oauth2在验证后返回令牌的java *配置是什么?

时间:2015-01-13 18:48:15

标签: security java-ee spring-security oauth-2.0 spring-boot

您好我正在为我的项目使用spring boot,所以我没有使用xml来进行任何配置,只使用java。我在github上使用这个项目作为参考https://github.com/techdev-solutions/jaxenter-showcase

当我为令牌发出请求(http://localhost:8081/oauth/authorize?client_id=web&response_type=token,其中包含用户名和密码)时,它返回重定向html站点而不是令牌..如何配置oauth2以在响应中返回令牌。

如果我使用curl发送请求,它会给我我想要的内容:curl curl:password @ localhost:8081 / oauth / token \?grant_type = client_credentials

如果我尝试通过http客户端模仿相同的请求 http://localhost:8081/oauth/token?client_secret=password&client_id=curl&grant_type=client_credentials

我获得了401未经授权的

这是我的java配置:

package de.techdev.jaxenter;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;

import javax.sql.DataSource;

/**
 * @author Moritz Schulze
 */
@Configuration
@EnableAuthorizationServer
public class OAuthConfiguration extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private DataSource dataSource;

    @Bean
    public TokenStore tokenStore() {
        return new JdbcTokenStore(dataSource);
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.tokenStore(tokenStore());
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
        .withClient("curl") //curl curl:password@localhost:8081/oauth/token\?grant_type=client_credentials
        .authorities("ROLE_ADMIN")
        .resourceIds("jaxenter")
        .scopes("read", "write")
        .authorizedGrantTypes("client_credentials")
        .secret("password")
        .and()
        .withClient("web") //http://localhost:8081/oauth/authorize?client_id=web&response_type=token
        .redirectUris("http://github.com/techdev-solutions/")
        .authorities("ROLE_ADMIN")
        .resourceIds("jaxenter")
        .scopes("read, write")
        //.authorizedGrantTypes("implicit")
        .authorizedGrantTypes("implicit","client_credentials")
        .autoApprove(true)
        .secret("password")
        .and()
        .withClient("my-trusted-client")
            .authorizedGrantTypes("password","authorization_code","refresh_token","implicit","redirect")
            .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
            .scopes("read", "write", "trust")
            .redirectUris("http://localhost:8080")
            .authorizedGrantTypes("implicit")
            .accessTokenValiditySeconds(60)
            .refreshTokenValiditySeconds(30);
    }
}

package de.techdev.jaxenter;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * @author Moritz Schulze
 */
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
            .withUser("John").roles("ADMIN").password("password")
            .and()
            .withUser("Mary").roles("BASIC").password("password");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/**").authenticated()
            .and().httpBasic().realmName("OAuth Server");
    }
}

还发现了一个类似问题未解决的帖子 Spring Security OAUTH2 getting token with username/password

1 个答案:

答案 0 :(得分:0)

首先,您必须提供授权类型

http://username:password@url.com格式几乎不再支持, https://code.google.com/p/chromium/issues/detail?id=82250#c7 所以你的问题可能是将凭据传递给authorizng服务器,它是浏览器问题而不是Oauth的配置,我不确定你为什么要直接在web浏览器中访问/ oauth / token,如果你正在使用spring应用程序你有一堆Oauth restTemplates,它们可以正常使用这个场景,oauth不仅仅是任何基本的登录功能,它允许一个服务器与其他服务器建立连接,使用令牌并使用其资源,如果你想记录使用Web浏览器直接进入该服务器,您应该提供这样做的方法

例如,如果您已经使用curl获取令牌并尝试访问该资源,则可以尝试在Web浏览器中传递它,因为您不再需要身份验证,只需添加Bearer e2cb0291-596c-48e0-8e93-2b29b2881406(示例令牌) )作为标题,它将在这次工作

相关问题
最新问题