Spring JDBC令牌存储在访问资源时给出401未经授权

时间:2019-04-24 16:27:02

标签: spring-security-oauth2

我正在创建一个Spring Boot应用程序并实现oauth JDBC令牌存储。我已经在同一应用程序中实现了授权服务器和资源服务器。令牌已生成,并使用授权服务器代码保存在数据库中,但是当我尝试访问资源服务器时,却收到401未经授权的错误代码。

Access Token generation:
{
    "access_token": "9fb18582-1096-4c7e-b06c-b571c6d4dfde",
    "token_type": "bearer",
    "refresh_token": "cb7b5d6f-f765-4e99-9282-a8a2a31cb39b",
    "expires_in": 3123,
    "scope": "read write"
}

访问资源服务器:

{
    "timestamp": "2019-04-24T16:12:18.326+0000",
    "status": 401,
    "error": "Unauthorized",
    "message": "Unauthorized",
    "path": "/secured/company/"
}

我在访问资源URL时已在标头中传递了授权承载9fb18582-1096-4c7e-b06c-b571c6d4dfde。下面是它的源代码:

@Configuration
@EnableAuthorizationServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Import(ServerSecurityConfig.class)
public class AuthServerOAuth2Config extends AuthorizationServerConfigurerAdapter {

    @Autowired

    @Qualifier("dataSource")
    private DataSource dataSource;

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private PasswordEncoder oauthClientPasswordEncoder;

    @Bean
    public TokenStore tokenStore() {
        return new JdbcTokenStore(dataSource);
    }

    @Bean
    public OAuth2AccessDeniedHandler oauthAccessDeniedHandler() {
        return new OAuth2AccessDeniedHandler();
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
        oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()")
                .passwordEncoder(oauthClientPasswordEncoder);
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.jdbc(dataSource);
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
        endpoints.tokenStore(tokenStore()).authenticationManager(authenticationManager)
                .userDetailsService(userDetailsService);
    }
}

@Configuration
@EnableWebSecurity
@Order(1)
@Import(Encoders.class)
public class ServerSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private PasswordEncoder userPasswordEncoder;

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(userPasswordEncoder);
    }
}

@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

    private static final String RESOURCE_ID = "resource-server-rest-api";
    private static final String SECURED_READ_SCOPE = "#oauth2.hasScope('read')";
    private static final String SECURED_WRITE_SCOPE = "#oauth2.hasScope('write')";
    private static final String SECURED_PATTERN = "/secured/**";

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.resourceId(RESOURCE_ID).stateless(false);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.requestMatchers().antMatchers(SECURED_PATTERN).and().authorizeRequests()
                .antMatchers(HttpMethod.GET, SECURED_PATTERN).access(SECURED_WRITE_SCOPE).anyRequest()
                .access(SECURED_READ_SCOPE);
    }

}

在控制器类下面:

@RestController
@RequestMapping("/secured")
public class CompanyController {

    @RequestMapping(value="/company",method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
    @ResponseStatus(value = HttpStatus.OK)
    @PreAuthorize("hasAuthority('COMPANY_READ')")
    public @ResponseBody
    String getAll() {
        return "Hello World!";
    }    
}

我的申请是指https://dzone.com/articles/secure-spring-rest-with-spring-security-and-oauth2。有人可以建议遇到资源服务器时出了什么问题吗?

0 个答案:

没有答案