我正在创建一个带有密码授权的授权服务器。 下面是配置:
@Configuration
@EnableWebSecurity
public class AuthorisationServerConfig {
private final RSAProperties rsaProperties;
AuthorisationServerConfig(final RSAProperties rsaProperties){
this.rsaProperties=rsaProperties;
}
@Bean
public RegisteredClientRepository registeredClientRepository() {
RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
.clientId("client")
.clientSecret("{noop}secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
.authorizationGrantType(AuthorizationGrantType.PASSWORD)
.scope("read")
.build();
return new InMemoryRegisteredClientRepository(registeredClient);
}
@Bean
public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity httpSecurity) throws Exception {
//@formatter:off
httpSecurity
.authorizeHttpRequests(ar->ar.anyRequest().authenticated())
.csrf().disable()
.httpBasic();
//@formatter:on
return httpSecurity.build();
}
private static KeyPair generateRsaKey() throws NoSuchAlgorithmException {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
return keyPairGenerator.generateKeyPair();
}
@Bean
public AuthorizationServerSettings providerSettings() {
return AuthorizationServerSettings.builder()
.issuer("http://localhost:9090")
.build();
}
@Bean
public JWKSource<SecurityContext> jwkSource() {
RSAKey rsaKey = new RSAKey.Builder(rsaProperties.publicKey()).privateKey(rsaProperties.privateKey()).build();
JWKSet jwkSet = new JWKSet(rsaKey);
return (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);
}
@Bean
public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
}
@Bean
public UserDetailsService users() {
UserDetails user = User.withDefaultPasswordEncoder()
.username("admin")
.password("password")
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user);
}
}
我启用了调试日志,可以看到用户正在通过身份验证,但我收到令牌端点的 404。
oauth/token?grant_type=password&username=admin&password=password&scope=read
以下是日志:
o.s.security.web.FilterChainProxy : Securing POST /oauth/token?grant_type=password&username=admin&password=password&scope=read
o.s.s.a.dao.DaoAuthenticationProvider : Authenticated user
o.s.s.w.a.www.BasicAuthenticationFilter : Set SecurityContextHolder to UsernamePasswordAuthenticationToken [Principal=org.springframework.security.core.userdetails.User [Username=admin, Password=[PROTECTED], Enabled=true, AccountNonExpired=true, credentialsNonExpired=true, AccountNonLocked=true, Granted Authorities=[ROLE_USER]]
o.s.security.web.FilterChainProxy : Secured POST /oauth/token?grant_type=password&username=admin&password=password&scope=read
o.s.security.web.FilterChainProxy : Securing POST /error?grant_type=password&username=admin&password=password&scope=read
o.s.security.web.FilterChainProxy : Secured POST /error?grant_type=password&username=admin&password=password&scope=read
以下是依赖项详细信息:
plugins {
java
id("org.springframework.boot") version "3.0.1"
id("io.spring.dependency-management") version "1.1.0"
}
dependencies {
implementation("org.springframework.boot:spring-boot-starter")
implementation("org.springframework.security:spring-security-oauth2-authorization-server:1.0.0")
// https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-autoconfigure-processor
implementation("org.springframework.boot:spring-boot-autoconfigure-processor")
testImplementation("org.springframework.boot:spring-boot-starter-test")
}