Java Spring boot OAUTH2无法刷新\u令牌-需要UserDetailService

我正在使用SpringBootVersion1.4.3.RELEASE并尝试设置我的授权服务器

当访问令牌有效时，我在创建令牌或访问资源时没有问题，但是当它过期并且我尝试刷新它时，我得到了一个错误

{
  "error": "server_error",
  "error_description": "UserDetailsService is required."
}

这是我刷新访问令牌的请求

http://localhost:11134/oauth/token?grant_type=refresh_token&refresh_token=0d17dfee-1185-480d-af30-ba0f1e47831c&scope=read

刷新\u令牌是正确的

这是我的授权服务器

protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter implements EnvironmentAware {

            private static final String ENV_OAUTH = "security.oauth2.client.";
            private static final String PROP_CLIENTID = "client-id";
            private static final String PROP_SECRET = "client-secret";
            private static final String PROP_TOKEN_VALIDITY_SECONDS = "access-token-validity-seconds";
            private static final String PROP_REFRESH_TOKEN_VALIDITY_SECONDS = "refresh-token-validity-seconds";


            private RelaxedPropertyResolver propertyResolver;



            @Autowired
            private DataSource dataSource;

            @Bean
            public TokenStore tokenStore() {
                return new JdbcTokenStore(dataSource);
            }
            @Autowired
            private CustomUserDetailsService userDetailsService;

            @Autowired
            @Qualifier("authenticationManagerBean")
            private AuthenticationManager authenticationManager;

            @Override
            public void configure(AuthorizationServerEndpointsConfigurer endpoints)
                    throws Exception {
                endpoints
                        .tokenStore(tokenStore())
                        .authenticationManager(authenticationManager).userDetailsService(userDetailsService);
            }

            @Override
            public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
                clients
                        .inMemory()
                        .withClient(propertyResolver.getProperty(PROP_CLIENTID))
                        .scopes("read", "write", "trust")
                        .authorities(Authorities.ROLE_ADMIN.name(), Authorities.ROLE_USER.name())
                        .authorizedGrantTypes("password", "refresh_token")
                        .secret(propertyResolver.getProperty(PROP_SECRET))
                        .accessTokenValiditySeconds(propertyResolver.getProperty(PROP_TOKEN_VALIDITY_SECONDS, Integer.class))
                        .refreshTokenValiditySeconds(propertyResolver.getProperty(PROP_REFRESH_TOKEN_VALIDITY_SECONDS, Integer.class));
            }

            public void setEnvironment(Environment environment) {
                this.propertyResolver = new RelaxedPropertyResolver(environment, ENV_OAUTH);
            }


        }

这就是WebSecurity配置

@Configuration
     @EnableWebSecurity
//   @EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)

     public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

     @Autowired
        private UserDetailsService userDetailsService;

        @Bean
        public PasswordEncoder passwordEncoder() {
            return new StandardPasswordEncoder();
        }

        @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

            auth
                    .userDetailsService(userDetailsService)
                    .passwordEncoder(passwordEncoder());



        }
 @Override
        @Bean
        public AuthenticationManager authenticationManagerBean() throws Exception {
            return super.authenticationManagerBean();
        }


        }

如果有意思，这是

CustomUserDetailService

@Component("userDetailsService")
public class CustomUserDetailsService implements org.springframework.security.core.userdetails.UserDetailsService {

    private final Logger log = LoggerFactory.getLogger(UserDetailsService.class);

    @Autowired
    private UserRepository userRepository;

    @Override
    @Transactional
    public UserDetails loadUserByUsername(final String login) {

        log.debug("Authenticating {}", login);
        String lowercaseLogin = login.toLowerCase();

        User userFromDatabase;
            userFromDatabase = userRepository.findByUsernameCaseInsensitive(lowercaseLogin);



        Collection<GrantedAuthority> grantedAuthorities = new ArrayList<>();
        for (Authority authority : userFromDatabase.getAuthorities()) {
            GrantedAuthority grantedAuthority = new SimpleGrantedAuthority(authority.getName());
            grantedAuthorities.add(grantedAuthority);
        }

        return new org.springframework.security.core.userdetails.User(userFromDatabase.getUsername(), userFromDatabase.getPassword(), grantedAuthorities);

    }

}

@组件（“userDetailsService”）
公共类CustomUserDetailsService实现org.springframework.security.core.userdetails.UserDetailsService{
私有最终记录器log=LoggerFactory.getLogger（UserDetailsService.class）；
@自动连线
私有用户存储库用户存储库；
@凌驾
@交易的
public UserDetails loadUserByUsername（最终字符串登录）{
调试（“验证{}”，登录）；
String lowercaseLogin=login.toLowerCase（）；
用户数据库；
userFromDatabase=userRepository.FindByUserNameCaseSensitive（小写字母）；
Collection GrantedAuthories=new ArrayList（）；
for（权限：userFromDatabase.getAuthorities（））{
GrantedAuthority GrantedAuthority=新的SimpleGrantedAuthority（authority.getName（））；
授权权限。添加（授权权限）；
}
返回新的org.springframework.security.core.userdetails.User（userFromDatabase.getUsername（），userFromDatabase.getPassword（），grantedAuthories）；
}
}

您收到带有访问令牌的刷新令牌了吗？当然，我用它来刷新访问令牌了\u令牌请添加请求（例如curl）您发布了刷新访问令牌的消息了吗添加了，谢谢，我用Postmani发出请求，我想，您必须将授权发送到服务器。在没有任何授权的情况下，您可以访问授权服务器。尝试类似于：curl-v--data“grant\u type=refresh\u-token&refresh\u-token=refresh\u-token”-H“Authorization:basic”。如果您没有在base64中转换clientId和secret，请添加以下内容：curl-v--data“grant\u type=refresh\u token&client\u id=yourclientid&client\u secret=youclientsceret&refresh\u token=refresh\u token”