“空编码密码”无需令牌即可调用令牌

时间:2019-01-10 07:03:57

标签: spring-boot spring-security spring-security-oauth2

我已将客户端定义为在没有客户端机密的情况下使用密码授予,但是当我要求令牌时,它不起作用并且收到警告BCryptPasswordEncoder : Empty encoded password。 Spring Security允​​许在没有秘密的情况下使用客户端,在AuthorizationServerSecurityConfigurer中,我认为如果编码的密码为空,PasswordEncoder应该匹配,但是到此为止,BasicAuthenticationFilter都不会匹配,因为使用不同的密码将其停止编码器。

@Configuration
@EnableAuthorizationServer
public class AuthServerConfig extends AuthorizationServerConfigurerAdapter {

    private final AuthenticationManager authenticationManager;

    private final CustomerLoginService userDetailsService;

    private final OAuthClientDetailsService oAuthClientDetailsService;

    @Autowired
    public AuthServerConfig(@Qualifier("authenticationManagerBean") AuthenticationManager authenticationManager,
                            CustomerLoginService userDetailsService,
                            OAuthClientDetailsService oAuthClientDetailsService) {
        this.authenticationManager = authenticationManager;
        this.userDetailsService = userDetailsService;
        this.oAuthClientDetailsService = oAuthClientDetailsService;
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
        oauthServer
                .tokenKeyAccess("permitAll()")
                .checkTokenAccess("isAuthenticated()");
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.withClientDetails(oAuthClientDetailsService);
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
        endpoints
                .tokenStore(new InMemoryTokenStore())
                .authenticationManager(authenticationManager)
                .userDetailsService(userDetailsService);
    }
}

0 个答案:

没有答案