Spring Security Oauth2没有为id映射PasswordEncoder

时间:2018-05-07 14:15:38

标签: java spring security oauth-2.0

我正在尝试使用资源所有者密码凭据设置Spring安全OAuth 2,但在通过邮递员向/oauth/token发送POST请求时出现以下错误:

  

"没有为id \" null \"""

映射PasswordEncoder

Screenshot of error in Postman

我的代码: Spring安全配置类

public class SpringSecurityConfiguration extends WebSecurityConfigurerAdapter {

  @Bean
  public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
  }

  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication()
        .withUser("john").password("test123").roles("USER");
  }

  @Bean
  @Override
  public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
  }

}

授权服务器:

public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

  private static final int ONE_DAY = 60*60*24;
  private static final int THIRTY_DAYS = 60*60*24*30;

  // Spring bean for handling the authenticated requests
  @Autowired
  private AuthenticationManager authenticationManager;

  // enable us to use the users from our database in our auth server.
  @Autowired
  UserDetailsServiceImpl userDetailsService;

  @Override
  public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
    // checkTokenAccess: to check token and select tokens we refer("isAuthenticated()": not anonymous user)
    security.checkTokenAccess("isAuthenticated()");
  }

  @Override
  public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    // define client details service
    clients.inMemory().withClient("my-trusted-client")
        .authorizedGrantTypes("client_credentials", "password", "refresh_token")
        .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
        .scopes("read", "write", "trust")
        .resourceIds("oauth2-resource")
        .accessTokenValiditySeconds(ONE_DAY)
        .refreshTokenValiditySeconds(THIRTY_DAYS)
        .secret("secret");
  }

  @Override
  public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
    // define the authorization and token endpoints and the token services.
    endpoints.authenticationManager(authenticationManager);
    endpoints.userDetailsService(userDetailsService);
  }
}

资源服务器:

public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

  @Override
  public void configure(HttpSecurity http) throws Exception {
      http.headers().frameOptions().disable().and()
        .authorizeRequests()
        .antMatchers("/","/home", "/register", "/login", "auth/**").permitAll()
        .antMatchers("/private/**").authenticated();
  }
}

0 个答案:

没有答案