spring boot 2 jwt oauth2 + angular 5 无法获取 JWT

【问题标题】:spirng boot 2 jwt oauth2 + angular 5 can't get the JWTspring boot 2 jwt oauth2 + angular 5 无法获取 JWT
【发布时间】:2018-10-29 12:31:52
【问题描述】:

我是使用 spring boot 和 spring security 的新手,我正在尝试实现 oauth2 以生成 JWT 并在 angular5 应用程序中使用此令牌,我的情况是,在实现后,如果使用邮递员,我可以获得令牌或 curl 但是当我在 Angular 中使用我的网络客户端时,我无法获得令牌。

这就是我所做的。

我的登录方式是有角度的

login(username: string, password: string ) {
    const params:  HttpParams = new  HttpParams();
    const headers: Headers = new Headers();

    params.set('username', 'GDELOSSANTOS');
    params.set('password', 'ADMIN');
    params.set('client_id', 'ADMIN');
    params.set('client_secret', 'ADMIN');
    params.set('grant_type', 'password');
    params.set('scope', '*');

    headers.set('Content-Type', 'application/x-www-form-urlencoded');

      return this.http.post(Constante.BACKEND_TOKEN_REQUEST, {headers}, {params} ).subscribe
          (res => this.setSession);
  }

我的授权服务器

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    private static final Logger logger = LogManager.getLogger(AuthorizationServerConfig.class);

    @Value("${security.oauth2.resource.id}")
    private String resourceId;

    @Autowired
    @Qualifier("authenticationManagerBean")
    private AuthenticationManager authenticationManager;

    @Override
    public void configure(final AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
        oauthServer.tokenKeyAccess("permitAll()")
        .checkTokenAccess("isAuthenticated()");
    }

    @Override
    public void configure(final ClientDetailsServiceConfigurer clients) throws Exception {
        logger.traceEntry();

        clients
        .inMemory()
        .withClient(ConstanteUtil.Seguridad.CLIEN_ID)
        .secret(Seguridad.CLIENT_SECRET)
        .authorizedGrantTypes(Seguridad.GRANT_TYPE_PASSWORD, Seguridad.AUTHORIZATION_CODE, Seguridad.REFRESH_TOKEN, Seguridad.IMPLICIT )
        .authorities(UsusarioRoles.ROLE_ADMIN, UsusarioRoles.ROLE_USER)
        .resourceIds(resourceId)
        .scopes(Seguridad.SCOPE_READ, Seguridad.SCOPE_WRITE, Seguridad.TRUST)
        .accessTokenValiditySeconds(Seguridad.ACCESS_TOKEN_VALIDITY_SECONDS).
        refreshTokenValiditySeconds(Seguridad.FREFRESH_TOKEN_VALIDITY_SECONDS);
        logger.info("Configuracion " + clients);
        logger.traceExit();
    }

    @Bean
    @Primary
    public DefaultTokenServices tokenServices() {
        final DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        defaultTokenServices.setSupportRefreshToken(true);
        return defaultTokenServices;
    }

    @Override
    public void configure(final AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        final TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
        tokenEnhancerChain.setTokenEnhancers(Arrays.asList(tokenEnhancer(), accessTokenConverter()));
        endpoints.tokenStore(tokenStore())
        .tokenEnhancer(tokenEnhancerChain)
        .authenticationManager(authenticationManager);
    }

    @Bean
    public TokenStore tokenStore() {
        return new JwtTokenStore(accessTokenConverter());
    }

    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        final JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        converter.setSigningKey("123");
        return converter;
    }

    @Bean
    public TokenEnhancer tokenEnhancer() {
        return new CustomTokenEnhancer();
    }

}

我的资源服务器

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    private static final Logger logger = LogManager.getLogger(AuthorizationServerConfig.class);

    @Value("${security.oauth2.resource.id}")
    private String resourceId;

    @Override
    public void configure(final HttpSecurity http) throws Exception {
        logger.traceEntry("Entrada configure");
        // @formatter:off
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
        .and()
        .authorizeRequests().anyRequest().permitAll();
        logger.info("Ejecucion de metodo " + http);
        // @formatter:on                
    }

    @Override
    public void configure(final ResourceServerSecurityConfigurer config) {
        config.resourceId(resourceId).stateless(true);  }
}

网络安全

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private static final Logger logger = LogManager.getLogger(WebSecurityConfig.class);


    @Autowired
    @Resource(name = "UsuarioService")
    private UserDetailsService userDetailsService;

