.provider.NoSuchClientException: No client with requested id: admin
        at org.springframework.security.oauth2.provider.InMemoryClientDetailsService.loadClientByClientId(InMemoryClientDetailsService.java:36)
        at org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService.loadUserByUsername(ClientDetailsUserDetailsService.java:44)
        at org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:101)

0 个答案:

没有答案
相关问题
最新问题