Java spring启动{“错误”:“无效的客户端”,“错误描述”:“错误的客户端凭据”}
我创建了一个小型spring启动授权服务器,但它不起作用: 我的安全配置:Java spring启动{“错误”:“无效的客户端”,“错误描述”:“错误的客户端凭据”},java,spring,spring-boot,oauth-2.0,spring-oauth2,Java,Spring,Spring Boot,Oauth 2.0,Spring Oauth2,我创建了一个小型spring启动授权服务器,但它不起作用: 我的安全配置: @Configuration public class SecurityConfiguration extends WebSecurityConfigurerAdapter { @Autowired public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception { auth.i
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("user").roles("ROLE");
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
我的授权服务器:
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(final AuthorizationServerEndpointsConfigurer endpoints) {
endpoints.tokenStore(tokenStore())
.authenticationManager(authenticationManager);
}
@Override
public void configure(final ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("client")
.secret("clientpassword")
.scopes("read", "write")
.authorizedGrantTypes("password")
.accessTokenValiditySeconds(3600);
}
@Bean
public TokenStore tokenStore() {
return new InMemoryTokenStore();
}
我的资源服务器:
@Configuration
@EnableResourceServer
@EnableWebSecurity
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().authorizeRequests()
.antMatchers("/oauth/token")
.permitAll()
.anyRequest()
.authenticated();
}
}
用这个卷发
curl -i -v -X POST -H 'Content-Type: application/x-www-form-urlencoded' -k http://localhost:8080/oauth/token -H 'Authorization: Basic Y2xpZW50OmNsaWVudHBhc3N3b3Jk' -d 'grant_type=password&client_id=client&user=user&password=user'
Y2xpZW50OmNsaWVudHBhc3N3b3Jk
是base64编码的client:clientpassword
我得到这个错误:
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8080 (#0)
> POST /oauth/token HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.64.1
> Accept: */*
> Content-Type: application/x-www-form-urlencoded
> Authorization: Basic Y2xpZW50OmNsaWVudHBhc3N3b3Jk
> Content-Length: 60
>
* upload completely sent off: 60 out of 60 bytes
< HTTP/1.1 401
HTTP/1.1 401
< Cache-Control: no-store
Cache-Control: no-store
< Pragma: no-cache
Pragma: no-cache
< WWW-Authenticate: Form realm="oauth2/client", error="invalid_client", error_description="Bad client credentials"
WWW-Authenticate: Form realm="oauth2/client", error="invalid_client", error_description="Bad client credentials"
< X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; mode=block
< X-Frame-Options: DENY
X-Frame-Options: DENY
< Content-Type: application/json
Content-Type: application/json
< Transfer-Encoding: chunked
Transfer-Encoding: chunked
< Date: Wed, 13 May 2020 18:42:17 GMT
Date: Wed, 13 May 2020 18:42:17 GMT
<
* Connection #0 to host localhost left intact
{"error":"invalid_client","error_description":"Bad client credentials"}* Closing connection 0
注意:不必要地使用-X或--request,POST已经推断出来。
*正在尝试::1。。。
*TCP_节点集
*已连接到本地主机(::1)端口8080(#0)
>POST/oauth/token HTTP/1.1
>主机:本地主机:8080
>用户代理:curl/7.64.1
>接受:*/*
>内容类型:application/x-www-form-urlencoded
>授权:基本Y2xpZW50OmNsaWVudHBhc3N3b3Jk
>内容长度:60
>
*上传已完全发送:60个字节中的60个