Spring Oauth2验证客户端更多次

时间:2020-01-15 13:36:08

标签: spring spring-security oauth-2.0 spring-security-oauth2

当我使用正确的客户端凭据访问api http://localhost:8083/oauth/token(granttype密码)时,我正在尝试生成令牌,它将对客户端进行4次身份验证,然后检查用户。再次验证用户身份,再次对客户端进行2次检查。

如果我输入了错误的客户凭证,它会检查一次。

AuthServerConfig: 

@Configuration
@EnableAuthorizationServer
public class AuthServerConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired private AuthenticationManager authenticationManager;
    @Autowired private TokenStore tokenStore;
    @Autowired(required = false) private JwtAccessTokenConverter accessTokenConverter;

    @Bean
    public MongoClientDetailsService clientDetailsService() {
        return new MongoClientDetailsService();
    }



    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.withClientDetails(clientDetailsService());
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints
                .tokenServices(tokenServices())
                .authenticationManager(authenticationManager);
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
        oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
        oauthServer.allowFormAuthenticationForClients();
    }

    @Primary
    @Bean
    public DefaultTokenServices tokenServices() {

          DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
            defaultTokenServices.setTokenStore(tokenStore);
            defaultTokenServices.setSupportRefreshToken(true);
            defaultTokenServices.setTokenEnhancer(accessTokenConverter);
           defaultTokenServices.setClientDetailsService(clientDetailsService());
           return defaultTokenServices;
    }
}

AuthServerSecurityConfig: 

@Configuration
public class AuthServerSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    @Bean
    protected UserDetailsService userDetailsService() {
        return new MongoUserDetailsService();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().ignoringAntMatchers("/oauth/token/");
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        super.configure(web);
    }

    @Bean(name="authenticationManager")
    @Lazy
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public PasswordEncoder  passwordEncoder() {
        return NoOpPasswordEncoder.getInstance();
    }
}

0 个答案:

没有答案
相关问题
最新问题