spring oauth2,无法检索用户信息

时间:2018-02-23 02:59:22

标签: spring oauth-2.0 spring-oauth2

无法找到说明如何使用access_token获取用户信息的文档。

如何制作此类端点?

我看到当我访问/ user端点时,不包括OAuth2AuthenticationProcessingFilter。 我想我搞砸了下面的东西

@Configuration
@EnableWebSecurity
@Order(2)
// after ResourceServerConfigurerAdapter
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Override
  protected void configure(HttpSecurity http) throws Exception {
    http
      // https://stackoverflow.com/questions/26387003/how-to-make-spring-boot-never-issue-session-cookie
      .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
      .authorizeRequests()
      .antMatchers("/", "index", "/login**", "/webjars/**")
      .permitAll()
      .and().exceptionHandling()
      .authenticationEntryPoint(authenticationEntryPoint)
      .accessDeniedHandler(oAuth2FailedHandler)
      .and().csrf().disable().authorizeRequests()                                                                                                                                       
      .and().addFilterBefore(new CORSFilter(), BasicAuthenticationFilter.class);                                                                                                    }
}
I also have..

@Order(3)
@Configuration
@EnableResourceServer
@Slf4j
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(final ResourceServerSecurityConfigurer config) {
        config.tokenServices(tokenServices());
    }

   @Override
    public void configure(HttpSecurity http) throws Exception {
     // super.configure(http);

     log.info("hello OAuth2ResourceServerConfig:configure");
     http
        .authorizeRequests().anyRequest().authenticated();

    }

     @Bean
     @Primary
     public DefaultTokenServices tokenServices() {
         final DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
         defaultTokenServices.setTokenStore(tokenStore());
         return defaultTokenServices;
     }

     // JDBC token store configuration

     @Bean
     public DataSource dataSource() {
         final DriverManagerDataSource dataSource = new DriverManagerDataSource();
         dataSource.setDriverClassName(env.getProperty("spring.datasource.driver-class-name"));
         dataSource.setUrl(env.getProperty("spring.datasource.url"));
         dataSource.setUsername(env.getProperty("spring.datasource.username"));
         dataSource.setPassword(env.getProperty("spring.datasource.password"));

         return dataSource;
     }

     @Bean
     public TokenStore tokenStore() {
         return new JdbcTokenStore(dataSource());
     }
}


@Configuration
 //@PropertySource({ "classpath:persistence.properties" })                                                                                                                         @EnableAuthorizationServer
 @Slf4j
 public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
    // ....
 }

1 个答案:

答案 0 :(得分:-1)

使用以下内容添加REST控制器:

@RequestMapping("/user")
public @ResponseBody Principal  user(Principal user) {
    return user;
}

然后,您可以使用授权标头中的访问令牌来调用它。

相关问题
最新问题