我尝试使用 oauth2 在我的 rest-api 上对用户进行身份验证。但是在成功请求后我没有得到 access_token 作为响应。
部分代码:
我的服务器配置:
@Configuration
@EnableResourceServer
public class OAuth2ServerConfiguration {
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// @formatter:off
clients.inMemory()
.withClient("clientsecret")
.authorizedGrantTypes("password")
.authorities("USER")
.scopes("read")
.secret("12345")
.accessTokenValiditySeconds(60);
// @formatter:on
}
}
}
我的安全配置:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder builder) throws Exception {
builder
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity security) throws Exception {
security.authorizeRequests()
.antMatchers(HttpMethod.GET, "/oauth/token")
.hasRole("USER")
.and().httpBasic().realmName("OAuth Server");
}
我的 Controller :
@Path("/oauth")
@Produces(MediaType.APPLICATION_JSON)
public class TestController {
@GET
@Path("/token")
@Produces(MediaType.APPLICATION_JSON)
public Response testToken() {
return Response.status(200).entity("is working fine \n")
.header("Server", "Apache Tomcat/8.0.20")
.header("Content-Type", MediaType.APPLICATION_JSON)
.header("Connection", "Opened")
.type(MediaType.APPLICATION_JSON).build();
}
}
我的要求:
curl -X GET -k -vu user:password http://localhost:8080/test/oauth/token -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=password&scope=read&client_secret=12345&client_id=clientsecret"
我的回复:
* Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
* Server auth using Basic with user 'user'
> GET /test/oauth/token HTTP/1.1
> Host: localhost:8080
> Authorization: Basic dXNlcjpwYXNzd29yZA==
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 73
>
* upload completely sent off: 73 out of 73 bytes
< HTTP/1.1 200 OK
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Set-Cookie: JSESSIONID=0D30F02C6F9A194786581A6C0EB20909; Path=/test/; HttpOnly
< Server: Apache Tomcat/8.0.20
< Connection: Opened
< Content-Type: application/json
< Transfer-Encoding: chunked
< Date: Thu, 10 Sep 2015 10:12:39 GMT
<
is working fine
* Connection #0 to host localhost left intact
我必须做什么才能看到响应中的 access_token。为什么我得到的是json格式的?
感谢回复。 干杯。
最佳答案
要请求 OAuth 2.0 token ,您必须向端点执行 POST
请求,并在请求正文中包含用户名/密码/授权类型。像这样:
curl -u clientsecret:12345 -X POST http://localhost:8080/oauth/token -H "Accept:application/json" -d "username=user&password=password&grant_type=password"
关于java - Spring oauth2 : access_token isn't in response after succefull request,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32499213/