Java Spring oauth2/oauth/token无效凭据
这是我的Application.javaJava Spring oauth2/oauth/token无效凭据,java,spring,spring-boot,oauth,oauth-2.0,Java,Spring,Spring Boot,Oauth,Oauth 2.0,这是我的Application.java @SpringBootApplication @RestController @EnableResourceServer @EnableAuthorizationServer public class Application { @RequestMapping(value = { "/user" }, produces = "application/json") public Map<String, Object> user
@SpringBootApplication
@RestController
@EnableResourceServer
@EnableAuthorizationServer
public class Application {
@RequestMapping(value = { "/user" }, produces = "application/json")
public Map<String, Object> user(OAuth2Authentication user) {
Map<String, Object> userInfo = new HashMap<>();
userInfo.put("user", user.getUserAuthentication().getPrincipal());
userInfo.put("authorities", AuthorityUtils.authorityListToSet(user.getUserAuthentication().getAuthorities()));
return userInfo;
}
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
我的Oauth2Config
@Configuration
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private UserDetailsService userDetailsService;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("eagleeye")
.secret("thisissecret")
.authorizedGrantTypes("refresh_token", "password", "client_credentials")
.scopes("webclient", "mobileclient");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService);
}
}
我试图通过邮递员检索访问令牌,但是,此错误不断出现
{
"timestamp": 1491436452371,
"status": 401,
"error": "Unauthorized",
"message": "Bad credentials",
"path": "/oauth/token/"
}
这些是我通过邮递员传递的价值观
正如您所能看到的,我正在传递正确的值,因此我怀疑是凭据导致了错误我同意Luke Bajada的观点。我也遇到了同样的问题,我必须做的修复是添加@ComponentScan注释,并通过添加依赖项将此模块导入父模块。您应该加密客户端机密thisissecret
@Autowired
private PasswordEncoder passwordEncoder;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("eagleeye")
//.secret("thisissecret")
.secret(passwordEncoder.encode("thisissecrete"))
.authorizedGrantTypes("refresh_token", "password", "client_credentials")
.scopes("webclient", "mobileclient");
}
出现错误是因为BCryptPasswordEncoderorg.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
如果您的客户端密码未加密,将引发以下异常
编码的密码看起来不像BCrypt
我已经尝试了你完全相同的代码,一切都很好。您确定组件扫描正在提取OAuth2Config类吗?@user962206:您找到解决方案了吗?
@Autowired
private PasswordEncoder passwordEncoder;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("eagleeye")
//.secret("thisissecret")
.secret(passwordEncoder.encode("thisissecrete"))
.authorizedGrantTypes("refresh_token", "password", "client_credentials")
.scopes("webclient", "mobileclient");
}
public boolean matches(CharSequence rawPassword, String encodedPassword) {
if (encodedPassword == null || encodedPassword.length() == 0) {
logger.warn("Empty encoded password");
return false;
}
if (!BCRYPT_PATTERN.matcher(encodedPassword).matches()) {
logger.warn("Encoded password does not look like BCrypt");
return false;
}
return BCrypt.checkpw(rawPassword.toString(), encodedPassword);
}
if (!BCRYPT_PATTERN.matcher(encodedPassword).matches())