【发布时间】:2018-05-25 11:03:07
【问题描述】:
大家好, 我在 Spring Boot 中练习 OAuth2。当我访问获取资源时,我已经开发了应用程序,我得到了响应,但是对于发布资源,我必须提供我在请求中传递的用户名和密码,但它仍然给了我这个回应
curl -i --user admin:admin -H Accept:application/json -X PUT http://localhost:8080/api/user/addUpdateUser -H Content-Type: application/json -d '{ "userId": 3, "firstName": "M .Danish”、“lastName”:“Khan”、“userName”:“danishkhan”、“地址”:“Mardan”、“电话”:“04543545435”}'
{
"timestamp": 1464778621656,
"status": 401,
"error": "Unauthorized",
"message": "Access Denied",
"path": "/api/user/addUpdateUser"
}
这是我的代码。
网络安全配置
@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter{
@Autowired
private UserDetailsService userDetailsService;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(HttpMethod.GET).permitAll()
.anyRequest().authenticated()
.and().httpBasic()
.and().csrf().disable();
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
OAuth 资源服务器配置
@Configuration
@EnableResourceServer
public class OAuth2ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
private final String RESOURCE_ID="SpringOAuth";
@Autowired
private CustomAuthenticationEntryPoint customAuthenticationEntryPoint;
/*@Autowired
private UserDetailsService userDetailsService;*/
@Override
public void configure(HttpSecurity http) throws Exception {
http .exceptionHandling()
.authenticationEntryPoint(customAuthenticationEntryPoint)
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET).permitAll()
.anyRequest().authenticated()
/*.and().userDetailsService(userDetailsService); was just checking whether it will work with this or not*/
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId(RESOURCE_ID);
}
}
OAuth 授权服务器配置
@Configuration
@EnableAuthorizationServer
public class OAuth2AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
private final String RESOURCE_ID="SpringOAuth";
private TokenStore tokenStore = new InMemoryTokenStore();
@Autowired
private UserDetailsService userDetailsService;
@Autowired
AuthenticationManager authenticationManager;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("client")
.authorizedGrantTypes("password", "refresh_token")
.authorities("ROLE_USER")
.scopes("read")
.resourceIds(RESOURCE_ID)
.secret("secret").accessTokenValiditySeconds(3600);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.tokenStore(this.tokenStore)
.authenticationManager(this.authenticationManager)
.userDetailsService(userDetailsService);
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setSupportRefreshToken(true);
tokenServices.setTokenStore(this.tokenStore);
return tokenServices;
}
}
控制器
@Controller
@RequestMapping("/api/user")
public class UserController {
@Autowired
private UserService userService;
@RequestMapping(value = "/addUpdateUser",method = RequestMethod.POST)
public ResponseEntity<Void> add_UpdateUser(@RequestBody User user){
if(user==null){
return new ResponseEntity<Void>(HttpStatus.EXPECTATION_FAILED);
}else{
userService.add_UpdateUser(user);
return new ResponseEntity<Void>(HttpStatus.CREATED);
}
}
@RequestMapping("/getAllUser")
public ResponseEntity<List<User>> getAllUsers(){
return new ResponseEntity<List<User>>(userService.getAllUsers(),HttpStatus.OK);
}
@RequestMapping(value = "/deleteUser",method = RequestMethod.POST)
public ResponseEntity<Void> deleteUser(@RequestBody String userName){
if(userName.equals("")){
return new ResponseEntity<Void>(HttpStatus.BAD_REQUEST);
}else {
userService.deleteUser(userName);
return new ResponseEntity<Void>(HttpStatus.OK);
}
}
}
【问题讨论】:
-
任何人请回答我的问题。我已经重新创建了应用程序,它仍然像上面描述的那样。
标签: oauth spring-boot oauth-2.0 spring-security-oauth2