将Spring Security与JDBC后端
我已按照Spring Security教程本章中的步骤进行操作:
我已经构建了一个完美运行的应用程序:
然后我想实现一个JDBC后端,如本例所述:
我更改了初始项目,如GitHub上的示例应用程序所示:
现在似乎资源服务器无法再在/uaa/user端点检查令牌:
已执行的命令:
来自OAuth2授权服务器的日志
2016-02-28 12:35:08.762 INFO 1029 --- [nio-9999-exec-3] o.s.s.o.p.token.store.JdbcTokenStore : Failed to find access token for token 41b1504d-b985-40e0-80a8-94c09992aafe
2016-02-28 12:37:58.604 INFO 1029 --- [nio-9999-exec-7] o.s.s.o.p.token.store.JdbcTokenStore : Failed to find access token for token 41b1504d-b985-40e0-80a8-94c09992aafe
2016-02-28 12:44:06.845 INFO 1029 --- [nio-9999-exec-6] o.s.s.o.p.token.store.JdbcTokenStore : Failed to find access token for token 41b1504d-b985-40e0-80a8-94c09992aafe
从资源服务器记录
2016-02-28 12:37:42.149 INFO 1186 --- [0.1-8181-exec-3] o.s.b.a.s.o.r.UserInfoTokenServices : Getting user info from: http://localhost:9999/uaa/user
2016-02-28 12:37:42.228 INFO 1186 --- [0.1-8181-exec-3] o.s.b.a.s.o.r.UserInfoTokenServices : Could not fetch user details: class org.springframework.security.oauth2.client.resource.UserRedirectRequiredException, A redirect is required to get the users approval
2016-02-28 12:37:58.600 INFO 1186 --- [0.1-8181-exec-5] o.s.b.a.s.o.r.UserInfoTokenServices : Getting user info from: http://localhost:9999/uaa/user
2016-02-28 12:37:58.623 INFO 1186 --- [0.1-8181-exec-5] o.s.b.a.s.o.r.UserInfoTokenServices : Could not fetch user details: class java.lang.IllegalArgumentException, URI is not absolute
2016-02-28 12:44:06.839 INFO 1186 --- [0.1-8181-exec-7] o.s.b.a.s.o.r.UserInfoTokenServices : Getting user info from: http://localhost:9999/uaa/user
2016-02-28 12:44:06.848 INFO 1186 --- [0.1-8181-exec-7] o.s.b.a.s.o.r.UserInfoTokenServices : Could not fetch user details: class org.springframework.security.oauth2.common.exceptions.InvalidRequestException, Possible CSRF detected - state parameter was present but no state could be found
以下是重要的课程:
OAuth2授权服务器:SaAuthApplication.class
@SpringBootApplication
@Configuration
@RestController
@EnableDiscoveryClient
@EnableResourceServer
@EnableAutoConfiguration
@EnableAuthorizationServer
public class SaAuthApplication {
@Autowired
private DataSource dataSource;
@RequestMapping("/user")
public Principal user(Principal user) {
return user;
}
public static void main(String[] args) {
SpringApplication.run(SaAuthApplication.class, args);
}
@Configuration
@EnableResourceServer
protected static class ResourceServer extends ResourceServerConfigurerAdapter {
@Autowired
private TokenStore tokenStore;
@Override
public void configure(ResourceServerSecurityConfigurer resources)
throws Exception {
resources.tokenStore(tokenStore);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated();
}
}
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager auth;
@Autowired
private DataSource dataSource;
private BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
@Bean
public JdbcTokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Bean
protected AuthorizationCodeServices authorizationCodeServices() {
return new JdbcAuthorizationCodeServices(dataSource);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security)
throws Exception {
security.passwordEncoder(passwordEncoder);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
endpoints.authorizationCodeServices(authorizationCodeServices())
.authenticationManager(auth).tokenStore(tokenStore())
.approvalStoreDisabled();
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// @formatter:off
clients.jdbc(dataSource)
.passwordEncoder(passwordEncoder)
.withClient("my-trusted-client")
.authorizedGrantTypes("password", "authorization_code",
"refresh_token", "implicit")
.authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
.scopes("read", "write", "trust")
.resourceIds("oauth2-resource")
.accessTokenValiditySeconds(60).and()
.withClient("my-client-with-registered-redirect")
.authorizedGrantTypes("authorization_code")
.authorities("ROLE_CLIENT").scopes("read", "trust")
.resourceIds("oauth2-resource")
.redirectUris("http://anywhere?key=value").and()
.withClient("my-client-with-secret")
.authorizedGrantTypes("client_credentials", "password")
.authorities("ROLE_CLIENT").scopes("read")
.resourceIds("oauth2-resource").secret("secret");
// @formatter:on
}
}
@Autowired
public void init(AuthenticationManagerBuilder auth) throws Exception {
// @formatter:off
auth.jdbcAuthentication().dataSource(dataSource).withUser("dave")
.password("secret").roles("USER");
// @formatter:on
}
}
资源服务器:application.yml
security:
oauth2:
resource:
user-info-uri: http://localhost:9999/uaa/user
资源服务器:SaEmployeeApplication.class
@SpringBootApplication
@EnableDiscoveryClient
@EnableResourceServer
public class SaEmployeeApplication {
public static void main(String[] args) {
SpringApplication.run(SaEmployeeApplication.class, args);
}
}
OAuth2授权服务器一切正常。我可以授权客户并获得令牌。但资源服务器似乎无法检查/uaa/user端点上的令牌。
1 个答案:
答案 0 :(得分:0)
我会回答我自己的问题:
令牌的expires_in值仅为59秒。因此,没有足够的时间来设置请求。
.accessTokenValiditySeconds(60)设置expires_in值。
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?