处理错误:InvalidRequestException,缺少授权类型
有人可以提供帮助吗,我不断获得遗失的授权类型,但授权类型存在。我在线搜索,但仍然可以找到解决方案。
@Configuration
@EnableAuthorizationServer
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Value("${security.oauth2.client.access-token-validity-seconds}")
int refreshTokenValiditySeconds;
@Value("${security.oauth2.client.refresh-token-validity-seconds}")
int accessTokenValiditySeconds;
@Autowired
private AuthenticationManager authenticationManager;
@Bean
public JwtAccessTokenConverter tokenConverter() {
JwtAccessTokenConverter tokenConverter = new JwtAccessTokenConverter();
tokenConverter.setSigningKey(PRIVATE_KEY);
tokenConverter.setVerifierKey(PUBLIC_KEY);
return tokenConverter;
}
@Bean
public JwtTokenStore tokenStore() {
return new JwtTokenStore(tokenConverter());
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpointsConfigurer) throws Exception {
endpointsConfigurer.authenticationManager(authenticationManager)
.tokenStore(tokenStore())
.accessTokenConverter(tokenConverter());
}
//defines the security contrains on the token endpoint
@Override
public void configure(AuthorizationServerSecurityConfigurer securityConfigurer) throws Exception {
securityConfigurer
.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient(CLIENT_ID)
.secret(CLIENT_SECRET)
//.resourceIds("oauth2-resource")
//.authorities("ROLE_CLIENT","ROLE_TRUSTED_CLIENT")
.scopes("read","write")
.authorizedGrantTypes("authorization_code", "refresh_token", "password")
.accessTokenValiditySeconds(accessTokenValiditySeconds)
.refreshTokenValiditySeconds(accessTokenValiditySeconds);
//.autoApprove(true);
}
}
当我在Post-man上运行时,我得到以下内容。
这是请求的应用程序控制台日志,但它没有太多信息:
""2018-04-02 10:20:35 [main] INFO o.s.b.a.e.mvc.EndpointHandlerMapping - Mapped "{[/trace || /trace.json],methods=[GET],produces=[application/vnd.spring-boot.actuator.v1+json || application/json]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.EndpointMvcAdapter.invoke()
""2018-04-02 10:20:35 [main] INFO o.s.s.web.DefaultSecurityFilterChain - Creating filter chain: org.springframework.boot.actuate.autoconfigure.ManagementWebSecurityAutoConfiguration$LazyEndpointPathRequestMatcher@11180750, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@210635fd, org.springframework.security.web.context.SecurityContextPersistenceFilter@4b98225c, org.springframework.security.web.header.HeaderWriterFilter@7d61468c, org.springframework.web.filter.CorsFilter@63814bbe, org.springframework.security.web.authentication.logout.LogoutFilter@32e697ac, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@655621fd, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@4beae1e3, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@3c488b34, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@3cb195dd, org.springframework.security.web.session.SessionManagementFilter@45796b2a, org.springframework.security.web.access.ExceptionTranslationFilter@c318864, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@65a48cab]
""2018-04-02 10:20:36 [main] INFO o.s.j.e.a.AnnotationMBeanExporter - Registering beans for JMX exposure on startup
""2018-04-02 10:20:36 [main] INFO o.s.j.e.a.AnnotationMBeanExporter - Bean with name 'configurationPropertiesRebinder' has been autodetected for JMX exposure
""2018-04-02 10:20:36 [main] INFO o.s.j.e.a.AnnotationMBeanExporter - Bean with name 'refreshEndpoint' has been autodetected for JMX exposure
""2018-04-02 10:20:36 [main] INFO o.s.j.e.a.AnnotationMBeanExporter - Bean with name 'restartEndpoint' has been autodetected for JMX exposure
""2018-04-02 10:20:36 [main] INFO o.s.j.e.a.AnnotationMBeanExporter - Bean with name 'environmentManager' has been autodetected for JMX exposure
""2018-04-02 10:20:36 [main] INFO o.s.j.e.a.AnnotationMBeanExporter - Bean with name 'refreshScope' has been autodetected for JMX exposure
