Java spring oauth2:访问令牌isn';t在成功请求后响应
我尝试使用oauth2在RESTAPI上对用户进行身份验证。但在成功请求后,我没有得到访问令牌的响应 代码的一部分: 我的服务器配置:Java spring oauth2:访问令牌isn';t在成功请求后响应,java,spring,rest,spring-security,oauth-2.0,Java,Spring,Rest,Spring Security,Oauth 2.0,我尝试使用oauth2在RESTAPI上对用户进行身份验证。但在成功请求后,我没有得到访问令牌的响应 代码的一部分: 我的服务器配置: @Configuration @EnableResourceServer public class OAuth2ServerConfiguration { @Configuration @EnableAuthorizationServer protected static class OAuth2Config extends Autho
@Configuration
@EnableResourceServer
public class OAuth2ServerConfiguration {
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// @formatter:off
clients.inMemory()
.withClient("clientsecret")
.authorizedGrantTypes("password")
.authorities("USER")
.scopes("read")
.secret("12345")
.accessTokenValiditySeconds(60);
// @formatter:on
}
}
}
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder builder) throws Exception {
builder
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity security) throws Exception {
security.authorizeRequests()
.antMatchers(HttpMethod.GET, "/oauth/token")
.hasRole("USER")
.and().httpBasic().realmName("OAuth Server");
}
我的安全配置:
@Configuration
@EnableResourceServer
public class OAuth2ServerConfiguration {
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// @formatter:off
clients.inMemory()
.withClient("clientsecret")
.authorizedGrantTypes("password")
.authorities("USER")
.scopes("read")
.secret("12345")
.accessTokenValiditySeconds(60);
// @formatter:on
}
}
}
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder builder) throws Exception {
builder
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity security) throws Exception {
security.authorizeRequests()
.antMatchers(HttpMethod.GET, "/oauth/token")
.hasRole("USER")
.and().httpBasic().realmName("OAuth Server");
}
我的控制器:
@Path("/oauth")
@Produces(MediaType.APPLICATION_JSON)
public class TestController {
@GET
@Path("/token")
@Produces(MediaType.APPLICATION_JSON)
public Response testToken() {
return Response.status(200).entity("is working fine \n")
.header("Server", "Apache Tomcat/8.0.20")
.header("Content-Type", MediaType.APPLICATION_JSON)
.header("Connection", "Opened")
.type(MediaType.APPLICATION_JSON).build();
}
}
我的请求:
curl -X GET -k -vu user:password http://localhost:8080/test/oauth/token -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=password&scope=read&client_secret=12345&client_id=clientsecret"
我的回答是:
* Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
* Server auth using Basic with user 'user'
> GET /test/oauth/token HTTP/1.1
> Host: localhost:8080
> Authorization: Basic dXNlcjpwYXNzd29yZA==
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 73
>
* upload completely sent off: 73 out of 73 bytes
< HTTP/1.1 200 OK
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Set-Cookie: JSESSIONID=0D30F02C6F9A194786581A6C0EB20909; Path=/test/; HttpOnly
< Server: Apache Tomcat/8.0.20
< Connection: Opened
< Content-Type: application/json
< Transfer-Encoding: chunked
< Date: Thu, 10 Sep 2015 10:12:39 GMT
<
is working fine
* Connection #0 to host localhost left intact
*正在尝试::1。。。
*已连接到本地主机(::1)端口8080(#0)
*对用户“user”使用Basic进行服务器身份验证
>GET/test/oauth/token HTTP/1.1
>主机:本地主机:8080
>授权:基本dXNlcjpwYXNzd29yZA==
>用户代理:curl/7.43.0
>接受:*/*
>内容类型:application/x-www-form-urlencoded
>内容长度:73
>
*上传已完全发送:73个字节中的73个
我必须做什么才能看到access_令牌的响应。为什么我得到了json格式
谢谢你的回复。
干杯。要请求OAuth 2.0令牌,您必须向端点发送
请求,并在请求正文中包含用户名/通行证/授权类型。大概是这样的:
curl -u clientsecret:12345 -X POST http://localhost:8080/oauth/token -H "Accept:application/json" -d "username=user&password=password&grant_type=password"
我在你的请求中尝试了一下,但是得到了这样一个消息:username=user&password=password&grant\u type=password工作正常,而不是access\u令牌。当我在参数中输入错误的密码时,我会收到相同的响应。这正常吗?类似于:curl…-d“username=US&password=PASS&grant\u type=password”为什么要定义一个控制器来处理/oauth/token
?这些端点由spring-security-oauth2
自动公开。当我不使用控制器调用/oauth/token上的请求时,我得到了一个404错误。当我不使用testToken方法处理请求时,我没有得到任何响应。您可能在实现中出错,@EnableAuthorizationServer应该为您启用这些端点。我建议您阅读更多关于如何使用spring-oauth2的内容。检查此链接以查看AuthorizationServerConfigurerAdapter和ResourceServerConfigurerAdapter的示例