尝试在grails 2.2.4中使用grails-spring-security-oauth2-provider。授权流程正在运行,但是当重新提交代码以获取令牌(通过/ myapp / oauth / token)时,我希望ClientCredentialsTokenEndpointFilter对POST请求进行身份验证,但事实并非如此。我在过滤链中看到了它。
另外,它会使用我在Config.groovy中定义的客户端的id / secret吗?看起来它会首先尝试我的DaoAuthenticationProvidor并失败并直接进入异常过滤器(并重定向到登录端点)。
DEBUG web.FilterChainProxy - /oauth/token at position 5 of 11 in additional filter chain; firing Filter: 'RequestHolderAuthenticationFilter'
DEBUG web.FilterChainProxy - /oauth/token at position 6 of 11 in additional filter chain; firing Filter: 'ClientCredentialsTokenEndpointFilter'
DEBUG web.FilterChainProxy - /oauth/token at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
我的配置:
oauthProvider {
clients = [
[
clientId:"test",
clientSecret:"testSecret",
authorizedGrantTypes:["authorization_code"],
registeredRedirectUri:["http://myapp/other/"]
]
]
providerNames = [
'samlAuthenticationProvider',
'daoAuthenticationProvider',
'anonymousAuthenticationProvider',
'rememberMeAuthenticationProvider',
'clientCredentialsAuthenticationProvider']
...
'/oauth/authorize.dispatch':['IS_AUTHENTICATED_REMEMBERED'],
'/oauth/token.dispatch':['IS_AUTHENTICATED_REMEMBERED'],
网址发布:
http://localhost:8080/myapp/oauth/token
grant_type=authorization_code
client_id=test
client_secret=testSecret
code=<the code I got from authorization>
redirect_uri=http:localhost:8080//myapp/other"
答案 0 :(得分:0)
您的所有请求中的重定向uri是否相同?