我正在内存授权服务器中构建简单的密码授予类型,以进行演示,然后与我现有的Web应用程序集成。
不确定我是否缺少任何配置。
也尝试使用base64 url,表单数据和其他选项,但仍从服务器获得相同的响应。
spring boot基本安全性已通过management.security.enabled = false
禁用授权服务器
@Configuration
@EnableAuthorizationServer
@EnableAutoConfiguration
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private TokenStore tokenStore;
@Override
public void configure (AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authenticationManager (authenticationManager)
.tokenStore (tokenStore);
}
@Bean
public TokenStore tokenStore () {
return new InMemoryTokenStore ();
}
@Bean
public PasswordEncoder passwordEncoder () {
return new BCryptPasswordEncoder ();
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient("java-client").secret(passwordEncoder (). encode ("java-secret"))
.authorities ("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT", "USER")
.autoApprove (true)
.authorizedGrantTypes("authorization_code", "refresh_token", "password").scopes("read", "write");
}
}
// Security Config
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception { // @formatter:off
http.authorizeRequests()
.antMatchers("**").permitAll();
} // @formatter:on
@Bean
public BCryptPasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
}
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.allowFormAuthenticationForClients();
}
}
答案 0 :(得分:0)
该错误基本上意味着您访问受身份验证保护的资源,并且未正确提供用户名/密码。如果您访问webbrwoser上的URL,将要求您输入用户名和密码。另外,如果您使用curl,则可以在请求上添加用户名和密码。
用户名:password @ your_url,或使用“基本”添加授权标头。