Spring OAuth2服务器,无法验证令牌

时间:2020-03-19 13:00:56

标签: spring spring-boot oauth-2.0 spring-security-oauth2

我从spring boot oauth2服务器生成JWT令牌,但是当我想使用'http://auth_server/oauth/check_token'端点验证此jwt令牌时,我向授权端点中的jwt发送该端点的发布请求,并得到 401-未经授权的http错误代码

我从服务器获得的结果:

{
    "timestamp": "2020-03-19T16:28:39.999+0000",
    "status": 401,
    "error": "Unauthorized",
    "message": "Unauthorized",
    "path": "/oauth/check_token"
}

为什么oauth服务器返回401?

这是我对oauth服务器的实现:

    @Configuration
    @EnableAuthorizationServer
    public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

        @Autowired
        @Qualifier("authenticationManagerBean")
        private AuthenticationManager authenticationManager;

        @Autowired
        private ClientDetailsServiceImpl clientDetailsService;

        private String privateKey = "private key";

        @Value("${jwt.accessTokenValidititySeconds:43200}") // 12 hours
        private int accessTokenValiditySeconds;

        @Value("${jwt.authorizedGrantTypes: authorization_code}")
        private String[] authorizedGrantTypes;

        @Value("${jwt.refreshTokenValiditySeconds:2592000}") // 30 days
        private int refreshTokenValiditySeconds;

        @Override
        public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
                clients.withClientDetails(clientDetailsService);
        }

        @Override
        public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {      
            TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
            tokenEnhancerChain.setTokenEnhancers(
              Arrays.asList(tokenEnhancer(), accessTokenConverter()));

            endpoints.tokenStore(tokenStore())
            .accessTokenConverter(accessTokenConverter())
            .authenticationManager(authenticationManager);
        }

        @Override
        public void configure(final AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
            oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()").allowFormAuthenticationForClients();
        }


        @Bean
        public JwtAccessTokenConverter accessTokenConverter() {
           JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
           converter.setSigningKey(privateKey);
           return converter;
        }


        @Bean
        public TokenStore tokenStore() {
            return new JwtTokenStore(accessTokenConverter());
        }

        @Bean
        public TokenEnhancer tokenEnhancer() {
            return new CustomTokenEnhancer();
        }

        @Bean
        PasswordEncoder passwordEncoder() {
            return PasswordEncoderFactories.createDelegatingPasswordEncoder();
        }

    }

1 个答案:

答案 0 :(得分:1)

最后,我发现应该将GET中的http://server.com/oauth/check_token?token=[access_token]client name的{​​{1}}请求发送到password来检查访问令牌的有效性。下面是邮递员示例:

enter image description here

相关问题
最新问题