java - Spring oauth2 : access_token isn't in response after succefull request

Question

我尝试使用 oauth2 在我的 rest-api 上对用户进行身份验证。但是在成功请求后我没有得到 access_token 作为响应。

部分代码:

我的服务器配置:

@Configuration
@EnableResourceServer
public class OAuth2ServerConfiguration {

    @Configuration
    @EnableAuthorizationServer
    protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {

        @Autowired
        private AuthenticationManager authenticationManager;

        @Override
        public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
            endpoints.authenticationManager(authenticationManager);
        }

        @Override
        public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
            // @formatter:off
            clients.inMemory()
                .withClient("clientsecret")
                    .authorizedGrantTypes("password")
                    .authorities("USER")
                    .scopes("read")
                    .secret("12345")
                    .accessTokenValiditySeconds(60);
            // @formatter:on
        }
    }
}

我的安全配置:

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(AuthenticationManagerBuilder builder) throws Exception {
        builder
            .inMemoryAuthentication()
            .withUser("user").password("password").roles("USER");
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(HttpSecurity security) throws Exception {
        security.authorizeRequests()
            .antMatchers(HttpMethod.GET, "/oauth/token")
            .hasRole("USER")
            .and().httpBasic().realmName("OAuth Server");
    }

我的 Controller :

@Path("/oauth")
@Produces(MediaType.APPLICATION_JSON)
public class TestController {

    @GET
    @Path("/token")
    @Produces(MediaType.APPLICATION_JSON)
    public Response testToken() {

        return Response.status(200).entity("is working fine \n")
        .header("Server", "Apache Tomcat/8.0.20")
        .header("Content-Type", MediaType.APPLICATION_JSON)
        .header("Connection", "Opened")
        .type(MediaType.APPLICATION_JSON).build();
    }
}

我的要求:

curl -X GET -k -vu user:password http://localhost:8080/test/oauth/token -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=password&scope=read&client_secret=12345&client_id=clientsecret"

我的回复:

*   Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
* Server auth using Basic with user 'user'
> GET /test/oauth/token HTTP/1.1
> Host: localhost:8080
> Authorization: Basic dXNlcjpwYXNzd29yZA==
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 73
> 
* upload completely sent off: 73 out of 73 bytes
< HTTP/1.1 200 OK
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Set-Cookie: JSESSIONID=0D30F02C6F9A194786581A6C0EB20909; Path=/test/; HttpOnly
< Server: Apache Tomcat/8.0.20
< Connection: Opened
< Content-Type: application/json
< Transfer-Encoding: chunked
< Date: Thu, 10 Sep 2015 10:12:39 GMT
< 
is working fine 
* Connection #0 to host localhost left intact

我必须做什么才能看到响应中的 access_token。为什么我得到的是json格式的？

感谢回复。 干杯。

Answer 1

要请求 OAuth 2.0 token ，您必须向端点执行 POST 请求，并在请求正文中包含用户名/密码/授权类型。像这样:

curl -u clientsecret:12345 -X POST http://localhost:8080/oauth/token -H "Accept:application/json" -d "username=user&password=password&grant_type=password"