OAuth2-Autoconfigure:没有客户端身份验证。尝试添加适当的身份验证过滤器

时间:2020-04-07 11:32:34

标签: java spring-boot oauth-2.0

我知道在stackoverflow上也有类似的问题,但是没有一个问题对我有帮助。我根据建议为web.ignoring添加了/oauth/**,但仍然无法正常工作。

当我尝试访问:/oauth/token?grant_type=password&password=123456&username=admin(当然,我添加具有适当的客户端ID和密钥的Basic auth)时,我收到以下错误消息:

{
    "error": "unauthorized",
    "error_description": "There is no client authentication. Try adding an appropriate authentication filter."
}

现在可能会发生什么?

我对Spring Boot的oauth中断多么容易感到失望。就像彩票一样,您关闭计算机,然后在第二天从无到有中断(无需更改代码)。有更好的方法吗?

我在TokenEndPoint.postAccessToken处设置了一个断点,并且Principal似乎为空。

由于可能发生任何故障,因此我将项目上传到了GitHub:https://github.com/Warrolen/stackoverflow-question/tree/master/forum

enter image description here

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(jsr250Enabled = true)
@Order(Ordered.HIGHEST_PRECEDENCE)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    @Qualifier("userDetailsService")
    private UserDetailsServiceImpl userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .userDetailsService(userDetailsService)
                .passwordEncoder(bCryptPasswordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .authorizeRequests()
                .antMatchers("/api/topics/**").permitAll()
                .antMatchers("/api/users/**").permitAll()
                .anyRequest().authenticated()
                .and()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web
                .ignoring()
                .antMatchers("/webjars/**", "/oauth/**");
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }

}

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private BCryptPasswordEncoder bCryptPasswordEncoder;

    @Autowired
    private TokenStore tokenStore;

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private UserDetailsServiceImpl userDetailsService;

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients
                .inMemory()
                .withClient("trusted")
                .secret(bCryptPasswordEncoder.encode("secret"))
                .authorizedGrantTypes("password", "authorization_code", "refresh_token")
                .autoApprove(true)
                .scopes("read", "write")
                .accessTokenValiditySeconds(15 * 60)
                .refreshTokenValiditySeconds(30 * 60);
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints
                .tokenStore(tokenStore)
                .authenticationManager(authenticationManager)
                .userDetailsService(userDetailsService);
    }

    @Bean
    public TokenStore tokenStore() {
        return new InMemoryTokenStore();
    }

}

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

}

0 个答案:

没有答案