Spring boot 2.0.3 + Security + Oauth2自动配置
我正在使用OAuth2和微服务,我创建了一个微服务以生成授权令牌,并创建了另一个微服务作为客户端。令牌的生成可以正常工作,但是当我尝试在客户端服务上使用此生成的令牌进行身份验证时,它将无法正常工作。
生成令牌的微服务:localhost:9999
使用网址生成的令牌:estrutura:estruturasecret @ localhost:9999 / oauth / token
[
{
"key":"grant_type",
"value":"password"
},
{
"key":"username",
"value":"matheus"
},
{
"key":"password",
"value":"teste"
},
{
"key":"client_id",
"value":"estrutura"
}
]
返回:
{
"access_token": "2e4c26b3-0fcf-493e-a255-6216b98811c5",
"token_type": "bearer",
"refresh_token": "5e33740a-ccb9-4ec1-94be-3a4643b8097a",
"expires_in": 42479,
"scope": "read write"
}
客户微服务:localhost:9090
@SpringBootApplication
@EnableResourceServer
public class ClientServer {
public static void main(String[] args) {
SpringApplication.run(ClientServer.class, args);
}
}
application.yml:
server:
port: 9090
servlet:
context-path: /client
spring:
application:
name: client-server
security:
oauth2:
client:
client-id: estrutura
client-secret: estruturasecret
access-token-uri: localhost:9999/oauth/token
user-authorization-uri: localhost:9999/oauth/authorize
resource:
token-info-uri: localhost:9999/oauth/check_token
logging:
level:
org.springframework.security: DEBUG
错误:
<error>invalid_token</error>
<error_description>Invalid access token: 2e4c26b3-0fcf-493e-a255-6216b98811c5</error_description>
日志:
2018-06-26 11:24:42.641 DEBUG 18658 --- [nio-9090-exec-2] o.s.security.web.FilterChainProxy : /alunos at position 5 of 11 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'
2018-06-26 11:24:42.641 DEBUG 18658 --- [nio-9090-exec-2] p.a.OAuth2AuthenticationProcessingFilter : Authentication request failed: error="invalid_token", error_description="Invalid access token: 2e4c26b3-0fcf-493e-a255-6216b98811c5"
2018-06-26 11:24:42.645 DEBUG 18658 --- [nio-9090-exec-2] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@1fa75b
2018-06-26 11:24:42.647 DEBUG 18658 --- [nio-9090-exec-2] s.s.o.p.e.DefaultOAuth2ExceptionRenderer : Written [error="invalid_token", error_description="Invalid access token: 2e4c26b3-0fcf-493e-a255-6216b98811c5"] as "application/xml;charset=UTF-8" using [org.springframework.http.converter.xml.MappingJackson2XmlHttpMessageConverter@30d6fa45]
2018-06-26 11:24:42.647 DEBUG 18658 --- [nio-9090-exec-2] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
答案 0 :(得分:4)
我试图复制您的用例:我开发了具有Spring云安全性和资源服务器的AuthServer。我看到使用token-info-uri策略的问题是,为了检查令牌,春季使用了RemoteTokenServices,并且为了检索令牌信息,它使用了OAuth2RestTemplate表示如果要使用您的配置,请插入这种类型的配置如下:
@EnableOAuth2Client
@EnableResourceServer
@SpringBootApplication
public class HelloOauthServiceApplication {
public static void main(String[] args) {
SpringApplication.run(HelloOauthServiceApplication.class, args);
}
@Bean
public OAuth2RestTemplate oAuth2RestTemplate(OAuth2ProtectedResourceDetails resource){
return new OAuth2RestTemplate(resource);
}
}
注意@EnableOAuth2Client和OAuth2RestTemplate bean的定义。 Spring使用这些配置来验证和刷新令牌。
但是,以这种方式,任何资源服务器都必须是客户端应用程序,以我的经验,它不能扩展。我的个人建议是使用user-info-uri策略。在这种情况下,spring将使用特殊的端点来收回用户的需求。在资源服务器中,配置非常简单,您仅定义了@EnableResourceServer,例如在yaml中的示例中,您只能配置以下资源部分
security:
oauth2:
resource:
user-info-uri: http://localhost:9090/account/userInfo.json
preferTokenInfo: false
唯一的其他开发是在您的身份验证服务器中,它必须在如下所示的端点中公开用户信息:
@RestController
@RequestMapping("/account")
class UserRestFullEndPoint {
@GetMapping("/userInfo")
public Principal userInfo(Principal principal){
return principal;
}
}
我多次使用这种方法,并且我注意到这种方法非常有效并且可以扩展,因为在资源服务器中,您没有像客户端应用程序那样定义它。
我希望它可能有用
p.s。
在您的配置中,您忘记了http协议:
server:
port: 9090
servlet:
context-path: /client
spring:
application:
name: client-server
security:
oauth2:
client:
client-id: estrutura
client-secret: estruturasecret
access-token-uri: http://localhost:9999/oauth/token
user-authorization-uri: http://localhost:9999/oauth/authorize
resource:
token-info-uri: http://localhost:9999/oauth/check_token
logging:
level:
org.springframework.security: DEBUG