Spring Boot OAuth2和UserDetails

时间:2016-08-16 08:11:27

标签: java security spring-boot oauth-2.0

我正在尝试在Spring Boot中为我的REST API实现一个Auth服务器,我正在努力将我自己的用户存储库自动装入配置中。有人可以建议如何正确地做到这一点吗?

我有以下auth服务器配置:

@Configuration
@EnableAuthorizationServer
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {

    @Autowired
    @Qualifier("userDetailsService")
    private UserDetailsService userDetailsService;

    @Autowired
    private AuthenticationManager authenticationManager;

    @Value("${gigsterous.oauth.tokenTimeout:3600}")
    private int expiration;

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer configurer) throws Exception {
        configurer.authenticationManager(authenticationManager);
        configurer.userDetailsService(userDetailsService);
        configurer.accessTokenConverter(accessTokenConverter());
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
            .withClient("gigsterous")
            .secret("secret")
            .accessTokenValiditySeconds(expiration)
            .scopes("read", "write")
            .authorizedGrantTypes("password", "refresh_token")
            .resourceIds("resource");
    }

    /**
     * Use custom jwt token converter to enhance the token with custom fields
     *
     * @return CustomTokenConverter
     */
    @Bean
    public CustomTokenConverter accessTokenConverter() {
        return new CustomTokenConverter();
    }
}

用户服务:

@Service("userDetailsService")
public class UserService implements UserDetailsService {

    @Autowired
    private UserRepository userRepository;

    public List<User> getUsers() {
        return userRepository.findAll();
    }

    public User getUser(Long id) {
        return userRepository.findById(id);
    }

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        return (UserDetails) userRepository.findOneByUsername(username);
    }
}

用户:

@Entity
@Table(name = "users")
@Getter
@Setter
public class User {

    @Id
    @GeneratedValue(strategy = GenerationType.AUTO)
    @Column(name = "user_id", nullable = false, updatable = false)
    private Long id;

    @Column(name = "email", nullable = false, unique = true)
    private String email;

    @Column(name = "username", nullable = false, unique = true)
    private String username;

    @Column(name = "password", nullable = false)
    private String password;

    protected User() {
        // hibernate
    }

}

我正在使用Flyway并且目前将我的用户存储在内存数据库的H2中(这是正常的,所以我从我的问题中省略了这部分代码以避免混淆)。

当我尝试使用此命令从我的数据库中授权某些用户时:

curl -X POST --user 'gigsterous:secret' -d 'grant_type=password&username=peter&password=password' http://localhost:9000/gigsterous-auth/oauth/token

我收到以下回复:

{"error":"unauthorized","error_description":"com.gigsterous.auth.domain.User cannot be cast to org.springframework.security.core.userdetails.UserDetails"}

显然,我无法将我的用户POJO转换为UserDetails对象,但我无法弄清楚如何正确构造它,因为它是一个匿名类。

1 个答案:

答案 0 :(得分:0)

我很久没有在Spring上工作了,我的记忆可能不好。但是,如果我没有错,你想使用你的User作为UserDetails,你必须实现它,UserDetails是一个接口。 :d 我建议更改班级名称,用户已存在于OAuth2库

相关问题
最新问题