Spring boot + oauth2:访问此资源需要完全身份验证
我正在尝试使用spring boot,spring cloud security和spring cloud oauth2来实现身份验证服务器。
当我尝试从邮递员
点击http://localhost:8080/auth/oauth/token时,我收到以下错误{ “错误”:“未经授权”, “error_description”:“访问此资源需要完全身份验证” }
下面是我的pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> .
<modelVersion>4.0.0</modelVersion>
<groupId>com.teckink.tp</groupId>
<artifactId>tp-auth-server</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>tp-auth-server</name>
<description>Demo project for Spring Boot</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.0.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<spring-cloud.version>Finchley.M9</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
<repositories>
<repository>
<id>spring-milestones</id>
<name>Spring Milestones</name>
<url>https://repo.spring.io/milestone</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
</project>
Starter(Main)课程:
package com.teckink.tp.authserver;
import java.util.HashMap;
import java.util.Map;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@SpringBootApplication
@RestController
@EnableResourceServer
@EnableAuthorizationServer
public class App {
@RequestMapping(value = { "/user" }, produces = "application/json")
public Map<String, Object> user(OAuth2Authentication user) {
Map<String, Object> userInfo = new HashMap<>();
userInfo.put("user", user.getUserAuthentication().getPrincipal());
userInfo.put("authorities", AuthorityUtils.authorityListToSet(user.getUserAuthentication().getAuthorities()));
return userInfo;
}
public static void main(String[] args) {
SpringApplication.run(App.class, args);
}
}
定义客户端及其秘密的OAuth2Config类:
package com.teckink.tp.authserver.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
@Configuration
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private UserDetailsService userDetailsService;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("eagleeye")
.secret("thisissecret")
.authorizedGrantTypes("refresh_token", "password", "client_credentials")
.scopes("webclient", "mobileclient");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService);
}
}
WebSecurityConfigurer类,它定义内存中的用户,密码和角色:
package com.teckink.tp.authserver.security;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
@Configuration
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
@Bean
public UserDetailsService userDetailsServiceBean() throws Exception {
return super.userDetailsServiceBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("john.carnell").password("password1").roles("USER")
.and()
.withUser("william.woodward").password("password2").roles("USER", "ADMIN");
}
}
我正在从POSTMAN调用Rest API,如下所示 -
请求身份验证屏幕显示如下:
请求表格数据如下
4 个答案:
答案 0 :(得分:4)
在您的示例应用中,当您运行时,您将获得以下异常
java.lang.IllegalArgumentException:没有映射PasswordEncoder 对于id&#34; null&#34;
在spring-security-core:5.0中,默认的PasswordEncoder构建为DelegatingPasswordEncoder。因此,当您将用户存储在内存中时,您将以纯文本形式提供密码,然后当您尝试从DelegatingPasswordEncoder检索编码器以验证密码时,它无法找到密码。
此链接中的更多详细信息Password Encoding
要解决此问题,对于生产实施,您应该激活BCryptPasswordEncoder
对于开发,您可以尝试以下更改,以便通过将{noop}添加到密码值来覆盖密码编码。这将通过激活NoOpPasswordEncoder而不是默认DelegatingPasswordEncoder来处理密码,并将您的密码视为纯文本。
OAuth2Config类
clients.inMemory()
.withClient("eagleeye")
.secret("{noop}thisissecret")
.authorizedGrantTypes("refresh_token", "password", "client_credentials")
.scopes("webclient", "mobileclient");
WebSecurityConfigurer类
auth
.inMemoryAuthentication()
.withUser("john.carnell"). password("{noop}password1").roles("USER")
.and()
.withUser("william.woodward").password("{noop}password2").roles("USER", "ADMIN");
现在,当您从Postman尝试时,您将能够生成令牌
修改
Github项目包含一个有效的演示 here
答案 1 :(得分:0)
我注意到您的授权类型列为&#34;密码&#34;而不是&#34;密码&#34;在你的帖子中 你可以纠正这个并再试一次吗?
答案 2 :(得分:0)
这里发生的事情很奇怪。我通过使用curl命令解决了它。
HashTable[]或 如果要在邮递员中使用,请转到授权->选择类型OAUTH2->获取访问令牌 enter image description here
答案 3 :(得分:0)
我有同样的问题。网址错误,请更改为http://localhost:8080/oauth/token,然后确定。 我从提供错误网址的书中得到了这个样本。只需删除“ / auth”
相关问题
- Spring OAuth2&#34;访问此资源需要完全身份验证&#34;
- POST请求&#34;访问此资源需要完全身份验证&#34;
- 错误未授权,访问此资源需要完全身份验证
- Spring boot + oauth2:访问此资源需要完全身份验证
- Spring Boot:在OAUTH2中访问此资源需要完全身份验证
- 尝试访问登录URL
- 检索访问令牌后,请使用Spring Boot OAuth2“需要完全验证才能访问此资源”
- 要使用生成的访问令牌访问此资源,必须进行完全身份验证
- Spring-Security-Oauth2:访问客户端时,需要完全认证才能访问此资源
- Spring OAuth2需要完整身份验证才能访问此资源
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?