我正在尝试使用JDBC令牌存储实现Spring Boot Oauth2。 当我使用以下网址时:
我得到以下输出:
{ "错误":" server_error", " error_description":"此对象尚未构建" }
请在下面找到我关注的配置类:
1。 AuthorizationServerConfig
@Configuration @EnableAuthorizationServer public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
public static final String CHECK_TOKEN_ACCESS_IS_AUTHENTICATED = "isAuthenticated()";
public static final String CLIENT_ID = "my-sh-client";
public static final String GRANT_TYPE_PASSWORD = "password";
public static final String GRANT_TYPE_AUTHORIZATION_CODE = "authorization_code";
public static final String GRANT_TYPE_REFRESH_TOKEN = "refresh_token";
public static final String GRANT_TYPE_IMPLICIT = "implicit";
public static final String GRANT_TYPE_CLIENT_CREDENTIALS = "client_credentials";
public static final String AUTHORITIES_ROLE_CLIENT = "ROLE_CLIENT";
public static final String AUTHORITIES_ROLE_TRUSTED_CLIENT = "ROLE_TRUSTED_CLIENT";
public static final String SCOPE_READ = "read";
public static final String SCOPE_WRITE = "write";
public static final String SCOPE_TRUST = "trust";
public static final String RESOURCE_ID = "oauth2-resource";
public static final Integer ACCESS_TOKEN_VALIDITY_SECONDS = 5000;
public static final Integer REFRESH_TOKEN_VALIDITY_SECONDS = 6000;
public static final String CLIENT_SECRET = "secret";
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private DataSource dataSource;
@Bean
public JdbcTokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.checkTokenAccess(CHECK_TOKEN_ACCESS_IS_AUTHENTICATED);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient(CLIENT_ID).authorizedGrantTypes(GRANT_TYPE_PASSWORD, GRANT_TYPE_AUTHORIZATION_CODE,
GRANT_TYPE_REFRESH_TOKEN, GRANT_TYPE_IMPLICIT, GRANT_TYPE_CLIENT_CREDENTIALS).authorities(AUTHORITIES_ROLE_CLIENT,
AUTHORITIES_ROLE_TRUSTED_CLIENT).scopes(SCOPE_READ, SCOPE_WRITE, SCOPE_TRUST).resourceIds(
RESOURCE_ID).accessTokenValiditySeconds(
ACCESS_TOKEN_VALIDITY_SECONDS).refreshTokenValiditySeconds(
REFRESH_TOKEN_VALIDITY_SECONDS).secret(CLIENT_SECRET);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
endpoints.tokenStore(tokenStore());
}}
2 ResourceServerConfig
@Configuration @EnableResourceServer public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Override
public void configure(ResourceServerSecurityConfigurer resources)
throws Exception {
resources.resourceId(AuthorizationServerConfig.RESOURCE_ID).tokenStore(tokenStore());
}
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers(
SecurityRestEndPoints.SECURITY_BASE_V1 + "/**").hasAuthority("ADMIN");
}}
3 安全配置
@Configuration @EnableWebSecurity public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
UserService userservice;
@Override
public void init(WebSecurity web) {
web.ignoring().antMatchers("/");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
for (User user : userservice.getAllUsers()) {
if (user.getLoginId() != null && user.getPassword() != null) {
for (Role role : user.getRole()) {
auth.jdbcAuthentication().withUser(user.getLoginId()).password(user.getPassword()).roles(
role.getRoleName().toUpperCase());
}
}
}
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean()
throws Exception {
return super.authenticationManagerBean();
}}
4 申请类
@SuppressWarnings("deprecation") @SpringBootApplication @ComponentScan({ "com.sh" }) @EntityScan("com.sh.security.entity") @EnableJpaRepositories("com.sh.security.repository") public class Application extends WebMvcConfigurerAdapter {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("*").allowedMethods("*");
}}
以下是我使用的数据库模式,它创建了我的oauth表:
create table oauth_client_details (
client_id VARCHAR(256) PRIMARY KEY,
resource_ids VARCHAR(256),
client_secret VARCHAR(256),
scope VARCHAR(256),
authorized_grant_types VARCHAR(256),
web_server_redirect_uri VARCHAR(256),
authorities VARCHAR(256),
access_token_validity INTEGER,
refresh_token_validity INTEGER,
additional_information VARCHAR(4096),
autoapprove VARCHAR(256)
);
create table oauth_client_token (
token_id VARCHAR(256),
token LONGVARBINARY,
authentication_id VARCHAR(256),
user_name VARCHAR(256),
client_id VARCHAR(256)
);
create table oauth_access_token (
token_id VARCHAR(256),
token LONGVARBINARY,
authentication_id VARCHAR(256),
user_name VARCHAR(256),
client_id VARCHAR(256),
authentication LONGVARBINARY,
refresh_token VARCHAR(256)
);
create table oauth_refresh_token (
token_id VARCHAR(256),
token LONGVARBINARY,
authentication LONGVARBINARY
);
create table oauth_code (
code VARCHAR(256), authentication LONGVARBINARY
);
我应该如何保留oauth2访问令牌以及如何解决此问题