我已将客户端定义为在没有客户端机密的情况下使用密码授予,但是当我要求令牌时,它不起作用并且收到警告BCryptPasswordEncoder : Empty encoded password。 Spring Security允许在没有秘密的情况下使用客户端,在AuthorizationServerSecurityConfigurer中,我认为如果编码的密码为空,PasswordEncoder应该匹配,但是到此为止,BasicAuthenticationFilter都不会匹配,因为使用不同的密码将其停止编码器。
@Configuration
@EnableAuthorizationServer
public class AuthServerConfig extends AuthorizationServerConfigurerAdapter {
private final AuthenticationManager authenticationManager;
private final CustomerLoginService userDetailsService;
private final OAuthClientDetailsService oAuthClientDetailsService;
@Autowired
public AuthServerConfig(@Qualifier("authenticationManagerBean") AuthenticationManager authenticationManager,
CustomerLoginService userDetailsService,
OAuthClientDetailsService oAuthClientDetailsService) {
this.authenticationManager = authenticationManager;
this.userDetailsService = userDetailsService;
this.oAuthClientDetailsService = oAuthClientDetailsService;
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
oauthServer
.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.withClientDetails(oAuthClientDetailsService);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
endpoints
.tokenStore(new InMemoryTokenStore())
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService);
}
}