Spring 弹簧靴oauth2“/auth/oauth/token“;被禁止的
我正在设置一个基本的oauth2授权服务器。这是我的应用程序配置Spring 弹簧靴oauth2“/auth/oauth/token“;被禁止的,spring,spring-boot,oauth,oauth-2.0,Spring,Spring Boot,Oauth,Oauth 2.0,我正在设置一个基本的oauth2授权服务器。这是我的应用程序配置 @SpringBootApplication @RestController @EnableResourceServer @EnableAuthorizationServer public class Application { @RequestMapping(value = { "/user" }, produces = "application/json") public Map<String, Obj
@SpringBootApplication
@RestController
@EnableResourceServer
@EnableAuthorizationServer
public class Application {
@RequestMapping(value = { "/user" }, produces = "application/json")
public Map<String, Object> user(OAuth2Authentication user) {
Map<String, Object> userInfo = new HashMap<>();
userInfo.put("user", user.getUserAuthentication().getPrincipal());
userInfo.put("authorities", AuthorityUtils.authorityListToSet(user.getUserAuthentication().getAuthorities()));
return userInfo;
}
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
还有我的Oauth2Config
@Configuration
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private UserDetailsService userDetailsService;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("eagleeye")
.secret("thisissecret")
.authorizedGrantTypes("refresh_token", "password", "client_credentials")
.scopes("webclient", "mobileclient");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService);
}
}
我试图使用postman从localhost:8080/auth/oauth/token检索令牌,但它只抛出此错误
{
"error": "unauthorized",
"error_description": "Full authentication is required to access this resource"
}
这是我从邮递员那里传递的价值
我能够访问端点,但它返回了一个错误,但这是另一个问题。我刚刚将url从
localhost:8080/auth/oauth/toke
n更改为localhost:8080/oauth/token
可能您缺少针对http调用的身份验证?如果将@Override protected void configure(HttpSecurity http)添加到websecurityconfigure
,会发生什么情况?(如果没有日志就很难说,我想@EnableResourceServer
已经为您完成了这项工作)在postman中将客户端id和授权类型添加到post请求的URL中。例如:…/oauth/token?client_id=eagleeye&grant_type=password。您所说的另一个错误是,当您想使用承载令牌访问/user端点时,会获得未经授权的权限?如果是这样,我也面临同样的问题。你找到解决办法了吗?
{
"error": "unauthorized",
"error_description": "Full authentication is required to access this resource"
}