我能够获得oauth访问令牌,并且可以在本地运行springboot应用程序时使用。但是,当我将其上传到公司服务器时,我仍然可以收到令牌,但是当我尝试使用它时,却出现401错误。还有其他需要配置的内容吗?
我正在参考本教程(特别是[vanilla]示例): https://github.com/spring-projects/spring-security-oauth/tree/master/tests/annotation
使用此代码,
URL url = new URL("https://www.myserver.com/project/oauth/token?grant_type=client_credentials");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setDoOutput(true);
conn.setRequestMethod("POST");
conn.addRequestProperty("Content-Type", "application/x-www-form-urlencoded");
conn.setRequestProperty("Accept", "application/json");
conn.setRequestProperty("Authorization", "Basic " + Base64.getEncoder().encodeToString("my-client-with-secret:secret".getBytes()));
我能够收到访问令牌:
{"access_token":"xxxx-xxxxx-xxxxxx-xxxxxx","token_type":"bearer","expires_in":41805,"scope":"read write"}
但是当我尝试使用它时:
URL url = new URL("https://www.myserver.com/project/api/stuff");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setDoOutput(true);
conn.setRequestMethod("POST");
conn.addRequestProperty("Content-Type", "application/json; charset=UTF-8");
conn.setRequestProperty("Accept", "application/json");
conn.setRequestProperty("Authorization", "Bearer " + token);
我得到一个错误:
{"error":"invalid_token","error_description":"Invalid access token: xxxx-xxxxx-xxxxxx-xxxxxx"}
我也看了这个问题: Oauth2: Invalid access token 但是我的是在本地工作的。
其他信息: 由于某些原因,服务器使用“ OAuth2AuthenticationProcessingFilter” 但在本地使用“ BasicAuthenticationFilter”
服务器:
/oauth/token?grant_type=client_credentials at position 5 of 11 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'
Token not found in headers. Trying request parameters.
Token not found in request parameters. Not an OAuth2 request.
本地:
/oauth/token?grant_type=client_credentials at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
Basic Authentication Authorization header found for user 'my-client-with-secret'