我使用Spring安全OAuth实现创建了休息服务。要在url下面检索accessToken,请使用:
http://localhost:8080/alp-services-1.0/oauth/token?grant_type=password&client_id=restapp&client_secret=restapp&username=ad&password=passd
它与邮递员完美配合。我创建了一个java客户端来获取访问令牌,这样我也可以访问其他URL,但我得到的是异常:
StandardWrapperValve[appServlet]: Servlet.service() for servlet appServlet threw exception
java.lang.IllegalStateException: Access token provider returned a null access token, which is illegal according to the contract.
at org.springframework.security.oauth2.client.OAuth2RestTemplate.acquireAccessToken(OAuth2RestTemplate.java:223)
at org.springframework.security.oauth2.client.OAuth2RestTemplate.getAccessToken(OAuth2RestTemplate.java:173)
at com.znpy.alp.rest.client.impl.AuthenticationServiceImpl.authenticate(AuthenticationServiceImpl.java:45)
at com.znpy.alp.spring.security.AlpAuthenticationProvider.authenticate(AlpAuthenticationProvider.java:29)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)
at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
我的java客户端代码是:
@Service
@EnableOAuth2Client
public class AuthenticationServiceImpl implements AuthenticationService {
private static final String accessTokenUrl = "http://localhost:8080/alp-services-1.0/oauth/token";
@Override
public void authenticate(String username, String password) {
ResourceOwnerPasswordResourceDetails resource = new ResourceOwnerPasswordResourceDetails();
resource.setAccessTokenUri(accessTokenUrl);
resource.setClientId("restapp");
resource.setClientSecret("restapp");
resource.setGrantType("password");
resource.setScope(Arrays.asList("read", "write"));
resource.setUsername(username);
resource.setPassword(password);
AccessTokenRequest atr = new DefaultAccessTokenRequest();
OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(resource, new DefaultOAuth2ClientContext(atr));
oAuth2RestTemplate.setMessageConverters(getMessageConverter());
System.out.println("ssssssssssssssssssssssssssssssss");
System.out.println("AccessToken =========================== " + oAuth2RestTemplate.getAccessToken());
Object object = oAuth2RestTemplate.exchange("http://localhost:8080/alp/superAdmin/findAllInstitutes", HttpMethod.GET, null, Object.class);
System.out.println(object);
}
private List<HttpMessageConverter<?>> getMessageConverter() {
List<HttpMessageConverter<?>> messageConverters = new ArrayList<HttpMessageConverter<?>>();
messageConverters.add(new FormHttpMessageConverter());
messageConverters.add(new StringHttpMessageConverter());
messageConverters.add(new MappingJackson2HttpMessageConverter());
return messageConverters;
}
}
我在休息服务中应用了调试器。用户正在验证用户。如果我按正常RestTemplate命中网址,它就可以了。我找不到任何理由为什么accessToken为null。任何帮助表示赞赏。