【发布时间】:2022-01-02 22:34:17
【问题描述】:
我一直在使用 Spring Security,这对我来说是新的,因此我并不真正了解它是如何工作的。错误是当邮递员发送 url http://localhost:8082/oauth/token 时会抛出这个。当我发送其他端点时也会发生同样的情况。
{“时间戳”:1640911637387,“状态”:401,“错误”:“未经授权”, "message": "访问该资源需要完全认证", “路径”:“/oauth/token”}
我的配置:
@Configuration
@EnableAuthorizationServer
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Value("#{ @environment['identityserver.security.oauth2.token.ttl'] ?: 3600 }")
private int accessTokenValiditySeconds;
@Value("#{ @environment['identityserver.security.oauth2.refresh.ttl'] ?: 3600 }")
private int refreshTokenValiditySeconds;
@Value("${identityserver.security.oauth2.client.clientid}")
private String clientId;
@Value("${identityserver.security.oauth2.client.secret}")
private String secret;
@NotNull
@Value("${identityserver.security.oauth2.privateKey}")
private String privateKey;
@NotNull
@Value("${identityserver.security.oauth2.publicKey}")
private String publicKey;
@Bean
public PasswordEncoder passwordEncoder() {
return new UEPasswordEncoder();
}
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer configurer) throws Exception {
configurer.authenticationManager(authenticationManager).tokenServices(tokenServices()).tokenStore(tokenStore())
.accessTokenConverter(accessTokenConverter());
}
@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
defaultTokenServices.setSupportRefreshToken(true);
defaultTokenServices.setTokenEnhancer(accessTokenConverter());
defaultTokenServices.setAccessTokenValiditySeconds(accessTokenValiditySeconds);
defaultTokenServices.setRefreshTokenValiditySeconds(refreshTokenValiditySeconds);
return defaultTokenServices;
}
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new TeclabJwtAccessTokenConverter();
converter.setSigningKey(privateKey);
converter.setVerifierKey(publicKey);
return converter;
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient(clientId).secret(secret)
.authorizedGrantTypes("password", "credentials", "refresh_token").scopes("read", "write")
.authorities("ROLE_TRUSTED_CLIENT").accessTokenValiditySeconds(accessTokenValiditySeconds)
.refreshTokenValiditySeconds(refreshTokenValiditySeconds);
}
/**
* This bean is required in order to have passwords properly compared during
* oAuth2 authentication
*/
@Bean
public AuthenticationProvider authenticationProvider() {
TeclabAuthenticationProvider authenticationProvider = new TeclabAuthenticationProvider();
return authenticationProvider;
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.checkTokenAccess("isAuthenticated()");
}
@Bean
public JwtClaimsSetVerifier issuerClaimVerifier() {
return new TeclabClaimVerifier();
}
}
这将是我们目前使用的唯一配置。如果需要了解其他信息,我可以附上。
【问题讨论】: