大家好
我的问题需要一些帮助。我可以从我的授权服务器获取 token 。
**该服务器使用 Oracle 数据库。
例如
grant_type = client_credentials
clientId=curlclient
clientSecret = 测试
http://localhost:8885/oauth/token
之后,我尝试使用结果访问 token 来访问资源服务器。但我不能。
结果是:
{
"error": "invalid_token",
"error_description": "b95b8ad3-d030-460d-bee2-ce781b3d4b95"
}
这是我的代码:
资源配置:
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Bean
@ConfigurationProperties(prefix="spring.datasource")
public DataSource ouathDataSource(){return DataSourceBuilder.create().build();}
@Override
public void configure(ResourceServerSecurityConfigurer resources)throws Exception {
TokenStore tokenStore=new JdbcTokenStore(ouathDataSource());
resources.resourceId("product_api").tokenStore(tokenStore);
}
@Override
public void configure(HttpSecurity http) throws Exception{
http
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/actuator/**").permitAll()
.antMatchers(HttpMethod.GET,"/datatest").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.GET, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.POST, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.PATCH, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.PUT, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.DELETE, "/**").access("#oauth2.hasScope('write')");
}
}
授权配置:
@Configuration
@EnableAuthorizationServer
public class AuthServerConfig extends AuthorizationServerConfigurerAdapter {
@Bean
@ConfigurationProperties(prefix = "spring.datasource")
public DataSource oauthDataSource() {
return DataSourceBuilder.create().build();
}
@Bean
public JdbcClientDetailsService clientDetailsService() {
return new JdbcClientDetailsService(oauthDataSource());
}
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(oauthDataSource());
}
@Bean
public ApprovalStore approvalStore() {
return new JdbcApprovalStore(oauthDataSource());
}
@Bean
public AuthorizationCodeServices authorizationCodeServices() {
return new JdbcAuthorizationCodeServices(oauthDataSource());
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.withClientDetails(clientDetailsService());
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.approvalStore(approvalStore())
.authorizationCodeServices(authorizationCodeServices())
.tokenStore(tokenStore());
}
}
网络安全配置:
@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Autowired
private JdbcUserDetails jdbcUserDetails;
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(jdbcUserDetails).passwordEncoder(passwordEncoder());
}
}
救救我!!!!!!!!!
最佳答案
我最近遇到了同样的问题,我使用 RemoteTokenServices 解决了这个问题,它是您在 ResourceServerConfigurerAdapter (@EnableResourceServer) 的实现中添加的一个 bean。
基本上,它的作用是向 Spring 指示,一旦收到 token ,它将向身份验证服务器询问该 token 是否有效。
代码如下:
@Primary
@Bean
public RemoteTokenServices tokenService() {
RemoteTokenServices tokenService = new RemoteTokenServices();
tokenService.setCheckTokenEndpointUrl(
"http://localhost:8080/spring-security-oauth-server/oauth/check_token");
tokenService.setClientId("fooClientIdPassword");
tokenService.setClientSecret("secret");
return tokenService;
}
作为引用,您可以查看此链接:Remote Token Service
关于spring - Spring Boot资源服务器中的 token 无效,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56162068/