Question

我有一个oauth2的工作示例，其余部分是资源的客户端和所有者的内存身份验证和授权。我试图将其转换为JDBC身份验证和授权没有取得多大成功。我一直收到Bad Credentials错误。过滤器的安全性让我很难调试： - ）

Inserted是我的java代码，现在使用内存认证用户，但不是客户端。架构与this相同。

在某处使用jdbc身份验证和授权与 Java配置 是否有完整的oauth2.0工作示例？

-------------------下面的代码 -

public class WebSecurityConfig extends OAuth2ServerConfigurerAdapter {
    private final static Logger logger = LogFactory.getLogger(WebSecurityConfig.class);



    private JdbcClientDetailsService jdbcClientDetailsService;
    private JdbcTokenStore jdbcTokenStore;
    private JdbcUserDetailsManagerConfigurer jdbcUserDetailsManagerConfigurer;
    // @formatter:off
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        OAuth2ServerConfigurer oAuth2ServerConfigurer = new OAuth2ServerConfigurer( ).tokenStore(jdbcTokenStore);
        http
            .requestMatchers()
                .and()
            .authorizeRequests()
                .antMatchers("/").permitAll()
                .anyRequest().authenticated()
                .and()
            .apply(oAuth2ServerConfigurer);
        http.setSharedObject(ClientDetailsService.class, jdbcClientDetailsService);

    }
    // @formatter:on

//  // @formatter:off
//  @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        int validityInSec = Integer.parseInt(validtityInSeconds);

        auth
                .userDetailsService(new InMemoryUserDetailsManager(getUserDetails()));

    }
    // @formatter:on
//
    private  final Collection<UserDetails> getUserDetails() {
        List<UserDetails> userDetails = new ArrayList<UserDetails>();
        userDetails.add(new User("auction", "password", AuthorityUtils.createAuthorityList(
                "USER", "read", "write")));
        return userDetails;
    }


    @Autowired
    @Qualifier("oauth_details_ds")
    public void setDataSource(DataSource dataSource){
        jdbcClientDetailsService = new JdbcClientDetailsService(dataSource);
        jdbcTokenStore =  new JdbcTokenStore(dataSource);
//        try {
//            jdbcUserDetailsManagerConfigurer = new JdbcUserDetailsManagerConfigurer().dataSource(dataSource);
//        } catch (Exception e) {
//            logger.error("Bad code design: ",e);
//            e.printStackTrace();
//        }
    }



}

Answer 1

我在你提问的网址中使用了相同的架构。我正在使用postgres，所以我不得不改变一些类型（varchar - ＆gt;字符变化，LONGVARBINARY - ＆gt; bytea）。除此之外，我的数据源是在一个单独的配置类中设置的，如下所示：

@Bean
public DataSource dataSource() {
    BoneCPDataSource dataSource = new BoneCPDataSource();

    dataSource.setDriverClass("org.postgresql.Driver");
    dataSource.setJdbcUrl("jdbc:postgresql://localhost/oauthDB");
    dataSource.setUsername("my_username");
    dataSource.setPassword("*****");

    return dataSource;
}

我正在使用Sparklr2（https://github.com/spring-projects/spring-security-oauth/tree/master/samples/oauth2/sparklr）中提供的示例，以便我有下一个类：

@Configuration
@EnableWebSecurity
public class OAuth2ServerConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private TokenStore tokenStore;

    private static DataSource dataSource;
    @Autowired
    private void setDataSource(DataSource dataSourcee) {
        dataSource = dataSourcee;
    }

//... SOME MORE CODE ...

@Configuration
@Order(1)
protected static class AuthorizationServerConfiguration extends
        OAuth2AuthorizationServerConfigurerAdapter {

    private TokenStore tokenStore = new JdbcTokenStore(dataSource);

其余代码几乎与Sparklr2相同

Oauth2 Java配置JDBC

1 个答案: