Oauth 2访问被拒绝,范围选民返回0

时间:2017-03-19 05:53:03

标签: spring oauth

您好我正在尝试为我的应用程序实现oAuth2,即使我实现了所有内容都存在身份验证问题。

这是我尝试在安全上下文中进行身份验证的方式:

<http pattern="/rest/formValue/**" create-session="never" entry-point-ref="oauthAuthenticationEntryPoint"
access-decision-manager-ref="accessDecisionManager" xmlns="http://www.springframework.org/schema/security">
    <anonymous enabled="false" />
    <intercept-url pattern="/rest/formValue/**" access="ROLE_USER,ROLE_ADMIN" />
    <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
    <access-denied-handler ref="oauthAccessDeniedHandler" />
</http>

我能够获得身份验证令牌,没有问题。这就是我的oauth_client_detail表的样子

{
"table": "oauth_client_details",
"rows":
[
    {
        "client_id": "client1",
        "resource_ids": null,
        "client_secret": "sahinyanlik",
        "scope": "read,write,delete",
        "authorized_grant_types": "password,authorization_code,refresh_token,implicit",
        "web_server_redirect_uri": "https://www.getpostman.com/oauth2/callback",
        "authorities": "ROLE_USER,ROLE_ADMIN",
        "access_token_validity": 2147483647,
        "refresh_token_validity": 99999999,
        "additional_information": null
    }
]
}

我在user_role表中使用ROLE_ADMIN。

当我尝试访问/ formValue / 1112时,我在控制台中收到此错误; 

13:31:51.362 [http-bio-8080-exec-3] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.oauth2.provider.OAuth2Authentication@2b595da3: Principal: org.springframework.security.core.userdetails.User@f276d6fe: Username: sahinyanlik@hotmail.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: remoteAddress=0:0:0:0:0:0:0:1, , tokenValue=<TOKEN>; Granted Authorities: ROLE_ADMIN
13:31:51.363 [http-bio-8080-exec-3] DEBUG o.s.s.access.vote.UnanimousBased - Voter: org.springframework.security.oauth2.provider.vote.ScopeVoter@4d2979be, returned: 0
13:31:51.363 [http-bio-8080-exec-3] DEBUG o.s.s.access.vote.UnanimousBased - Voter: org.springframework.security.access.vote.RoleVoter@5df7d085, returned: -1


13:31:51.371 [http-bio-8080-exec-3] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Access is denied (user is not anonymous); delegating to AccessDeniedHandler

org.springframework.security.access.AccessDeniedException:访问被拒绝

之前我检查了"Access is denied (user is not anonymous)" with spring-security-oauth2,但我无法理解,因为当我使用这样的东西时。

<intercept-url pattern="/oauth/clients/.*" access="oauthClientHasRole('ROLE_CLIENT') and oauthIsClient() and oauthHasScope('read')"  method="GET" />

我收到错误,指出我无法使用oauthClientHasRole“

感谢。

1 个答案:

答案 0 :(得分:0)

我通过更改

解决了这个问题 
<intercept-url pattern="/rest/formValue/**" access="ROLE_USER,ROLE_ADMIN" />


<intercept-url pattern="/rest/formValue/**" access="SCOPE_READ" />

我通过调试找到了问题。

相关问题
最新问题