rest - 用户在 springboot 中调用注册 rest API 时如何获取 oAuth2 访问 token ？

Question

目前我正在从事 Springboot 安全方面的工作，这对我来说是全新的。我关注了 youtube 视频教程 Video

当我使用以下代码片段时，我成功获得了 oauth2 access_token:-

@SpringBootApplication
public class MathifyApplication {
    @Autowired
    private PasswordEncoder passwordEncoder;


    public static void main(String[] args) {
        SpringApplication.run(MathifyApplication.class, args);
    }

    @Autowired
    public void authenticationManager(AuthenticationManagerBuilder builder, UserRepository repository, UserService service) throws Exception {
        //Setup a default user if db is empty
        User students = new User("stu1", "user", "user", "abc@gmail.com", "1234567890", "12th", "dwarka sec-12", 
            0, 0 , "may/29/2017", "", Arrays.asList(new Role("USER"), new Role("ACTUATOR")));
        if (repository.count()==0){
            service.save(students);
        }
        builder.userDetailsService(userDetailsService(repository)).passwordEncoder(passwordEncoder);
    }

    private UserDetailsService userDetailsService(final UserRepository repository) {
        return userName -> new CustomUserDetails(repository.findByUsername(userName));
    }

}

Controller 类是:-

@RestController
public class LoginController {
    @Autowired
    private UserService userService;

    @RequestMapping(value = "/mathify/getuser/{userId}", method = RequestMethod.GET)
    public User getUser(@PathVariable String userId){
        System.out.println("Userid "+userId);
        return userService.getUser(userId);
    }

    @RequestMapping(method = RequestMethod.POST, value="/mathify/signup")
    public User register(@RequestBody User user){

        return userService.doSignup(user);

    }

    @GetMapping(value="/hi")
    public String test(){

         return "Oh ! I am fine without secuirity";
    }

}

通过上面的代码片段我可以获得access_token(/oauth/token)，我也可以毫无问题地调用其他 Controller 类私有(private)API。

但是上面的代码有问题。什么？在上面的代码片段中，用户是硬编码的，但是当我想在用户注册时获取 access_token 时，它给出了一个异常。

2017-06-18 11:04:05.689 ERROR 8492 --- [nio-8080-exec-3] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.IllegalStateException: Cannot apply org.springframework.security.config.annotation.authentication.configurers.userdetails.DaoAuthenticationConfigurer@6b66d7ac to already built object] with root cause

java.lang.IllegalStateException: Cannot apply org.springframework.security.config.annotation.authentication.configurers.userdetails.DaoAuthenticationConfigurer@6b66d7ac to already built object
    at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.add(AbstractConfiguredSecurityBuilder.java:196) ~[spring-security-config-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.apply(AbstractConfiguredSecurityBuilder.java:133) ~[spring-security-config-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder.apply(AuthenticationManagerBuilder.java:290) ~[spring-security-config-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder.userDetailsService(AuthenticationManagerBuilder.java:187) ~[spring-security-config-4.2.2.RELEASE.jar:4.2.2.RELEASE]
    at com.techiesandeep.mathify.controller.LoginController.register(LoginController.java:40) ~[classes/:na]

为了实现上述功能，我对应用程序和 Controller 做了一些更改

应用程序类为:-

@SpringBootApplication
public class MathifyApplication {
    @Autowired
    private PasswordEncoder passwordEncoder;


    public static void main(String[] args) {
        SpringApplication.run(MathifyApplication.class, args);
    }
}

Controller 类如下:-

@RestController
public class LoginController {
  @Autowired
        private UserService userService;
        @Autowired
        AuthenticationManagerBuilder builder;
        @Autowired
        private PasswordEncoder passwordEncoder;
        @Autowired
        private UserRepository repository;


        @RequestMapping(value = "/mathify/getuser/{userId}", method = RequestMethod.GET)
        public User getUser(@PathVariable String userId){
            System.out.println("Userid "+userId);
            return userService.getUser(userId);
        }

        @RequestMapping(method = RequestMethod.POST, value="/user/signup")
        public User register(@RequestBody User user) throws Exception {
            User u = userService.doSignup(user);
            builder.userDetailsService(userDetailsService(repository)).passwordEncoder(passwordEncoder);
            return u;
        }

        private UserDetailsService userDetailsService(final UserRepository repository) {
            return userName -> new CustomUserDetails(repository.findByUsername(userName));
        }

        @GetMapping(value="/hi")
        public String test(){

             return "Oh ! I am fine without secuirity";
        }
}

任何帮助都将不胜感激。谢谢

Answer 1

您可以调用另一个 POST 请求来获取访问 token 。 我不确定这是最好的方法，但对我来说效果很好。

注册请求映射中的示例代码片段:

    RestTemplate restTemplate = new RestTemplate();
    HttpHeaders headers = new HttpHeaders();
    headers.setContentType(MediaType.APPLICATION_JSON);
    headers.set("Authorization", auth_header);
    /*auth_header should be Autorization header value that captured from signup request, which is generated by Basic Auth with clientID and secret, for example, "Basic bXktdHJ1c3RlZC1jbGllbnQ6c2VjcmV0" */
    HttpEntity<String> entity = new HttpEntity<String>("",headers);
    String authURL = "http://localhost:8080/oauth/token?grant_type=password&username=yourusername&password=yourpassword";
    ResponseEntity<String> response = restTemplate.postForEntity(authURL, entity, String.class);

    System.out.println(response.getBody());