我尝试创建spring rest服务,whis是我自己的oauth2资源服务器的高手。我创建了资源服务器:
@Configuration
@EnableResourceServer
protected static class ResourceServer extends ResourceServerConfigurerAdapter {
@Autowired
private TokenStore tokenStore;
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.tokenStore(tokenStore).resourceId("mobileapp");
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/api/shop /**").authenticated().and()
.authorizeRequests().antMatchers("/auth/**").anonymous();
}
}
和授权服务器:
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager auth;
@Autowired
private DataSource dataSource;
@Autowired
private BCryptPasswordEncoder passwordEncoder;
@Bean
public JdbcTokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Bean
protected AuthorizationCodeServices authorizationCodeServices() {
return new JdbcAuthorizationCodeServices(dataSource);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.passwordEncoder(passwordEncoder);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authorizationCodeServices(authorizationCodeServices())
.authenticationManager(auth)
.tokenStore(tokenStore())
.approvalStoreDisabled();
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.jdbc(dataSource)
.passwordEncoder(passwordEncoder);
.withClient("mobile")
.authorizedGrantTypes("password", "refresh_token")
.authorities("ROLE_CLIENT")
.scopes("read", "write", "trust")
.autoApprove(true)
.resourceIds("mobileapp")
.secret("123456");
}
当我尝试从服务器接收访问令牌时,使用curl:
curl -X POST -vu mobile:123456 http://localhost:8080/oauth/token -H "接受:application / json" -d "密码= test123&安培; username=admin@gmail.com& grant_type =密码&安培;范围=读&安培; client_secret = 123456&安培; CLIENT_ID =移动"
我将此错误视为回复消息:
{"错误":" SERVER_ERROR"" ERROR_DESCRIPTION":" java.io.NotSerializableException: org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"}
在tomcat日志中还有
o.s.s.o.p.token.store.JdbcTokenStore - 无法找到访问令牌 令牌
编辑: 密码编码器的Bean定义:
@Bean
public BCryptPasswordEncoder passwordEncoder() {
BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
return bCryptPasswordEncoder;
}
此bean是在类中创建的,其中声明了OAuth2Config和ResourceServer。
我检查了代码,发现了哪个表弹簧使用,表是空的。我的问题是:它应该是自动生成还是我的代码有问题?
提前感谢您的帮助。
答案 0 :(得分:8)
覆盖JdbcTokenStore类并将此函数替换为。
public OAuth2AccessToken readAccessToken(String tokenValue) {
OAuth2AccessToken accessToken = null;
try {
accessToken = new DefaultOAuth2AccessToken(tokenValue);
}
catch (EmptyResultDataAccessException e) {
if (LOG.isInfoEnabled()) {
LOG.info("Failed to find access token for token "+tokenValue);
}
}
catch (IllegalArgumentException e) {
LOG.warn("Failed to deserialize access token for " +tokenValue,e);
removeAccessToken(tokenValue);
}
return accessToken;
}
解决了无法找到访问令牌的问题。在OAuth2Config中使用此类。
答案 1 :(得分:1)
您的模型必须具有未序列化的BCryptPasswordEncoder。在您的用户bmodel中使其成为瞬态。
private transient BCryptPasswordEncoder passwordEncoder;
答案 2 :(得分:0)
就Postgres而言,该解决方案在{strong> ALL BYTEA和token列中使用authentication。
在此架构参考中,列定义为LONGVARBINARY:https://github.com/spring-projects/spring-security-oauth/blob/master/spring-security-oauth2/src/test/resources/schema.sql
换句话说,如果您使用的是Postgres,请将LONGVARBINARY替换为BYTEA。
欢呼