基本身份验证成功后的Spring Security OAuth2 / oauth / token端点,然后没有访问令牌

时间:2015-09-29 07:30:09

标签: spring oauth spring-security spring-security-oauth2

我在我的spring启动应用程序中添加了spring security oauth2。我已经关注了网络上的一些示例以及Spring团队的github中的一些示例(必须为我的用例制作一些mod),但我仍然无法从/ oauth / token端点返回oauth2访问令牌。我已经在这方面工作了好几天,并开始尝试在JavaConfig中完成它,但后来切换到xml配置并且能够取得一些进展。我应该注意,我在xml中唯一的配置是安全配置和相关的安全bean,所有其他配置都是通过JavaConfig完成的。

我能够使用Basic auth成功验证我的用户(使用用户名和密码),但是当涉及生成并返回承载令牌的下一步时,这不会发生。注意,我使用数据库来存储我的用户凭据并存储我的访问令牌(一旦创建它们)。

我正在使用grant_type = password发送POST请求,其中包含客户端ID和客户端密码。

我的印象是,spring oauth2将处理为我创建访问令牌并返回它,但也许这不正确或者我的xml配置可能是错误的?非常感谢您的帮助!

以下是我的安全配置xml:

<http pattern="/oauth/token" 
    create-session="stateless"        
    authentication-manager-ref="authenticationManager"
    xmlns="http://www.springframework.org/schema/security">
    <intercept-url pattern="/**" method="GET" access="ROLE_DENY" />
    <intercept-url pattern="/**" method="PUT" access="ROLE_DENY" />
    <intercept-url pattern="/**" method="DELETE" access="ROLE_DENY" />
    <intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
    <anonymous enabled="false" />
    <http-basic entry-point-ref="clientAuthenticationEntryPoint" />
    <!-- include this only if you need to authenticate clients via request 
        parameters>
    <custom-filter ref="clientCredentialsTokenEndpointFilter"
        after="BASIC_AUTH_FILTER" /-->
    <access-denied-handler ref="oauthAccessDeniedHandler" />
</http>

<http pattern="/**" create-session="never" 
    entry-point-ref="oauthAuthenticationEntryPoint" 
    xmlns="http://www.springframework.org/schema/security">
    <!-- authentication-manager-ref="authenticationManager"
    access-decision-manager-ref="accessDecisionManager" xmlns="http://www.springframework.org/schema/security"-->
    <anonymous enabled="false" />
    <intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
    <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
    <access-denied-handler ref="oauthAccessDeniedHandler" />
</http>

<bean id="oauthAuthenticationEntryPoint"
    class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
    <!-- property name="realmName" value="f2rRealm" /-->
</bean>

<bean id="clientAuthenticationEntryPoint"
    class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
    <property name="realmName" value="f2r/client" />
    <property name="typeName" value="Basic" />
</bean>

<bean id="clientCredentialsTokenEndpointFilter"
    class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
    <property name="authenticationManager" ref="authenticationManager" />
</bean>

<bean id="oauthAccessDeniedHandler"
    class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />

<authentication-manager alias="authenticationManager"
    xmlns="http://www.springframework.org/schema/security" >
    <!-- authentication-provider user-service-ref="clientDetailsUserService"  /-->
    <authentication-provider ref="authenticationProvider" />
</authentication-manager>

<bean id="clientDetails" class="com.f2r.security.oauth2.F2RJdbcClientDetailsService" >
    <constructor-arg ref="dataSource" />
    <property name="clientId" value="f2r" />
    <property name="clientSecret" value="f2rsecret" />
    <property name="passwordEncoder" ref="passwordEncoder" />
</bean>

<!-- bean id="clientDetailsService"
    class="com.f2r.security.oauth2.F2RJdbcClientDetailsService">
    <constructor-arg ref="dataSource" />
    <property name="clientDetails" ref="clientDetails" />
    <property name="passwordEncoder" ref="passwordEncoder" />
</bean-->

<bean id="clientDetailsUserService"
    class="com.f2r.security.oauth2.F2RClientDetailsUserDetailsService">
    <constructor-arg ref="clientDetails" />
    <property name="passwordEncoder" ref="passwordEncoder" />
</bean>    


<authentication-manager id="userAuthenticationManager"
    xmlns="http://www.springframework.org/schema/security">
    <!-- authentication-provider ref="customUserAuthenticationProvider" /-->
    <authentication-provider ref="authenticationProvider" />
</authentication-manager>

<!-- bean id="customUserAuthenticationProvider" class="com.f2r.security.F2RAuthenticationProvider">
    <property name="userDetailsService" ref="userDetailsService" />
</bean-->

<bean id="authenticationProvider" class="com.f2r.security.F2RAuthenticationProvider">
    <!-- property name="userDetailsService" ref="userDetailsService" /-->
    <property name="userDetailsService" ref="clientDetailsUserService" />
</bean>

<bean id="userDetailsService" class="com.f2r.security.F2RUserDetailsService" />

<bean id="userApprovalHandler" 
    class="org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler">
    <property name="tokenStore" ref="tokenStore" />
    <property name="clientDetailsService" ref="clientDetails" /> 
    <property name="requestFactory" ref="requestFactory" />  
</bean>

<bean id="requestFactory"
    class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory">
    <constructor-arg ref="clientDetails" />
</bean>

<oauth:authorization-server
    client-details-service-ref="clientDetails" 
    token-services-ref="tokenServices" 
    token-endpoint-url="/oauth/token" 
    authorization-endpoint-url="/oauth/authorize" >
    <oauth:implicit />
    <oauth:refresh-token />
    <oauth:client-credentials />
    <!-- oauth:password authentication-manager-ref="userAuthenticationManager" /-->
    <oauth:password />
</oauth:authorization-server>

<oauth:resource-server id="resourceServerFilter"
    token-services-ref="tokenServices" />

<bean id="tokenStore"
    class="org.springframework.security.oauth2.provider.token.store.JdbcTokenStore" >
    <constructor-arg ref="dataSource"/>
</bean>

<bean id="tokenServices"
    class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
    <property name="tokenStore" ref="tokenStore" />
    <property name="supportRefreshToken" value="true" />
    <property name="clientDetailsService" ref="clientDetails" />
</bean>     

<mvc:annotation-driven />

<mvc:default-servlet-handler />

<sec:global-method-security
    pre-post-annotations="enabled" proxy-target-class="true">
    <!--you could also wire in the expression handler up at the layer of the 
        http filters. See https://jira.springsource.org/browse/SEC-1452 -->
    <sec:expression-handler ref="oauthExpressionHandler" />
</sec:global-method-security>

<oauth:expression-handler id="oauthExpressionHandler" />

<oauth:web-expression-handler id="oauthWebExpressionHandler" />

0 个答案:

没有答案