当用户在springboot中调用注册RESTAPI时,如何获取oAuth2访问令牌?
目前我正在研究Springboot安全性,它对我来说是全新的。我学习了youtube视频教程 当我使用下面的代码段时,我成功地获得了oauth2 access_令牌:-当用户在springboot中调用注册RESTAPI时,如何获取oAuth2访问令牌?,rest,spring-boot,spring-security,spring-security-oauth2,spring-boot-actuator,Rest,Spring Boot,Spring Security,Spring Security Oauth2,Spring Boot Actuator,目前我正在研究Springboot安全性,它对我来说是全新的。我学习了youtube视频教程 当我使用下面的代码段时,我成功地获得了oauth2 access_令牌:- @SpringBootApplication public class MathifyApplication { @Autowired private PasswordEncoder passwordEncoder; public static void main(String[] args) {
@SpringBootApplication
public class MathifyApplication {
@Autowired
private PasswordEncoder passwordEncoder;
public static void main(String[] args) {
SpringApplication.run(MathifyApplication.class, args);
}
@Autowired
public void authenticationManager(AuthenticationManagerBuilder builder, UserRepository repository, UserService service) throws Exception {
//Setup a default user if db is empty
User students = new User("stu1", "user", "user", "abc@gmail.com", "1234567890", "12th", "dwarka sec-12",
0, 0 , "may/29/2017", "", Arrays.asList(new Role("USER"), new Role("ACTUATOR")));
if (repository.count()==0){
service.save(students);
}
builder.userDetailsService(userDetailsService(repository)).passwordEncoder(passwordEncoder);
}
private UserDetailsService userDetailsService(final UserRepository repository) {
return userName -> new CustomUserDetails(repository.findByUsername(userName));
}
}
控制器类为:-
@RestController
public class LoginController {
@Autowired
private UserService userService;
@RequestMapping(value = "/mathify/getuser/{userId}", method = RequestMethod.GET)
public User getUser(@PathVariable String userId){
System.out.println("Userid "+userId);
return userService.getUser(userId);
}
@RequestMapping(method = RequestMethod.POST, value="/mathify/signup")
public User register(@RequestBody User user){
return userService.doSignup(user);
}
@GetMapping(value="/hi")
public String test(){
return "Oh ! I am fine without secuirity";
}
}
通过上面的代码片段,我可以获得access_token(/oauth/token),并且我还可以毫无问题地调用其他控制器类私有API
但是上面的代码有一个问题。什么?在上面的代码片段中,用户是硬编码的,但当我想在用户注册时获得访问令牌时,它给出了一个异常
2017-06-18 11:04:05.689 ERROR 8492 --- [nio-8080-exec-3] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.IllegalStateException: Cannot apply org.springframework.security.config.annotation.authentication.configurers.userdetails.DaoAuthenticationConfigurer@6b66d7ac to already built object] with root cause
java.lang.IllegalStateException: Cannot apply org.springframework.security.config.annotation.authentication.configurers.userdetails.DaoAuthenticationConfigurer@6b66d7ac to already built object
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.add(AbstractConfiguredSecurityBuilder.java:196) ~[spring-security-config-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.apply(AbstractConfiguredSecurityBuilder.java:133) ~[spring-security-config-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder.apply(AuthenticationManagerBuilder.java:290) ~[spring-security-config-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder.userDetailsService(AuthenticationManagerBuilder.java:187) ~[spring-security-config-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at com.techiesandeep.mathify.controller.LoginController.register(LoginController.java:40) ~[classes/:na]
为了实现上述功能,我在应用程序和控制器中做了一些更改
申请类别如下:-
@SpringBootApplication
public class MathifyApplication {
@Autowired
private PasswordEncoder passwordEncoder;
public static void main(String[] args) {
SpringApplication.run(MathifyApplication.class, args);
}
}
控制器类别如下:-
@RestController
public class LoginController {
@Autowired
private UserService userService;
@Autowired
AuthenticationManagerBuilder builder;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private UserRepository repository;
@RequestMapping(value = "/mathify/getuser/{userId}", method = RequestMethod.GET)
public User getUser(@PathVariable String userId){
System.out.println("Userid "+userId);
return userService.getUser(userId);
}
@RequestMapping(method = RequestMethod.POST, value="/user/signup")
public User register(@RequestBody User user) throws Exception {
User u = userService.doSignup(user);
builder.userDetailsService(userDetailsService(repository)).passwordEncoder(passwordEncoder);
return u;
}
private UserDetailsService userDetailsService(final UserRepository repository) {
return userName -> new CustomUserDetails(repository.findByUsername(userName));
}
@GetMapping(value="/hi")
public String test(){
return "Oh ! I am fine without secuirity";
}
}
任何帮助都是值得的。谢谢你可以打另一个POST请求来获取访问令牌。 我不确定这是不是最好的方法,但对我来说效果很好 注册请求映射中的代码剪贴示例:
RestTemplate restTemplate = new RestTemplate();
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON);
headers.set("Authorization", auth_header);
/*auth_header should be Autorization header value that captured from signup request, which is generated by Basic Auth with clientID and secret, for example, "Basic bXktdHJ1c3RlZC1jbGllbnQ6c2VjcmV0" */
HttpEntity<String> entity = new HttpEntity<String>("",headers);
String authURL = "http://localhost:8080/oauth/token?grant_type=password&username=yourusername&password=yourpassword";
ResponseEntity<String> response = restTemplate.postForEntity(authURL, entity, String.class);
System.out.println(response.getBody());
RestTemplate RestTemplate=new RestTemplate();
HttpHeaders=新的HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON);
headers.set(“授权”,auth_header);
/*auth_header应该是从注册请求中捕获的自动化头值,该值由带有clientID和secret的Basic auth生成,例如,“Basic bXktdHJ1c3RlZC1jbGllbnQ6c2VjcmV0”*/
HttpEntity=新的HttpEntity(“,标题);
字符串authURL=”http://localhost:8080/oauth/token?grant_type=password&username=yourusername&password=yourpassword";
ResponseEntity response=restTemplate.postForEntity(authURL,entity,String.class);
System.out.println(response.getBody());
您正在动态构建身份验证管理器。这是我第一次看到这个,我强烈建议不要这样做。@Shazin基本上我想在成功注册RESTAPI后给用户一个令牌,你能指导我吗?我在谷歌上搜索了很多,但没有得到任何相关的东西。任何链接或任何指南都会很有帮助。非常感谢您可以请求oauth/token端点来获取访问令牌。