获取 token0 时出现错误
Handling error: InsufficientAuthenticationException, There is no client authentication. Try adding an appropriate authentication filter.
我可以从 http://localhost:8080/oauth/authorize?response_type=code&client_id=a&redirect_uri=http://localhost:8080/callback&scope=email profile openid&state=12 获取代码 我去邮递员中获取令牌,它显示错误 { “错误”:“未经授权”, "error_description": "没有客户端身份验证。尝试添加适当的身份验证过滤器。" }
这是配置
@Configuration
@EnableWebSecurity
@Order(-1)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/oauth/**","/login/**","/auth/get-token").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().permitAll()
.and()
// .addFilterBefore(customHeaderFilter, UsernamePasswordAuthenticationFilter.class)
.logout().permitAll()
.and()
.csrf().disable();
// .httpBasic();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password(passwordEncoder().encode("user")).roles("USER")
.and().withUser("admin").password(passwordEncoder().encode("admin")).roles("ADMIN");
}
}
@EnableAuthorizationServer
@Configuration
public class AuthServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient("a")
.secret(passwordEncoder.encode("qwe"))
.authorizedGrantTypes("authorization_code")
.scopes("email","profile","openid").autoApprove(true)
.redirectUris("http://localhost:8080/callback");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.tokenStore( new InMemoryTokenStore())
// .authenticationManager(authenticationManager)
// .userDetailsService()
.allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security
.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()")
.allowFormAuthenticationForClients();
}
}
我不知道原因。通过升级 spring-security-oauth2 并更改配置解决了问题
父母是同一个
pom 之前
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.5.7</version>
</dependency>
</dependencies>
现在pom
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<!--security-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.5.2.RELEASE</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.6.0</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
</dependencies>
安全方面
之前
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/oauth/**","/login/**","/auth/get-token").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().permitAll()
.and()
// .addFilterBefore(customHeaderFilter, UsernamePasswordAuthenticationFilter.class)
.logout().permitAll()
.and()
.httpBasic()
.and()
.csrf().disable()
;
// .httpBasic();
}
现在
@Override
public void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic()
.and()
.csrf()
.disable()
.formLogin().permitAll()
.and()
.logout().permitAll()
.and()
.cors().disable();
}