Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/spring/12.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java Spring Security OAuth2 InvalidGrantException_Java_Spring_Spring Boot_Spring Security Oauth2 - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java Spring Security OAuth2 InvalidGrantException

Java Spring Security OAuth2 InvalidGrantException

java spring spring-boot

Java Spring Security OAuth2 InvalidGrantException,java,spring,spring-boot,spring-security-oauth2,Java,Spring,Spring Boot,Spring Security Oauth2,我已经使用该框架成功地创建了一个web服务。现在,我想用OAuth2(使用spring)保护我的web服务,并有一些关于这方面的问题: 根据我的研究,spring提供了某种默认url来请求访问令牌(baseURL/oauth/token)。我已经使用postman测试了URL,并返回了一个有效的访问令牌(使用client_credentials grant类型),但没有刷新令牌。但是,此方法不适用于grant_type=password,并导致以下错误响应: {“错误”:“授权无效”,“错误描述

我已经使用该框架成功地创建了一个web服务。现在,我想用OAuth2(使用spring)保护我的web服务,并有一些关于这方面的问题:

根据我的研究,spring提供了某种默认url来请求访问令牌(
baseURL/oauth/token
)。我已经使用postman测试了URL,并返回了一个有效的访问令牌(使用client_credentials grant类型),但没有刷新令牌。但是,此方法不适用于
grant_type=password
,并导致以下错误响应:

{“错误”:“授权无效”,“错误描述”:“凭据错误”}

我的spring应用程序日志
InvalidGrantException

我用来测试
grant\u type=password
的curl如下:

curl -v -X POST -H "Content-Type: application/json" -H "Authorization: Basic base64encodedclientidandsecret" 'http://localhost:8888/oauth/token?grant_type=password&username=user&password=1234'
我没有使用postman进行测试,因为它不支持
grant\u type=password

如何让spring使用
grant_type=password
返回accessToken和refreshToken

我的配置有什么问题吗?

我的spring应用程序(配置)如下所示:

@Configuration
@ComponentScan
@EnableAutoConfiguration(exclude = { MongoAutoConfiguration.class, MongoDataAutoConfiguration.class })
@SpringBootApplication
public class CsWebServerApplication {

    public static final String RESOURCE_ID = "myresource";

    public static final String CLIENT_ID = "myapplication";
    public static final String CLIENT_SECRET = "application_secret";

    public static void main(String[] args) {

        SpringApplication.run(MyWebServerApplication.class, args);
    }

    @Configuration
    @EnableAuthorizationServer
    protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {

        @Inject
        private AuthenticationManager authenticationManager;

        @Override
        public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
            endpoints.authenticationManager(authenticationManager);
        }

        @Override
        public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

            clients.inMemory().withClient(CLIENT_ID)
            .authorizedGrantTypes("client_credentials", "password", "refresh_token")
            .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
            .scopes("read", "write", "trust")
            .secret(CLIENT_SECRET);
        }

        @Override
        public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
            super.configure(oauthServer);
        }
    }

    @Configuration
    @EnableResourceServer
    protected static class ResourceConfig extends ResourceServerConfigurerAdapter {

        @Override 
        public void configure(HttpSecurity http) throws Exception {

            http.requestMatchers().antMatchers("/*", "/admin/beans").and().authorizeRequests().anyRequest()
                .access("#oauth2.hasScope('read')"); 
        }

        @Override
        public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
            resources.resourceId(RESOURCE_ID);
        }
    }

    @Configuration
    @EnableWebSecurity
    protected static class WebConfigurer extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            super.configure(http);
        }

        @Override
        public void configure(WebSecurity webSecurity) throws Exception {
            webSecurity.ignoring()
                    // All of Spring Security will ignore the requests
                    .antMatchers("/accessibleservices/**")
        }
    }

}
“”在(OAuth 2.0授权框架)中说

客户端通过添加 以下参数使用应用程序/x-www-form-urlencoded“ 按照附录B的格式,在HTTP中使用UTF-8字符编码 请求实体机构:

因此,
-H“内容类型:application/json”
是错误的。此外,curl命令行是错误的。使用
-d
选项指定POST的表单参数。

关于支持刷新令牌。默认情况下,SpringOAuth使用DefaultTokenServices类,默认情况下禁用对刷新令牌的支持。您应该在OAuth2Config.class中重写它的初始化

例如:

    @Bean
    @Primary
    public DefaultTokenServices tokenServices() {
        DefaultTokenServices tokenServices = new DefaultTokenServices();
        tokenServices.setSupportRefreshToken(true);
        return tokenServices;
    }
DefaultTokenServices.class

未设置令牌存储

OAuth2RefreshToken refreshToken = tokenStore.readRefreshToken(refreshTokenValue);
    if (refreshToken == null) {
        throw new InvalidGrantException("Invalid refresh token: " + refreshTokenValue);
    }
xml添加

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
在您的OAuth2配置中

@Autowired
@Qualifier("redisTokenStore")
private TokenStore tokenStore;

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
    endpoints.authenticationManager(authenticationManager)
            .userDetailsService(userService)
            .tokenStore(tokenStore);//set tokenStore
}

@Autowired
@Qualifier("redisTokenStore")
private TokenStore tokenStore;

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
    endpoints.authenticationManager(authenticationManager)
            .userDetailsService(userService)
            .tokenStore(tokenStore);//set tokenStore
}