Spring Boot oauth:不支持的授权类型

【问题标题】:Spring boot oauth: unsupported grant typeSpring Boot oauth:不支持的授权类型
【发布时间】:2019-02-11 03:03:41
【问题描述】:

请帮助我...不受支持的赠款类型让我发疯.. 我的 Spring Boot 设置如下所示。

    @Configuration
    @EnableAuthorizationServer
    public class AuthServerConfig extends AuthorizationServerConfigurerAdapter{

        @Override
        public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
            // TODO Auto-generated method stub
            super.configure(endpoints);
        }

        @Override
        public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
            // TODO Auto-generated method stub
            security
            /*.tokenKeyAccess("permitAll()")*/
              .checkTokenAccess("isAuthenticated()");
        }

        @Bean
        public TokenStore tokenStore() {
            return new JwtTokenStore(jwtAccessTokenConverter());
        }

        @Bean
        public JwtAccessTokenConverter jwtAccessTokenConverter() {
            return new JwtAccessTokenConverter();
        }

        @Override
        public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
            // TODO Auto-generated method stub
            clients.inMemory()
            .withClient("foo")
            .secret("{noop}bar")
            .authorizedGrantTypes("password", "authorization_code", "refresh_token","client_credentials")

            .authorities("ROLE_CLIENT","ROLE_TRUSTED_CLIENT")

            .scopes("read", "write","trust","openid")

            .accessTokenValiditySeconds(120).//Access token is only valid for 2 minutes.

            refreshTokenValiditySeconds(600);//Refresh token is only valid for 10 minutes.


        }

    }

这是邮递员测试的结果,总是返回不受支持的授权类型“密码”

enter image description here

enter image description here

【问题讨论】:

    标签: spring spring-boot oauth-2.0 postman


    【解决方案1】:

    如果您使用 grant_type="password",您必须:

    在你自己的WebSecurityConfigurerAdapter类中创建下面的bean

    @Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
   return super.authenticationManagerBean();
}

    将其注入AuthorizationServerConfigurerAdapter

    @Autowired
private AuthenticationManager authenticationManager;

    configure(AuthorizationServerEndpointsConfigurer endpoints)方法中使用它

    @Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
   endpoints.authenticationManager(authenticationManager);
}

    完整示例:

    @Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
    @Bean
    @Override
    protected UserDetailsService userDetailsService(){
        InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
        manager.createUser(User.withUsername("a").password("123456").authorities("USER").build());
        return manager;
    }
}



@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    private AuthenticationManager authenticationManager;

    @Autowired
    public AuthorizationServerConfig(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
        endpoints.authenticationManager(authenticationManager);
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) {
         security.tokenKeyAccess("permitAll()")         
                 .checkTokenAccess("isAuthenticated()") 
                 .allowFormAuthenticationForClients();
    }

    @Override
        public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                .withClient("CLIEN_ID").secret("CLIENT_SECRET")
                .authorizedGrantTypes("password", "refresh_token")
                .authorities("CLIENT")
                .scopes("read");
    }
}

    测试:

    curl -i -X POST -d "username=a&password=123456&grant_type=password&client_id=CLIENT_ID&client_secret=CLIENT_SECRET" http://localhost:8080/oauth/token

    【讨论】:

      【解决方案2】:

      假设输入的用户是有效的,除了用户名、密码和授权类型之外,您能否尝试发送客户端 ID 和客户端密码参数。

      curl http://{host}:{port}/oauth/token -d grant_type=password -d username=user -d password=password -d client_id=client -d client_secret=secret

      【讨论】:

        猜你喜欢
        • 2015-10-30
        • 2018-09-07
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 2018-11-09
        • 2017-09-18
        • 1970-01-01
        • 2018-07-04
        相关资源
        最近更新 更多
        热门标签
        Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode