我正在设置一个REST API服务器,该服务器只能与client_credentials流一起使用,因此我没有用户,只有客户端可以访问我的资源。
我正在使用SPRING BOOT PARENT 2.0.2.RELEASE和Spring Security Oauth2 2.3.4.RELEASE
当尝试获取令牌时,我不断收到此错误:
.topnav {
overflow: hidden;
float: right;
clear:right;
margin: 0px 30px;
}
.topnav a {
float:left;
display: inline-block;
color: white;
text-align: center;
padding: 15px 20px 15px 20px;
text-decoration: none;
font-size: 14px;
}
.topnav a:hover {
background-color: #0600FF;
color: white;
}
a.active {
color: white;
border-bottom: 2px white solid;
}
.topnav .icon {
display: none;
}
/* Sticky */
.sticky {
position: sticky;
top: 0;
}
@media screen and (max-width: 700px) {
.topnav a {display: none;}
.topnav a.icon {
float: right;
display: block;
color: white;
margin-right: 40px;
padding:10px 10px 10px 10px;
background-color: #0600FF;
}
}
@media screen and (max-width: 700px) {
.topnav.responsive {position: relative;}
.topnav.responsive .icon {
position: absolute;
right: 0;
top: 0;
}
.topnav.responsive a {
float: none;
display: block;
text-align: right;
}
.topnav.responsive a:not(:first-child) {
background-color:white;
}
/* The "Home"-menu item is moved below the menu icon */
.topnav a:first-child {
margin-top: 48px;
}
}
这是我配置AuthServer的方式
There is no client authentication. Try adding an appropriate authentication filter.
这是我设置常规安全性的方式
@Configuration
@EnableAuthorizationServer
public class AuthServer extends AuthorizationServerConfigurerAdapter {
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Autowired
ClientDetailsService clientDetailsService;
@Override
public void configure(
AuthorizationServerSecurityConfigurer oauthServer)
throws Exception {
oauthServer
.allowFormAuthenticationForClients()
.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients)
throws Exception {
clients.inMemory()
.withClient("client")
.secret("{noop}secret")
.authorizedGrantTypes("refresh_token", "client_credentials")
.scopes("read", "write");
}
@Override
public void configure(
AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
endpoints
.tokenStore(tokenStore())
.authenticationManager(authenticationManager)
.setClientDetailsService(clientDetailsService)
}
@Bean
public TokenStore tokenStore() {
return new InMemoryTokenStore();
}
}
最后是ResourceServer(在本期中不重要)
@Configuration
@EnableWebSecurity
@Order(-1)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/oauth/token").permitAll()
.and()
.csrf().disable()
.httpBasic().disable();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
我尝试以这种方式@Configuration
@EnableResourceServer
public class ResourceServerConf extends ResourceServerConfigurerAdapter{
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/api*")
.authenticated();
}
}
我想念什么?