我正在尝试使用资源所有者密码凭据设置Spring安全OAuth 2,但在通过邮递员向/oauth/token
发送POST请求时出现以下错误:
"没有为id \" null \"""
映射PasswordEncoder
Screenshot of error in Postman
我的代码: Spring安全配置类
public class SpringSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("john").password("test123").roles("USER");
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
授权服务器:
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
private static final int ONE_DAY = 60*60*24;
private static final int THIRTY_DAYS = 60*60*24*30;
// Spring bean for handling the authenticated requests
@Autowired
private AuthenticationManager authenticationManager;
// enable us to use the users from our database in our auth server.
@Autowired
UserDetailsServiceImpl userDetailsService;
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
// checkTokenAccess: to check token and select tokens we refer("isAuthenticated()": not anonymous user)
security.checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// define client details service
clients.inMemory().withClient("my-trusted-client")
.authorizedGrantTypes("client_credentials", "password", "refresh_token")
.authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
.scopes("read", "write", "trust")
.resourceIds("oauth2-resource")
.accessTokenValiditySeconds(ONE_DAY)
.refreshTokenValiditySeconds(THIRTY_DAYS)
.secret("secret");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
// define the authorization and token endpoints and the token services.
endpoints.authenticationManager(authenticationManager);
endpoints.userDetailsService(userDetailsService);
}
}
资源服务器:
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.headers().frameOptions().disable().and()
.authorizeRequests()
.antMatchers("/","/home", "/register", "/login", "auth/**").permitAll()
.antMatchers("/private/**").authenticated();
}
}