Spring OAuth2:为什么我没有从我的请求中获取访问令牌?

时间:2015-07-02 15:33:29

标签: spring oauth-2.0 access-token spring-security-oauth2

我正在使用Spring OAuth2 ...... 

            <dependency>
                    <groupId>org.springframework.security.oauth</groupId>
                    <artifactId>spring-security-oauth2</artifactId>
                    <version>2.0.7.RELEASE</version>
            </dependency>

我已经设置了以下授权服务器(基本上只是在网上扯掉了这个例子)...... 

@Configuration
@ComponentScan
@EnableAutoConfiguration
@RestController
public class Application {

    private static final String ROLE1 = "ROLE1";
    private static final String ROLE2 = "ROLE2";
    private static final String ROLE3 = "ROLE3";

    private static final String RESOURCE_ID = "blog_resource";

    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }

    @Configuration
    @EnableAuthorizationServer
    // [1]
    protected static class OAuth2Config extends
            AuthorizationServerConfigurerAdapter {

        @Autowired
        private AuthenticationManager authenticationManager;

        @Override
        // [2]
        public void configure(AuthorizationServerEndpointsConfigurer endpoints)
                throws Exception {
            endpoints.authenticationManager(authenticationManager);
        }

        @Override
        // [3]
        public void configure(ClientDetailsServiceConfigurer clients)
                throws Exception {
            // @formatter:off
            clients.inMemory().withClient("client-with-registered-redirect")
                    .authorizedGrantTypes("authorization_code")
                    .authorities(ROLE1, ROLE2, ROLE3).scopes("read", "trust")
                    .resourceIds(RESOURCE_ID)
                    .redirectUris("http://anywhere?key=value")
                    .secret("secret123").and()
                    .withClient("my-client-with-secret")
                    .authorizedGrantTypes("client_credentials", "password")
                    .authorities(ROLE1, ROLE2, ROLE3).scopes("read")
                    .resourceIds(RESOURCE_ID).secret("secret");
            // @formatter:on
        }

    }
}

我的用户存储在MySQL数据库中。但是,当我运行我的应用程序并访问

http://localhost:8080/my-context-path/oauth/token?client_id=my-client-with-secret&client_secret=secret&grant_type=password&username=ROLE3&password=password

我没有获得访问令牌,而是接收

<oauth>
<script type="text/javascript">
window["_gaUserPrefs"] = { ioo : function() { return true; } }
</script>
<error_description>
Full authentication is required to access this resource
</error_description>
<error>unauthorized</error>
</oauth>

我已经验证了un / pw是否正确以及角色。我想我错过了一些非常简单的东西,但是阻止我接收访问令牌的URL或配置有什么问题?

0 个答案:

没有答案
相关问题
最新问题