Java 数据库中的oauth2客户端出现未经授权的错误
我的应用程序中出现错误“未经授权”。我正在使用Spring安全性和oauth2。我的客户机和用户存储在数据库中。当我开始使用数据库中的客户端时,PostMan中出现了401错误。客户端正在数据库中保存,但当我想从localhost:8080/oauth/token获取令牌访问权限时,仍然出现错误。以下是我的资料来源: 授权服务器配置: 公共类AuthorizationServerConfig扩展AuthorizationServerConfigurerAdapter{Java 数据库中的oauth2客户端出现未经授权的错误,java,oauth-2.0,Java,Oauth 2.0,我的应用程序中出现错误“未经授权”。我正在使用Spring安全性和oauth2。我的客户机和用户存储在数据库中。当我开始使用数据库中的客户端时,PostMan中出现了401错误。客户端正在数据库中保存,但当我想从localhost:8080/oauth/token获取令牌访问权限时,仍然出现错误。以下是我的资料来源: 授权服务器配置: 公共类AuthorizationServerConfig扩展AuthorizationServerConfigurerAdapter{ @Autowired pr
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private TokenStore tokenStore;
private CustomClientDetailsService customClientDetailsService;
@Bean
PasswordEncoder passwordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.withClientDetails(customClientDetailsService);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.tokenStore(tokenStore)
.authenticationManager(authenticationManager);
}
final static Logger log = LoggerFactory.getLogger(CustomClientDetailsService.class);
private static final long serialVersionUID = 6602529451366778198L;
private Clients clients;
public CustomClientDetails(final Clients clients){
this.clients = clients;
}
@Override
public String getClientId() {
return clients.getClientId();
}
@Override
public Set<String> getResourceIds() {
final Set<String> resourcesIds = new HashSet<String>();
resourcesIds.add(clients.getResourceIds());
return resourcesIds;
}
@Override
public boolean isSecretRequired() {
return true;
}
@Override
public String getClientSecret() {
return clients.getClientSecret();
}
@Override
public boolean isScoped() {
return true;
}
@Override
public Set<String> getScope() {
final Set<String> scopes = new HashSet<String>();
scopes.add(clients.getScope());
return scopes;
}
@Override
public Set<String> getAuthorizedGrantTypes() {
final Set<String> authorizedGrantTypes = new HashSet<String>();
authorizedGrantTypes.add(clients.getAuthorizedGrantTypes());
return authorizedGrantTypes;
}
@Override
public Set<String> getRegisteredRedirectUri() {
final Set<String> registeredRedirectUris = new HashSet<String>();
registeredRedirectUris.add(clients.getWebServerRedirectUri());
return registeredRedirectUris;
}
@Override
public Collection<GrantedAuthority> getAuthorities() {
final Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority(clients.getAuthorities()));
return authorities;
}
@Override
public Integer getAccessTokenValiditySeconds() {
return clients.getAccessTokenValidity();
}
@Override
public Integer getRefreshTokenValiditySeconds() {
return clients.getRefreshTokenValidity();
}
@Override
public boolean isAutoApprove(String s) {
return false;
}
@Override
public Map<String, Object> getAdditionalInformation() {
final Set<String> additionalInformation = new HashSet<String>();
additionalInformation.add(clients.getAdditionalInformation());
return null;
}
}在“/oauth/token”处“未经授权”可能意味着您没有在请求头中提供
HTTP Basic Authoauth\u client\u detailsclient\u idclient\u secret客户id客户机密在
usernameclient\u idpasswordclient\u secret好的,您配置了client\u id和client\u secret了吗,因为我在您的代码中没有看到:)cilent\u id和client\u secret存储在数据库中client\u secret可能必须在哈希中m、 如果您将日志记录级别设置为debug甚至trace,那么日志中是否有有用的内容?
@Autowired
private ClientsRepository clientsRepository;
@Autowired
private CustomClientDetails customClientDetails;
@Override
public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
Clients client = clientsRepository.findByClientId(clientId);
final CustomClientDetails customClientDetails = new CustomClientDetails(client);
return customClientDetails;
}