Java Spring oauth2/oauth/token无效凭据_Java_Spring_Spring Boot_Oauth_Oauth 2.0

Java Spring oauth2/oauth/token无效凭据

java spring spring-boot oauth oauth-2.0

Java Spring oauth2/oauth/token无效凭据,java,spring,spring-boot,oauth,oauth-2.0,Java,Spring,Spring Boot,Oauth,Oauth 2.0,这是我的Application.java @SpringBootApplication @RestController @EnableResourceServer @EnableAuthorizationServer public class Application { @RequestMapping(value = { "/user" }, produces = "application/json") public Map<String, Object> user

这是我的Application.java

@SpringBootApplication
@RestController
@EnableResourceServer
@EnableAuthorizationServer
public class Application {

    @RequestMapping(value = { "/user" }, produces = "application/json")
    public Map<String, Object> user(OAuth2Authentication user) {
        Map<String, Object> userInfo = new HashMap<>();
        userInfo.put("user", user.getUserAuthentication().getPrincipal());
        userInfo.put("authorities", AuthorityUtils.authorityListToSet(user.getUserAuthentication().getAuthorities()));
        return userInfo;
    }


    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }


}

我的Oauth2Config

@Configuration
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                .withClient("eagleeye")
                .secret("thisissecret")
                .authorizedGrantTypes("refresh_token", "password", "client_credentials")
                .scopes("webclient", "mobileclient");
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints
                .authenticationManager(authenticationManager)
                .userDetailsService(userDetailsService);
    }
}

我试图通过邮递员检索访问令牌，但是，此错误不断出现

 {
  "timestamp": 1491436452371,
  "status": 401,
  "error": "Unauthorized",
  "message": "Bad credentials",
  "path": "/oauth/token/"
}

这些是我通过邮递员传递的价值观

正如您所能看到的，我正在传递正确的值，因此我怀疑是凭据导致了错误

我同意Luke Bajada的观点。我也遇到了同样的问题，我必须做的修复是添加@ComponentScan注释，并通过添加依赖项将此模块导入父模块。您应该加密客户端机密thisissecret

@Autowired
private PasswordEncoder passwordEncoder;

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients.inMemory()
            .withClient("eagleeye")
            //.secret("thisissecret")
            .secret(passwordEncoder.encode("thisissecrete"))
            .authorizedGrantTypes("refresh_token", "password", "client_credentials")
            .scopes("webclient", "mobileclient");
}

出现错误是因为BCryptPasswordEncoderorg.springframework.security.crypto.bcrypt.BCryptPasswordEncoder

如果您的客户端密码未加密，将引发以下异常

编码的密码看起来不像BCrypt

我已经尝试了你完全相同的代码，一切都很好。您确定组件扫描正在提取OAuth2Config类吗？@user962206:您找到解决方案了吗？

@Autowired
private PasswordEncoder passwordEncoder;

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients.inMemory()
            .withClient("eagleeye")
            //.secret("thisissecret")
            .secret(passwordEncoder.encode("thisissecrete"))
            .authorizedGrantTypes("refresh_token", "password", "client_credentials")
            .scopes("webclient", "mobileclient");
}

public boolean matches(CharSequence rawPassword, String encodedPassword) {
    if (encodedPassword == null || encodedPassword.length() == 0) {
        logger.warn("Empty encoded password");
        return false;
    }
    if (!BCRYPT_PATTERN.matcher(encodedPassword).matches()) {
        logger.warn("Encoded password does not look like BCrypt");
        return false;
    }

    return BCrypt.checkpw(rawPassword.toString(), encodedPassword);
}

if (!BCRYPT_PATTERN.matcher(encodedPassword).matches())