如何使用OAuth2安全性在资源服务器中配置资源ID

时间:2019-08-27 10:25:12

标签: spring spring-boot oauth-2.0 spring-security-oauth2 spring-security-rest

我正在尝试创建授权服务器和资源服务器。 尝试从授权服务器获取访问令牌时,其工作方式和获取访问令牌的详细信息如下。

  File "C:\Users\m.seifikar\PycharmProjects\firmfile\venv\lib\site-packages\keras_preprocessing\image\iterator.py", line 104, in __next__
    return self.next(*args, **kwargs)
  File "C:\Users\m.seifikar\PycharmProjects\firmfile\venv\lib\site-packages\keras_preprocessing\image\iterator.py", line 116, in next
    return self._get_batches_of_transformed_samples(index_array)
  File "C:\Users\m.seifikar\PycharmProjects\firmfile\venv\lib\site-packages\keras_preprocessing\image\iterator.py", line 230, in _get_batches_of_transformed_samples
    interpolation=self.interpolation)
  File "C:\Users\m.seifikar\PycharmProjects\firmfile\venv\lib\site-packages\keras_preprocessing\image\utils.py", line 119, in load_img
    img = img.convert('RGB')
  File "C:\Users\m.seifikar\PycharmProjects\firmfile\venv\lib\site-packages\PIL\Image.py", line 912, in convert
    self.load()
  File "C:\Users\m.seifikar\PycharmProjects\firmfile\venv\lib\site-packages\PIL\TiffImagePlugin.py", line 1077, in load
    return self._load_libtiff()
  File "C:\Users\m.seifikar\PycharmProjects\firmfile\venv\lib\site-packages\PIL\TiffImagePlugin.py", line 1168, in _load_libtiff
    raise IOError(err)
OSError: -9
尝试访问一项服务时,带有access_token的

(已配置资源服务器) 得到回应。 但是在数据库的oauth_client_details表resource_ids列中,资源ID = RESOURCE_ID1,在资源服务器中,我提供了资源ID = RESOURCE_ID11 认真核实。通过返回的数据,应该赋予权限例外。

我的示例代码片段如下:

{
    "access_token": "5ffbc2d7-2a27-4f08-921f-f7de2410b5f5",
    "token_type": "bearer",
    "refresh_token": "d0fb85b3-52e0-45e0-84dc-ed38d55176a6",
    "expires_in": 599,
    "scope": "READ",
    "authorities": [
        {
            "authority": "delete_profile"
        },
        {
            "authority": "update_profile"
        },
        {
            "authority": "read_profile"
        },
        {
            "authority": "create_profile"
        },
        {
            "authority": "ROLE_admin"
        }
    ],
    "resource_ids": [
        "RESOURCE_ID1"
    ]
}

}

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private DataSource dataSource;
    @Autowired
    private PasswordEncoder passwordEncoder;
    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private ClientDetailsService clientDetailsService;

    @Autowired
    @Qualifier("authenticationManagerBean")
    private AuthenticationManager authenticationManager;


    @Bean
    TokenStore jdbcTokenStore() {
        return new JdbcTokenStore(dataSource);
    }
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.jdbc(dataSource).passwordEncoder(passwordEncoder);

    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");

    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.tokenStore(jdbcTokenStore())
        .tokenEnhancer(tokenEnhancer())
        .authenticationManager(authenticationManager)
        .userDetailsService(userDetailsService)
        ;
    }

    @Bean
    public TokenEnhancer tokenEnhancer() {
        return new CustomTokenEnhancer();
    }

DB数据理解:

@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)

public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

    private static final String RESOURCE_ID = "RESOURCE_ID11"; // resource id is defferent to DB oauth_client_details resource id

    @Autowired
    private DataSource dataSource;

    @Bean
    public JdbcTokenStore tokenStore() {
        return new JdbcTokenStore(dataSource);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/").permitAll().antMatchers("/api/**").authenticated();
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.resourceId(RESOURCE_ID).tokenStore(tokenStore());
    }

}

0 个答案:

没有答案