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Autowired
    public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
        logger.traceEntry("globalUserDetails", auth);
        auth.userDetailsService(userDetailsService)
        .passwordEncoder(encoder());

        logger.traceExit("globalUserDetails", auth);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        logger.traceEntry();
        logger.info("ejecutando configuracion " + http);
        http.cors().disable()
        .csrf().disable()
        .anonymous().disable()
        .authorizeRequests()
        .antMatchers("/login", "/logout.do").permitAll() 
        .antMatchers("/**").authenticated()
        .and().formLogin().loginPage("/login").permitAll()
        .and().httpBasic();

        logger.info("se ejecuto configuracion " + http);

    }

    @Bean
    public BCryptPasswordEncoder encoder(){
        return new BCryptPasswordEncoder();
    }

    @Bean
    public FilterRegistrationBean corsFilter() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = new CorsConfiguration();
        config.setAllowCredentials(true);
        config.addAllowedOrigin("*");
        config.addAllowedHeader("*");
        config.addAllowedMethod("*");
        source.registerCorsConfiguration("/**", config);
        FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
        bean.setOrder(0);
        return bean;
    }

    @Bean
    public WebMvcConfigurer corsConfigurer() {
        return new WebMvcConfigurerAdapter() {
            @Override
            public void addCorsMappings(CorsRegistry registry) {
                registry.addMapping("/auth/token").allowedOrigins("http://localhost:9000");
            }
        };
    }
}

UserDetailService的loadUserDetail的实现 @覆盖 public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { logger.traceEntry("Iniciando loadUserByUsername"); /这里我们使用的是虚拟数据,你需要从 数据库或其他第三方应用程序/ 尝试 { Usuario usuario = findAllUsuarioRoleByName(username); logger.info("Se encontro el usaurio" + usuario);

    UserBuilder builder = null;
    if (usuario != null) {
        List<String> roles =  new ArrayList<>();

        Collection<UsuarioRole> usuarioRoleByUsuarioName = usuarioRoleRepository.findAllUsuarioRoleByUsuarioName(usuario.getNombreUsuario());
        logger.info("Roles encontrados " + usuarioRoleByUsuarioName.size());
        for(UsuarioRole usuarioRole : usuarioRoleByUsuarioName) {
            roles.add(usuarioRole.getRole().getNombreRole());
        }

        String[] rolesArray = new String[roles.size()];
        rolesArray = roles.toArray(rolesArray);

        builder = org.springframework.security.core.userdetails.User.withUsername(username);
        builder.password(new BCryptPasswordEncoder().encode(usuario.getClaveUsuario()));
        for (String string : rolesArray) {
            logger.debug("**** " + string);
        }
        builder.roles(rolesArray);
    } else {
        throw new UsernameNotFoundException("User not found.");
    }

    return builder.build();
    }finally {
        logger.traceExit("Finalizando loadUserByUsername");
    }
}

【问题讨论】:

    标签: spring-boot spring-security oauth-2.0 jwt angular5


    【解决方案1】:

    对您的角度代码进行以下调整。

    1. 通过 Authorization 标头传递 client_id 和 client_secret。

    2. 在发布之前对对象进行序列化(可以参考这个answer)。

      login(username: string, password: string ) {

    let body = {
        username: 'GDELOSSANTOS',
        password: 'ADMIN',
        grant_type: 'password'
    };

    // Serialize body object

    let bodySerialized = 'grant_type=password&password=ADMIN&username=GDELOSSANTOS';

    let headers = new HttpHeaders()
        .set('Content-Type', 'application/x-www-form-urlencoded')
        .set('Authorization', 'Basic ' + btoa("ADMIN:ADMIN"));

    return this.http.post(Constante.BACKEND_TOKEN_REQUEST,
        bodySerialized,
        {
            headers: headers
        }).subscribe(res => this.setSession);
 }

    【讨论】:

    • 感谢您的 cmets,我正在使用 HttpParams 并根据 angular 5 API 文档表示序列化参数。我尝试了你的方法,但仍然得到相同的 404 响应
    • 您可以将浏览器发送的请求与邮递员的请求进行比较,以找出差异。
    • lzagkaretos 我已经找到了问题,我使用了错误的 URL 进行身份验证我将 /auth/token 更改为 /oauth/token 感谢您的最后建议,帮助我看到它。
    • 很高兴听到。请问您是通过授权标头还是使用参数对象传递client_secret和client_id?
    • 我通过了 Authorization 标头。
    猜你喜欢
    • 2019-02-10
    • 2023-03-18
    • 2017-09-13
    • 2020-10-25
    • 2018-01-05
    • 2020-06-19
    • 2017-01-31
    • 2020-04-23
    • 2021-10-13
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode