spring rest security oauth不支持授权类型

问题描述 投票:2回答:2

我正在努力尝试配置Spring rest安全性和oauth。有人可能会说我不需要oauth这个简单的项目,但我想练习它。

我想从端点获取刷新和访问令牌,但是我收到一个错误:不支持的授权类型:密码。我在互联网上搜索,但找不到我的具体问题的解决方案。

curl -u client:123456 http://localhost:8080/artwork/oauth/token -d 'grant_type=password&username=rest&password=rest' -X POST -H "Content-Type:application/x-www-form-urlencoded" -v

但是当我使用grant类型调用它时:client_credentials它会返回访问令牌,但正如我所提到的,我也需要刷新令牌。

它是az选项,我完全不了解整个oauth,但我正在阅读它。

@Autowired
private CustomUsersDetailService userDetailsService;

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication()
    .withUser("rest")  
        .password("rest")
        .roles("REST")
        .and()
    .withUser("historian") 
        .password("historian")
        .roles("HIS");
}

@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
}   

private static final String RESOURCE_ID = "restservice";

@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends
        ResourceServerConfigurerAdapter {

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {         
        resources
            .resourceId(RESOURCE_ID);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {         
        http
        .authorizeRequests().antMatchers("/oauth/token").permitAll()
        .and()
        .authorizeRequests().antMatchers("/**").access("hasRole('ROLE_HIS') or hasRole('ROLE_REST')");                          
    }

}

@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends
        AuthorizationServerConfigurerAdapter {

    private TokenStore tokenStore = new InMemoryTokenStore();

    @Autowired
    @Qualifier("authenticationManagerBean")
    private AuthenticationManager authenticationManager;

    @Autowired
    private CustomUsersDetailService userDetailsService;

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints)
            throws Exception {
        endpoints
            .tokenStore(this.tokenStore);

    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients
            .inMemory()
                .withClient("client")
                    .authorizedGrantTypes("password","refresh_token","client_credentials","authorization_code")
                    .authorities("ROLE_REST")
                    .scopes("read", "write")
                    .resourceIds(RESOURCE_ID)
                    .secret("123456");
    }

来自前端的代码,只是post方法:

 $scope.post = function() {

        var config = {
                 method: 'POST',
                 url: 'http://localhost:8080/artwork/oauth/token',
                 headers: {
                     'Content-Type': 'application/x-www-form-urlencoded',
                     'Authorization' : "Basic " + Base64.encode("client:123456")
                 },
                 params: {                      
                     grant_type: "password",
                     username: "rest",
                     password: "rest"
                 }
        }

        $http(config).success(onsuc).error(error);
    };

如果你看到任何东西,请告诉我。谢谢!

spring rest oauth
2个回答
2
投票

您可以定义应包含RefreshTokenGranter的复合标记granter。此示例可以帮助您。

@Configuration
@EnableAuthorizationServer
public class SecurityOauth2Config extends AuthorizationServerConfigurerAdapter  { 

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

        endpoints
            .tokenServices(authorizationServerTokenServices())
            .tokenStore(tokenStore())
            .tokenGranter(tokenGranter())
            .requestFactory(oAuth2RequestFactory())
            .setClientDetailsService(clientDetailsJdbcService());

    }


    @Bean
    public TokenGranter tokenGranter() {

        ClientDetailsService clientDetails = clientDetailsJdbcService();
        AuthorizationServerTokenServices tokenServices = authorizationServerTokenServices();
        AuthenticationManager authenticationManager = authenticationManagerOauth2User();

        OAuth2RequestFactory oAuth2RequestFactory = oAuth2RequestFactory();

        List<TokenGranter> tokenGranters = new ArrayList<TokenGranter>();

        tokenGranters.add(new RefreshTokenGranter(tokenServices, clientDetails, oAuth2RequestFactory));
        tokenGranters.add(new ImplicitTokenGranter(tokenServices, clientDetails, oAuth2RequestFactory));
        tokenGranters.add(new ClientCredentialsTokenGranter(tokenServices, clientDetails, oAuth2RequestFactory));

        tokenGranters.add(new ResourceOwnerPasswordTokenGranter(authenticationManager, tokenServices,
                    clientDetails, oAuth2RequestFactory));

        return new CompositeTokenGranter(tokenGranters);
    }
...
0
投票

要获取刷新令牌,您需要使用refresh_token grant type配置您的客户端。

@Override
        public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
            // TODO Auto-generated method stub
            clients.inMemory()
            .withClient("foo")
            .secret("{noop}bar")
            .authorizedGrantTypes("password", "authorization_code", "refresh_token","client_credentials")

            .authorities("ROLE_CLIENT","ROLE_TRUSTED_CLIENT")

            .scopes("read", "write","trust","openid")

            .accessTokenValiditySeconds(120).//Access token is only valid for 2 minutes.

            refreshTokenValiditySeconds(600);//Refresh token is only valid for 10 minutes.

        }

上面的代码是从another stackoverflow question中提取的

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.