有一个小型Spring Boot项目,它是PHP项目的REST API。
PHP Projece使用BCrypt保存用户加密密码(使用Pepper)
我在我的网络服务中使用OAuth。 要使用OAuth执行此操作,我使用了以下说明: OAuth whis Spring Boot
在我的测试项目中也很有效 现在我已经尝试将其转移到我的项目中。不幸的是,它在那里不起作用。
curl -X POST --user 'gigy:secret' -d 'grant_type=password&username=USERNAME&password=PASSWORD' http://localhost:8080/Api/oauth/token
答案是:
{"timestamp":1513858442975,"status":401,"error":"Unauthorized","message":"Bad credentials","path":"/Api/oauth/token"}
不幸的是,我不确切地知道问题出在哪里。我怀疑是因为我没有交出Pepper。 PHP应用程序在哈希
中使用胡椒OAuth2Config.java:
package com.company.webservice.config;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import com.company.webservice.ApiApplication;
@Configuration
@EnableAuthorizationServer
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
private static final Logger logger = LoggerFactory.getLogger(OAuth2Config.class);
@Autowired
@Qualifier("userDetailsService")
private UserDetailsService userDetailsService;
@Autowired
private AuthenticationManager authenticationManager;
@Value("${gigy.oauth.tokenTimeout:3600}")
private int expiration;
private String bCryptPepper = "";
// password encryptor
@Bean
public PasswordEncoder passwordEncoder()
{
logger.debug("Create Password Encoder ... .. .");
return new BCryptPasswordEncoder();
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer configurer) throws Exception
{
logger.debug("Set OAuth Config ... .. .");
configurer.authenticationManager(authenticationManager);
configurer.userDetailsService(userDetailsService);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception
{
clients.inMemory().withClient("gigy").secret("secret").accessTokenValiditySeconds(expiration)
.scopes("read", "write").authorizedGrantTypes("password", "refresh_token").resourceIds("resource");
}
}
现在的问题是我如何与问题相处,遗憾的是在日志文件中找不到。 我还可以发布更多代码,我只是不确定你需要什么。