Spring security oauth2 - 无法访问/ oauth / token路由

时间:2018-02-12 15:46:36

标签: java spring-security oauth

我刚开始按照本教程https://jugbd.org/2017/09/19/implementing-oauth2-spring-boot-spring-security/开始为我的其他api创建一个身份验证服务器。一切顺利,直到最后我无法访问/ oauth / token路由以进行身份​​验证。

我认为我需要更多解释才能完全理解这种身份验证。

谢谢你, Matthieu Meunier

PS:这是我的课程:

ResourceServerConfig.java 

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/").permitAll()
                .antMatchers("/api/secure/**").authenticated();
    }
}

AuthorizationServerConfig.java 

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
    @Autowired
    private AuthenticationManager authenticationManager;

    @Override
    public void configure(AuthorizationServerSecurityConfigurer serverSecurityConfigurer){
        serverSecurityConfigurer
                .tokenKeyAccess("permitAll()")
                .checkTokenAccess("isAuthenticated()")
                .allowFormAuthenticationForClients();
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception{
        clients.inMemory().withClient("android-client")
                .authorizedGrantTypes("client-credentials", "password", "refresh_token")
                .authorities("ROLE_CLIENT", "ROLE_ANDROID_CLIENT")
                .scopes("read", "write", "trust")
                .resourceIds("oauth2resource")
                .accessTokenValiditySeconds(5000)
                .secret("android-secret").refreshTokenValiditySeconds(50000);
    }
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints){
        endpoints.authenticationManager(authenticationManager)
                .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
    }
}

就在我的主要

之下 
@Autowired
    CustomUserDetailsService userDetailsService;

    @Autowired
    public void authenticationManager(AuthenticationManagerBuilder builder) throws Exception{
        builder.userDetailsService(userDetailsService);
    }

最后是我的CustomUserDetailsS​​ervice和UserService

CustomUserDetailsS​​ervice.java 

@Service
public class CustomUserDetailsService implements UserDetailsService {

    private final UserService userService;

    @Autowired
    public CustomUserDetailsService(UserService userService) {
        this.userService = userService;
    }

    @Override
    public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
        return this.userService.findByEmail(email);
    }
}

UserService.java 

@Service
public class UserService {

    @Autowired
    MembreRepository membreRepository;

    public UserDetails findByEmail(String email){
        return membreRepository.findOneByEmail(email);
    }
}

1 个答案:

答案 0 :(得分:1)

默认情况下,端点/ oauth / token是安全的,

因此,要调用此端点,您需要作为客户端进行身份验证。为此,根据您的设置,您需要在POST正文上传递client_id和client_secret(您的设置允许客户端身份验证表单node_modules)。

尝试使用参数调用端点:

URL 

.allowFormAuthenticationForClients()

HEADER 

{{host}}/oauth/token

Post Params 

Content-Type application/x-www-form-urlencoded

我使用Postman进行测试

相关问题
最新问题