Spring Boot Oauth 2.0授权服务器返回空令牌

时间:2018-11-28 21:38:48

标签: spring-security spring-security-oauth2

我试图了解Oauth 2.0,并且尝试按照一个简单的教程进行操作,但是我不明白我的代码出了什么问题。基本上授权服务器没有向客户端返回任何令牌,并且我没有了解原因:( 这是代码: ResourceServer应用程序: AuthorizationServerConfig:

<div class="outer">
  <span class="inner">Yeah, this week at McCormick place apparently</span>
</div>

<div class="outer">
  <span class="inner">Negative, seems interesting tho</span>
</div>

<div class="outer">
  <span class="inner">Some other random message which is a little bit longer than the other messages</span>
</div>

EmployeeSecurityConfiguration:

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory().withClient("javainuse").secret("secret").authorizedGrantTypes("authorization_code")
            .scopes("read").authorities("CLIENT").redirectUris("http://localhost:8090/showEmployees");
    }

}

ResourceServer:

@Configuration
@EnableWebSecurity
public class EmployeeSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/resources/**");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/").permitAll().antMatchers("/user/getEmployeesList").hasAnyRole("ADMIN")
                .anyRequest().authenticated().and().formLogin().permitAll().and().logout().permitAll();

        http.csrf().disable();
    }

    @Override
    public void configure(AuthenticationManagerBuilder authenticationMgr) throws Exception {
        authenticationMgr.inMemoryAuthentication().passwordEncoder(NoOpPasswordEncoder.getInstance()).withUser("admin").password("admin").authorities("ROLE_ADMIN");
    }
}

EmployeeController:

@Configuration
@EnableResourceServer
public class ResourceServer extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.requestMatchers().antMatchers("/user/getEmployeesList/**").and().authorizeRequests().anyRequest()
                .access("#oauth2.hasScope('read')");
    }
}

和客户端应用程序:

@Controller
public class EmployeeController {

    @RequestMapping(value = "/user/getEmployeesList", produces ="application/json")
    @ResponseBody
    public List<Employee> getEmployeeList(){
        List<Employee> employees = new ArrayList<>();
        Employee emp = new Employee();
        emp.setEmpId("emp1");
        emp.setEmpName("emp1");
        employees.add(emp);
        return employees;
    }

}

显示response.getBody()的sysout始终为null,我不知道为什么会这样

0 个答案:

没有答案