没有客户端身份验证。尝试添加适当的身份验证过滤器

问题描述 投票:0回答:1

获取 token0 时出现错误

 Handling error: InsufficientAuthenticationException, There is no client authentication. Try adding an appropriate authentication filter.

我可以从 http://localhost:8080/oauth/authorize?response_type=code&client_id=a&redirect_uri=http://localhost:8080/callback&scope=email profile openid&state=12 获取代码 我去邮递员中获取令牌,它显示错误 { “错误”:“未经授权”, "error_description": "没有客户端身份验证。尝试添加适当的身份验证过滤器。" }

这是配置

@Configuration
@EnableWebSecurity
@Order(-1)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/oauth/**","/login/**","/auth/get-token").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin().permitAll()
                .and()
              //  .addFilterBefore(customHeaderFilter, UsernamePasswordAuthenticationFilter.class)
                .logout().permitAll()
                .and()
                .csrf().disable();
//                .httpBasic();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
       auth.inMemoryAuthentication()
               .withUser("user").password(passwordEncoder().encode("user")).roles("USER")
               .and().withUser("admin").password(passwordEncoder().encode("admin")).roles("ADMIN");
    }



}


@EnableAuthorizationServer
@Configuration
public class AuthServerConfig extends AuthorizationServerConfigurerAdapter {


   @Autowired
   private PasswordEncoder passwordEncoder;

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

        clients
                    .inMemory()
                    .withClient("a")
                    .secret(passwordEncoder.encode("qwe"))
                    .authorizedGrantTypes("authorization_code")
                    .scopes("email","profile","openid").autoApprove(true)
                    .redirectUris("http://localhost:8080/callback");
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints
                .tokenStore( new InMemoryTokenStore())
//                .authenticationManager(authenticationManager)
//                .userDetailsService()
                .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);

    }


    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security
                .tokenKeyAccess("permitAll()")
                .checkTokenAccess("isAuthenticated()")
                .allowFormAuthenticationForClients();
    }


}
spring-security oauth-2.0 spring-security-oauth2
1个回答
0
投票

我不知道原因。通过升级 spring-security-oauth2 并更改配置解决了问题

父母是同一个

pom 之前

 <dependencies>
    <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <version>3.8.1</version>
      <scope>test</scope>
    </dependency>
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-oauth2-client</artifactId>
    </dependency>

    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
      <groupId>org.springframework.security.oauth.boot</groupId>
      <artifactId>spring-security-oauth2-autoconfigure</artifactId>
      <version>2.5.7</version>
    </dependency>
  </dependencies>

现在pom

  <dependencies>
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-web</artifactId>
    </dependency>

    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-tomcat</artifactId>
      <scope>provided</scope>
    </dependency>
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-test</artifactId>
      <scope>test</scope>
    </dependency>
    <!--security-->
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
      <groupId>org.springframework.security.oauth</groupId>
      <artifactId>spring-security-oauth2</artifactId>
      <version>2.5.2.RELEASE</version>
    </dependency>
    <dependency>
      <groupId>io.jsonwebtoken</groupId>
      <artifactId>jjwt</artifactId>
      <version>0.6.0</version>
    </dependency>

    <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <version>3.8.1</version>
      <scope>test</scope>
    </dependency>
  </dependencies>

安全方面

之前

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/oauth/**","/login/**","/auth/get-token").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin().permitAll()
                .and()
              //  .addFilterBefore(customHeaderFilter, UsernamePasswordAuthenticationFilter.class)
                .logout().permitAll()
                .and()
                .httpBasic()
                .and()
                .csrf().disable()

                        ;
//                .httpBasic();
    }

现在

    @Override
    public void configure(HttpSecurity http) throws Exception {
            http
                .authorizeRequests()
                .anyRequest().authenticated()
                .and()
                .httpBasic()
                .and()
                .csrf()
                .disable()
                .formLogin().permitAll()
                .and()
                .logout().permitAll()
                .and()
                .cors().disable();
    }
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.