我正在尝试使用Spring在OAuth2中为我的REST API实现资源所有者流,但是当我尝试获取访问令牌时,我收到以下错误:
INFO: Handling error: InsufficientAuthenticationException, There is no client authentication. Try adding an appropriate authentication filter.
以下是我的Spring配置中与OAuth2设置相关的部分:
<sec:http pattern="/api/oauth/token" create-session="stateless"
authentication-manager-ref="authenticationManager">
<sec:intercept-url pattern="/api/oauth/token" access="IS_AUTHENTICATED_FULLY" />
<sec:anonymous enabled="false" />
<sec:http-basic entry-point-ref="clientAuthenticationEntryPoint" />
<sec:custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
<sec:access-denied-handler ref="oauthAccessDeniedHandler" />
</sec:http>
<sec:http pattern="/protected/**" create-session="never"
entry-point-ref="oauthAuthenticationEntryPoint">
<sec:anonymous enabled="false" />
<sec:intercept-url pattern="/protected/**" method="GET" access="IS_AUTHENTICATED_FULLY" />
<sec:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<sec:access-denied-handler ref="oauthAccessDeniedHandler" />
</sec:http>
<bean id="oauthAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
</bean>
<bean id="clientAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="springsec/client" />
<property name="typeName" value="Basic" />
</bean>
<bean id="oauthAccessDeniedHandler"
class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler">
</bean>
<bean id="clientCredentialsTokenEndpointFilter"
class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider user-service-ref="clientDetailsUserService" />
</sec:authentication-manager>
<bean id="clientDetailsUserService"
class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
<constructor-arg ref="clientDetails" />
</bean>
<bean id="clientDetails" class="org.myproject.CustomClientDetailsService">
<property name="id" value="clientid" />
<property name="secretKey" value="secret" />
</bean>
<sec:authentication-manager id="userAuthenticationManager">
<sec:authentication-provider ref="customUserAuthenticationProvider" />
</sec:authentication-manager>
<bean id="customUserAuthenticationProvider"
class="org.myproject.CustomAuthenticationProvider">
</bean>
<oauth:authorization-server
client-details-service-ref="clientDetails" token-services-ref="tokenServices">
<oauth:authorization-code />
<oauth:implicit/>
<oauth:refresh-token/>
<oauth:client-credentials />
<oauth:password authentication-manager-ref="userAuthenticationManager"/>
</oauth:authorization-server>
<oauth:resource-server id="resourceServerFilter"
resource-id="springsec" token-services-ref="tokenServices" />
<bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore" />
<!--<bean id="tokenStore"-->
<!--class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore" />-->
<bean id="tokenServices"
class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
<property name="tokenStore" ref="tokenStore" />
<property name="supportRefreshToken" value="true" />
<property name="accessTokenValiditySeconds" value="120"></property>
<property name="clientDetailsService" ref="clientDetails" />
</bean>
<mvc:annotation-driven />
<mvc:default-servlet-handler />
<context:annotation-config />
这是我用来获取令牌的curl命令:
✗ curl --user clientapp:secret --data "grant_type=password" --trace-ascii /dev/stdout http://localhost:8080/api/oauth/token
== Info: Hostname was NOT found in DNS cache
== Info: Trying 127.0.0.1...
== Info: Connected to localhost (127.0.0.1) port 8080 (#0)
== Info: Server auth using Basic with user 'clientapp'
=> Send header, 210 bytes (0xd2)
0000: POST /api/oauth/token HTTP/1.1
0020: Authorization: Basic Y2xpZW50YXBwOnNlY3JldA==
004f: User-Agent: curl/7.35.0
0068: Host: localhost:8080
007e: Accept: */*
008b: Content-Length: 19
009f: Content-Type: application/x-www-form-urlencoded
00d0:
=> Send data, 19 bytes (0x13)
0000: grant_type=password
== Info: upload completely sent off: 19 out of 19 bytes
<= Recv header, 27 bytes (0x1b)
0000: HTTP/1.1 401 Unauthorized
<= Recv header, 37 bytes (0x25)
0000: Date: Fri, 09 Oct 2015 15:05:23 GMT
<= Recv header, 25 bytes (0x19)
0000: Cache-Control: no-store
<= Recv header, 18 bytes (0x12)
0000: Pragma: no-cache
<= Recv header, 152 bytes (0x98)
0000: WWW-Authenticate: Bearer error="unauthorized", error_description
0040: ="There is no client authentication. Try adding an appropriate a
0080: uthentication filter."
<= Recv header, 46 bytes (0x2e)
0000: Content-Type: application/json;charset=UTF-8
<= Recv header, 28 bytes (0x1c)
0000: Transfer-Encoding: chunked
== Info: Server Jetty(9.2.10.v20150310) is not blacklisted
<= Recv header, 33 bytes (0x21)
0000: Server: Jetty(9.2.10.v20150310)
<= Recv header, 2 bytes (0x2)
0000:
<= Recv data, 134 bytes (0x86)
0000: 82
0004: {"error":"unauthorized","error_description":"There is no client
0044: authentication. Try adding an appropriate authentication filter.
0084: "}
<= Recv data, 7 bytes (0x7)
0000:
0002: 0
0005:
== Info: Connection #0 to host localhost left intact
{"error":"unauthorized","error_description":"There is no client authentication. Try adding an appropriate authentication filter."}%
答案 0 :(得分:1)
我能够解决我的问题。
我必须将此过滤器添加到我的web.xml:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>