Spring Security Oauth 2.0.4.RELEASE - 请求的资源不可用

时间:2014-12-13 17:51:43

标签: spring-security spring-security-oauth2

调用GET / oauth / token时?grant_type = password& client_id = web& client_secret = secret& username = test& password = test

获得的响应是​​404未找到“请求的资源不可用”

调用GET / oauth / token时?grant_type = password& client_id = web& client_secret =& username = test& password = test

响应是{“error”:“invalid_client”,“error_description”:“错误的客户端凭据”},这是正确的,因为尚未提供客户端密码

第一个错误(或意外行为)的完整日志在这里: https://gist.github.com/anonymous/02e032cf76749732d7af

我正在使用spring security 3.2.5.RELEASE和spring security oath version 2.0.4.RELEASE

你知道我做错了吗

我的弹簧安全配置:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
             xmlns:sec="http://www.springframework.org/schema/security"
             xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd
                                 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
                                 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">

    <sec:http pattern="/oauth/token" create-session="stateless"
              authentication-manager-ref="clientAuthenticationManager">
        <sec:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
        <sec:anonymous enabled="false" />
        <sec:http-basic entry-point-ref="clientAuthenticationEntryPoint" />
        <sec:custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
        <sec:access-denied-handler ref="oauthAccessDeniedHandler" />
    </sec:http>

    <sec:http pattern="/user/**" create-session="never"
              entry-point-ref="oauthAuthenticationEntryPoint">
        <sec:anonymous enabled="false" />
        <sec:intercept-url pattern="/user/**" access="ROLE_USER" />
        <sec:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
        <sec:access-denied-handler ref="oauthAccessDeniedHandler" />
    </sec:http>

    <bean id="oauthAuthenticationEntryPoint"
          class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
        <property name="realmName" value="test" />
    </bean>

    <bean id="clientAuthenticationEntryPoint"
          class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
        <property name="realmName" value="test/client" />
        <property name="typeName" value="Basic" />
    </bean>

    <bean id="oauthAccessDeniedHandler"
          class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler">
    </bean>

    <bean id="clientCredentialsTokenEndpointFilter"
          class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
        <property name="authenticationManager" ref="clientAuthenticationManager" />
    </bean>

    <sec:authentication-manager id="clientAuthenticationManager">
        <sec:authentication-provider user-service-ref="clientDetailsUserService"  />
    </sec:authentication-manager>

    <bean id="clientDetailsUserService"
          class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
        <constructor-arg ref="clientDetails" />
    </bean>

    <oauth:client-details-service id="clientDetails">
        <oauth:client client-id="web" authorized-grant-types="password,authorization_code,refresh_token,implicit"
                      authorities="ROLE_CLIENT, ROLE_TRUSTED_CLIENT" scope="read,write,trust" access-token-validity="60" secret="secret" />
        <oauth:client client-id="web2" authorized-grant-types="client_credentials" authorities="ROLE_CLIENT"
                      scope="read" secret="secret" />
    </oauth:client-details-service>

    <sec:authentication-manager alias="authenticationManager">
        <sec:authentication-provider>
            <sec:user-service>
                <sec:user name="test" password="test" authorities="ROLE_USER"/>
            </sec:user-service>
        </sec:authentication-provider>
    </sec:authentication-manager>

    <oauth:authorization-server
            client-details-service-ref="clientDetails" token-services-ref="tokenServices">
        <oauth:authorization-code />
        <oauth:implicit/>
        <oauth:refresh-token/>
        <oauth:client-credentials />
        <oauth:password authentication-manager-ref="authenticationManager"/>
    </oauth:authorization-server>

    <oauth:resource-server id="resourceServerFilter" resource-id="test" token-services-ref="tokenServices" />

    <bean id="tokenStore"
          class="org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore" />

    <bean id="tokenServices"
          class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
        <property name="tokenStore" ref="tokenStore"/>
        <property name="supportRefreshToken" value="true"/>
        <property name="accessTokenValiditySeconds" value="900000000"/>
        <property name="clientDetailsService" ref="clientDetails" />
    </bean>
</beans>

1 个答案:

答案 0 :(得分:0)

我终于成功了。问题发生在web.xml中。我正在配置我的调度程序servlet以映射扩展请求:

<servlet>
    <servlet-name>base</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>base</servlet-name>
    <url-pattern>*.json</url-pattern>
</servlet-mapping>

因此servlet无法处理/ oauth / token请求。将其切换回:

<usl-pattern>/</url-pattern>

让oauth流动起作用。

相关问题
最新问题