Jhipster + Spring-rest + OAuth2 + keycloak-无法验证CSRF令牌,因为未找到您的会话

时间:2018-07-27 13:08:12

标签: docker oauth-2.0 jhipster keycloak spring-rest

我在使用Jhipster 5.1.0 + spring-rest + OAuth2(密钥斗篷)通过发布发送数据时遇到麻烦。

在旧版Jhipster中,access_token是通过以下方式获得的:

curl -k -X POST -vu MY_APP:MY_SECRET https://{host}/oauth/token -H "Accept: application/json" -d "username=myUsername&password=myPassword&grant_type=password&scope=read"

当我使用OAuth2 + keycloak身份验证时,必须像这样获取它:

curl MY_APP:MY_SECRET@{host}:9080/auth/realms/jhipster/protocol/openid-connect/token -d "username=myUsername&password=myPassword&grant_type=password&scope=read"

我可以使用以上命令获取access_token和refresh_token。

当我必须通过POST发送JSON时出现问题。执行发送数据的命令:

curl -k -X POST -H "Accept: Application/json" -H "Content-Type: application/json" -H "Authorization: Bearer  my_access_token" http://{host}:8080/myrest -d '{"key1": "value1", "key2": "value2", "key3": "value3"}'

执行命令时,出现以下错误:

{
  "type" : "https://www.jhipster.tech/problem/problem-with-message",
  "title" : "Forbidden",
  "status" : 403,
  "detail" : "Could not verify the provided CSRF token because your session was not found.",
  "path" : "/myrest",
  "message" : "error.http.403"
}

如何继续将JSON发送到spring-rest API?

0 个答案:

没有答案