带有Grails 3.0和Spring Security Core插件的Spring Security OAuth 2

时间:2015-11-22 12:40:48

标签: grails spring-security-oauth2 grails-3.0

我尝试在项目中使用Spring Security OAuth 2

我的项目是带有Spring Security Core Plugin的Grails 3.0.9应用程序

我只想授权客户端(如移动设备)连接用户登录名/密码

对于OAuth 2,这是我的配置       @组态         公共课Oauth2Config {

        @Configuration
        @EnableAuthorizationServer
        protected static class AuthorizationServer extends AuthorizationServerConfigurerAdapter {
            @Autowired
            private AuthenticationManager authenticationManager;
            @Override
            public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
                endpoints.authenticationManager(authenticationManager);
            }
            @Override
            public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
                // @formatter:off
                clients.inMemory()
                    .withClient("client-with-registered-redirect")
                        .authorizedGrantTypes("authorization_code")
                        .authorities("ROLE_CLIENT")
                        .scopes("read", "trust")
                        .redirectUris("http://localhost:8080")
                        .secret("secret")
                    .and()
                    .withClient("client-with-secret")
                        .authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")
                        .authorities("ROLE_CLIENT")
                        .scopes("read", "write", "trust")
                        .secret("secret");
                // @formatter:on
            }
        }

        @Configuration
        @EnableResourceServer
        protected static class ResourceServer extends ResourceServerConfigurerAdapter {
            @Override
            public void configure(HttpSecurity http) throws Exception {
                // !! Not enter inside !!
                // @formatter:off
                http
                    .requestMatchers().antMatchers("/api").and()
                    .authorizeRequests()
                    .anyRequest().access("#oauth2.hasScope('read')");
                // @formatter:on
            }
            @Override
            public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
                resources.resourceId(RESOURCE_ID);
            }
        }

    }

当我调用此URL(POST)时

http://localhost:8080/oauth/token?
client_id=client-with-secret&
redirect_url=http%3A%2F%2Flocalhost%3A8080&
scope=read&
secret=secret&
grant_type=password&
login=toto&
password=toto

我有这个回复

{
    error: "unauthorized"
    error_description: "There is no client authentication. Try adding an appropriate authentication filter."
}

我注意到:

https://github.com/spring-projects/spring-security-oauth/blob/1b2ae987e9486a875b40424f18bb785baf0b898c/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java 

@RequestMapping(value = "/oauth/token", method=RequestMethod.POST)
            public ResponseEntity<OAuth2AccessToken> postAccessToken(Principal principal, @RequestParam
            Map<String, String> parameters) throws HttpRequestMethodNotSupportedException {

                if (!(principal instanceof Authentication)) {
                    throw new InsufficientAuthenticationException(
                            "There is no client authentication. Try adding an appropriate authentication filter.");
                }
}

我之前需要进行身份验证吗?!

我也注意到了: debuger不会进入此方法: public void configure(HttpSecurity http)抛出异常

而且:OAuth2AuthenticationProcessingFilter永远不会调用

需要帮助 感谢

0 个答案:

没有答案
相关问题
最新问题