""2018-04-02 10:20:36 [main] INFO o.s.j.e.a.AnnotationMBeanExporter - Located managed bean 'environmentManager': registering with JMX server as MBean [org.springframework.cloud.context.environment:name=environmentManager,type=EnvironmentManager]
""2018-04-02 10:20:36 [main] INFO o.s.j.e.a.AnnotationMBeanExporter - Located managed bean 'restartEndpoint': registering with JMX server as MBean [org.springframework.cloud.context.restart:name=restartEndpoint,type=RestartEndpoint]
""2018-04-02 10:20:36 [main] INFO o.s.j.e.a.AnnotationMBeanExporter - Located managed bean 'refreshScope': registering with JMX server as MBean [org.springframework.cloud.context.scope.refresh:name=refreshScope,type=RefreshScope]
""2018-04-02 10:20:36 [main] INFO o.s.j.e.a.AnnotationMBeanExporter - Located managed bean 'configurationPropertiesRebinder': registering with JMX server as MBean [org.springframework.cloud.context.properties:name=configurationPropertiesRebinder,context=68dc098b,type=ConfigurationPropertiesRebinder]
""2018-04-02 10:20:36 [main] INFO o.s.j.e.a.AnnotationMBeanExporter - Located managed bean 'refreshEndpoint': registering with JMX server as MBean [org.springframework.cloud.endpoint:name=refreshEndpoint,type=RefreshEndpoint]
""2018-04-02 10:20:36 [main] INFO o.s.c.s.DefaultLifecycleProcessor - Starting beans in phase 0
""2018-04-02 10:20:36 [main] INFO o.s.b.c.e.t.TomcatEmbeddedServletContainer - Tomcat started on port(s): 8085 (http)
""2018-04-02 10:20:36 [main] INFO com.deanace.AuthFlexpayApplication - Started AuthFlexpayApplication in 17.884 seconds (JVM running for 19.345)
""2018-04-02 10:21:19 [http-nio-8085-exec-2] INFO o.a.c.c.C.[.[localhost].[/auth] - Initializing Spring FrameworkServlet 'dispatcherServlet'
""2018-04-02 10:21:19 [http-nio-8085-exec-2] INFO o.s.s.o.p.endpoint.TokenEndpoint - Handling error: InvalidRequestException, Missing grant type
"
我需要有人帮助我
3 个答案:
答案 0 :(得分:0)
由于评论中的文字大小限制,将其作为答案发布。
日志没有帮助。好吧,看起来令牌请求没有正确生成。
让我与您分享当我们向/ oauth / token端点发出请求时,幕后发生的事情。请求转到TokenEndpoint#postAccessToken(..)课程。然后,客户端详细信息服务将尝试按客户端ID加载客户端(在您的情况下,其InMemoryClientDetailsService)。在此加载的客户端对象中,authorizedGrantTypes中应包含password。然后令牌请求工厂尝试根据请求中传递的参数创建令牌请求。最有可能是DefaultOAuth2RequestFactory#createTokenRequest(..)。 TokenRequest应在password中设置grantType。请在这些类中使用断点进行调试。
以下摘录来自TokenEndpoint类:请检查authenticatedClient和tokenRequest对象。
public ResponseEntity<OAuth2AccessToken> postAccessToken(Principal principal, @RequestParam Map<String, String> parameters) throws HttpRequestMethodNotSupportedException {
if (!(principal instanceof Authentication)) {
throw new InsufficientAuthenticationException("There is no client authentication. Try adding an appropriate authentication filter.");
} else {
String clientId = this.getClientId(principal);
ClientDetails authenticatedClient = this.getClientDetailsService().loadClientByClientId(clientId);
TokenRequest tokenRequest = this.getOAuth2RequestFactory().createTokenRequest(parameters, authenticatedClient);
if (clientId != null && !clientId.equals("") && !clientId.equals(tokenRequest.getClientId())) {
throw new InvalidClientException("Given client ID does not match authenticated client");
} else {
if (authenticatedClient != null) {
this.oAuth2RequestValidator.validateScope(tokenRequest, authenticatedClient);
}
if (!StringUtils.hasText(tokenRequest.getGrantType())) {
throw new InvalidRequestException("Missing grant type");
}
此外,在邮递员提出请求之前,请删除所有Cookie。
答案 1 :(得分:0)
从spring-boot 1.5.0升级到spring-boot 2.2.6后,我遇到了同样的问题。 原来我正在使用日志,并且删除了我的x-www-form-urlencoded正文。
添加了-Dlogbook.servlet.form-request = parameter
之后,一切都重新开始了答案 2 :(得分:0)
对我有用
- 对
url = http://localhost:8888/oauth/token?username=username&password=password&grant_type=password使用post方法 - 转到“授权”标签,然后选择“基本身份验证”
username = <client-id>
password = <client-secret>
- 转到“页眉”选项卡,并使用key = value添加页眉
Content-Type = application/x-www-form-urlencoded
注意:请勿在正文中添加用户名,密码和grant_type。将它们添加到URL
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?