来自数据库的未经授权的错误oauth2客户端

Question

我的应用中出现错误“未经授权”的问题。我正在使用Spring Security和oauth2。我的客户和用户存储在数据库中。当我开始从数据库使用客户端时，PostMan中出现错误401。客户端正在保存数据库，但是当我想从localhost：8080 / oauth / token获取令牌访问时，仍然出现错误。以下是我的资料来源：

AuthorizationServerConfig：

公共类AuthorizationServerConfig扩展了AuthorizationServerConfigurerAdapter {

@Autowired
private AuthenticationManager authenticationManager;



@Autowired
private TokenStore tokenStore;


private CustomClientDetailsService customClientDetailsService;



@Bean
PasswordEncoder passwordEncoder() {
    return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}

@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
    security.tokenKeyAccess("permitAll()")
            .checkTokenAccess("isAuthenticated()");
}

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients.withClientDetails(customClientDetailsService);

}


@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
    endpoints
            .tokenStore(tokenStore)
            .authenticationManager(authenticationManager);
}

}

这是我的CustomClientDetails：

公共类CustomClientDetails实现ClientDetails {

final static Logger log = LoggerFactory.getLogger(CustomClientDetailsService.class);

private static final long serialVersionUID = 6602529451366778198L;

private Clients clients;

public CustomClientDetails(final Clients clients){
    this.clients = clients;
}

@Override
public String getClientId() {
    return clients.getClientId();
}

@Override
public Set<String> getResourceIds() {
    final Set<String> resourcesIds = new HashSet<String>();
    resourcesIds.add(clients.getResourceIds());
    return resourcesIds;
}

@Override
public boolean isSecretRequired() {
    return true;
}

@Override
public String getClientSecret() {
    return clients.getClientSecret();
}

@Override
public boolean isScoped() {
    return true;
}

@Override
public Set<String> getScope() {
    final Set<String> scopes = new HashSet<String>();
    scopes.add(clients.getScope());
    return scopes;
}

@Override
public Set<String> getAuthorizedGrantTypes() {
    final Set<String> authorizedGrantTypes = new HashSet<String>();
    authorizedGrantTypes.add(clients.getAuthorizedGrantTypes());
    return authorizedGrantTypes;

}

@Override
public Set<String> getRegisteredRedirectUri() {
    final Set<String> registeredRedirectUris = new HashSet<String>();
    registeredRedirectUris.add(clients.getWebServerRedirectUri());
    return registeredRedirectUris;
}

@Override
public Collection<GrantedAuthority> getAuthorities() {
    final Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
    authorities.add(new SimpleGrantedAuthority(clients.getAuthorities()));
    return authorities;
}

@Override
public Integer getAccessTokenValiditySeconds() {
    return clients.getAccessTokenValidity();
}

@Override
public Integer getRefreshTokenValiditySeconds() {
    return clients.getRefreshTokenValidity();
}

@Override
public boolean isAutoApprove(String s) {
    return false;
}

@Override
public Map<String, Object> getAdditionalInformation() {
    final Set<String> additionalInformation = new HashSet<String>();
    additionalInformation.add(clients.getAdditionalInformation());
    return null;
}

这是CustomClientDetailsS​​ervice：

公共类CustomClientDetailsS​​ervice实现ClientDetailsS​​ervice {

@Autowired
private ClientsRepository clientsRepository;

@Autowired
private CustomClientDetails customClientDetails;

@Override
public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {

    Clients client = clientsRepository.findByClientId(clientId);

        final CustomClientDetails customClientDetails = new CustomClientDetails(client);
        return customClientDetails;
    }

还有PostMan的错误：

{     “ timestamp”：“ 2019-02-20T09：32：15.479 + 0000”，     “状态”：401，     “错误”：“未经授权”，     “ message”：“未经授权”，     “路径”：“ / oauth /令牌” }

Answer 1

您应该在邮递员中提供client_id和client_secret，在授权部分中，您可以设置基本身份验证。

在username字段中，输入您的client_id，在password中，输入您的client_secret。

Answer 2

“ / oauth / token”处的“未经授权”可能意味着您未在请求标头中提供HTTP Basic Auth凭据。据我所知，默认情况下，此端点是使用存储在oauth_client_details实体中的登录名和密码保护的。寻找client_id + client_secret对，并将其提供给Postman具有Authorization-> Basic Auth设置。