我在Spring Boot 1.5.7中实现了Oauth,但是当我切换到2时,它向我显示错误“ java.lang.IllegalArgumentException:没有为id为“ null”映射的PasswordEncoder。
通过一些研究,我发现这可能是有关密码存储和密码编码的问题。
我尝试过的操作-我尝试在授权服务器文件中对客户端机密进行编码,但这无济于事,并且错误仍然存在。
我还尝试使用{bcrypt}作为前缀保存密码,因为Spring Security 5在密码搜索过程中会查找an {id}。
我无法获取访问令牌,并且上述错误也消失了。有人可以帮我解决这个问题吗?我已经阅读并实现了几乎所有内容,但似乎没有用。
更新:我可以通过将密码保存为{bcrypt}格式来解决上述错误。同样,在其他必需的位置应用passwordEncoder。
问题:我现在遇到凭据错误的错误。我进行了调试,发现它没有获得我们要在api中传递并接收null参数的用户名。该流到达userDetailservice,但带有epmty参数。我已经附上了我的UserDetailsService。
SecurityConfig.java
@Configuration
@EnableWebSecurity
public class OAuth2SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private ClientDetailsService clientDetailsService;
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private CustomPasswordEncoder customPasswordEncoder;
@Autowired
public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(customPasswordEncoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.anonymous().disable()
.authorizeRequests()
.antMatchers("/oauth/token").permitAll();
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
@Autowired
public TokenStoreUserApprovalHandler userApprovalHandler(TokenStore tokenStore) {
TokenStoreUserApprovalHandler handler = new TokenStoreUserApprovalHandler();
handler.setTokenStore(tokenStore);
handler.setRequestFactory(new DefaultOAuth2RequestFactory(clientDetailsService));
handler.setClientDetailsService(clientDetailsService);
return handler;
}
@Bean
@Autowired
public ApprovalStore approvalStore(TokenStore tokenStore) throws Exception {
TokenApprovalStore store = new TokenApprovalStore();
store.setTokenStore(tokenStore);
return store;
}
@Bean
public BCryptPasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}
AuthorizationServerConfig.java
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
private static String REALM = "api-security";
@Value("${app.oauth.client-id}")
private String CLIENT_ID;
@Value("${app.oauth.client-secret}")
private String CLIENT_SECRET;
@Value("${app.oauth.access-token-validity}")
private int accessTokenValidity;
@Value("${app.oauth.refresh-token-validity}")
private int refreshTokenValidity;
@Autowired
@Qualifier("tokenStore")
private TokenStoreService tokenStore;
@Autowired
private UserApprovalHandler userApprovalHandler;
@Autowired
private BCryptPasswordEncoder passwordEncoder;
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient(CLIENT_ID)
.authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")
.authorities("ROLE_ADMIN").scopes("read", "write", "trust").secret(passwordEncoder.encode(CLIENT_SECRET))
.accessTokenValiditySeconds(accessTokenValidity).refreshTokenValiditySeconds(refreshTokenValidity);
System.out.println(passwordEncoder.encode(CLIENT_SECRET));
System.out.println(CLIENT_SECRET);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(tokenStore).userApprovalHandler(userApprovalHandler)
.authenticationManager(authenticationManager);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.realm(REALM + "/client");
}
}
UserDetailsService.java
@Configuration
@EnableWebSecurity
public class OAuth2SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private ClientDetailsService clientDetailsService;
@Autowired
@Qualifier("userDetailsService")
private UserDetailsService userDetailsService;
@Autowired
public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.anonymous().disable()
.authorizeRequests()
.antMatchers("/oauth/token").permitAll();
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
@Autowired
public TokenStoreUserApprovalHandler userApprovalHandler(TokenStore tokenStore) {
TokenStoreUserApprovalHandler handler = new TokenStoreUserApprovalHandler();
handler.setTokenStore(tokenStore);
handler.setRequestFactory(new DefaultOAuth2RequestFactory(clientDetailsService));
handler.setClientDetailsService(clientDetailsService);
return handler;
}
@Bean
@Autowired
public ApprovalStore approvalStore(TokenStore tokenStore) throws Exception {
TokenApprovalStore store = new TokenApprovalStore();
store.setTokenStore(tokenStore);
return store;
}
@Bean
public PasswordEncoder passwordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
// @Bean
// @Override
// public UserDetailsService userDetailsServiceBean() throws Exception {
// return super.userDetailsServiceBean();
// }
// @Bean
// public UserDetailsService userDetailsService() {
// return super.userDetailsService();
// }
}
答案 0 :(得分:0)
对于认为有用的人,我可以通过以下几点来解决:
如果您清除访问令牌集合或表,就可以一次获取访问令牌。此后您执行的每个请求都将带有“ 500错误-内部服务器错误”。
之所以发生这种情况,是因为Spring Boot在发出其他请求时无法从数据库中理解访问令牌,对此您可以使用“ org.springframework.util.SerializationUtils”包。您可以对此进行搜索,在发出请求时对访问令牌进行序列化和反序列化,并刷新令牌。