Spring 弹簧靴oauth2“/auth/oauth/token“；被禁止的_Spring_Spring Boot_Oauth_Oauth 2.0

Spring 弹簧靴oauth2“/auth/oauth/token“；被禁止的

spring spring-boot oauth oauth-2.0

Spring 弹簧靴oauth2“/auth/oauth/token“；被禁止的,spring,spring-boot,oauth,oauth-2.0,Spring,Spring Boot,Oauth,Oauth 2.0,我正在设置一个基本的oauth2授权服务器。这是我的应用程序配置 @SpringBootApplication @RestController @EnableResourceServer @EnableAuthorizationServer public class Application { @RequestMapping(value = { "/user" }, produces = "application/json") public Map<String, Obj

我正在设置一个基本的oauth2授权服务器。这是我的应用程序配置

@SpringBootApplication
@RestController
@EnableResourceServer
@EnableAuthorizationServer
public class Application {

    @RequestMapping(value = { "/user" }, produces = "application/json")
    public Map<String, Object> user(OAuth2Authentication user) {
        Map<String, Object> userInfo = new HashMap<>();
        userInfo.put("user", user.getUserAuthentication().getPrincipal());
        userInfo.put("authorities", AuthorityUtils.authorityListToSet(user.getUserAuthentication().getAuthorities()));
        return userInfo;
    }


    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }


}

还有我的Oauth2Config

@Configuration
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                .withClient("eagleeye")
                .secret("thisissecret")
                .authorizedGrantTypes("refresh_token", "password", "client_credentials")
                .scopes("webclient", "mobileclient");
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints
                .authenticationManager(authenticationManager)
                .userDetailsService(userDetailsService);
    }
}

我试图使用postman从localhost:8080/auth/oauth/token检索令牌，但它只抛出此错误

{
  "error": "unauthorized",
  "error_description": "Full authentication is required to access this resource"
}

这是我从邮递员那里传递的价值

我能够访问端点，但它返回了一个错误，但这是另一个问题。我刚刚将url从

localhost:8080/auth/oauth/toke

n更改为

localhost:8080/oauth/token

可能您缺少针对http调用的身份验证？如果将

@Override protected void configure（HttpSecurity http）添加到websecurityconfigure
，会发生什么情况？（如果没有日志就很难说，我想@EnableResourceServer已经为您完成了这项工作）在postman中将客户端id和授权类型添加到post请求的URL中。例如：…/oauth/token？client_id=eagleeye&grant_type=password。您所说的另一个错误是，当您想使用承载令牌访问/user端点时，会获得未经授权的权限？如果是这样，我也面临同样的问题。你找到解决办法了吗？
{
  "error": "unauthorized",
  "error_description": "Full authentication is required to access this resource"
}