春季安全的oauth2获得令牌的用户名/密码 [英] Spring Security OAUTH2 getting token with username/password
问题描述
我的问题很简单。我不知道该怎么设置我的OAuth2认证服务器来接受用户名/密码,并返回我的令牌。
如果我使用:
卷发:密码@本地:8081 /的OAuth /令牌\\ grant_type = client_credentials
它返回我的令牌,但问题是,它注册用户蜷缩在DB所以......没那么好...
如果我使用:
的http://www.example.com:8081/oauth/authorize?client_id=web&response_type=token
它提示用户名和密码对话框,我输入他们,然后问我,我你授权网站访问您的受保护的资源?
scope.read:拒绝批准
我可以结合这两个,只是创建简单的请求,将返回我的令牌?我想用它在春天引导和泽西使用REST风格的WS angularjs前端。
我应该使用此方案
<一href=\"https://github.com/spring-projects/spring-security-oauth/blob/master/spring-security-oauth2/src/test/resources/schema.sql\" rel=\"nofollow\">https://github.com/spring-projects/spring-security-oauth/blob/master/spring-security-oauth2/src/test/resources/schema.sql
使用这个配置 - > clients.jdbc(数据源);
如何设置一个用户为该计划?只是基本的登录用户名和密码。
OauthConfiguration
@Configuration
@EnableAuthorizationServer
公共类OAuthConfiguration扩展AuthorizationServerConfigurerAdapter
{@Autowired
私人数据源数据源;@豆
公共TokenStore tokenStore()
{
返回新JdbcTokenStore(数据源);
}@覆盖
公共无效配置(AuthorizationServerEndpointsConfigurer终点)抛出异常
{
endpoints.tokenStore(tokenStore());
}@覆盖
公共无效配置(ClientDetailsServiceConfigurer客户端)抛出异常
{
// @formatter:关闭
clients.inMemory()
.withClient(卷曲)
.authorities(USER)
.resourceIds(reee)
.scopes(读,写)
.authorizedGrantTypes(client_credentials)
.secret(密码)
。和()
.withClient(网)
.redirectUris(http://github.com/techdev-solutions/)
.resourceIds(reee)
.scopes(读取)
.authorizedGrantTypes(隐);
// @formatter:上
}
}
SecurityConfiguration
@Configuration
@EnableWebSecurity
公共类SecurityConfiguration扩展WebSecurityConfigurerAdapter
{
@Autowired
私人数据源数据源;@覆盖
保护无效配置(HttpSecurity HTTP)抛出异常
{
http.authorizeRequests()。antMatchers(/ **)。验证()
。而()httpBasic()的realmName(OAuth的服务器)。;
}@覆盖
保护无效配置(AuthenticationManagerBuilder AUTH)抛出异常
{
PasswordEn codeR EN codeR =新BCryptPasswordEn codeR(); auth.userDetailsService(UserDetailsService的())passwordEn codeR(EN codeR)。
auth.jdbcAuthentication()数据源(数据源)。
}@豆
公众的UserDetailsService的UserDetailsService()
{
返回新CustomUserDetailsService(数据源);
}
}
我认为我们有类似的问题,我已经打开了Q&安培;一<一href=\"http://stackoverflow.com/questions/27929303/what-are-the-java-configuration-for-oauth2-to-return-token-after-authentication\">what是Java *作的oauth2身份验证后返回令牌配置
您可以避免在请求的的http://本地主机:8081 /的OAuth /授权的client_id =网络和放大器; RESPONSE_TYPE =令牌并在您的客户端配置为网路上clients.inMemory()自动审批(真),但服务器将与回应?重定向URL。我的问题是,我不希望它重定向我只是想在响应中的令牌。
my problem is very "simple". I don't know how to setup my OAUTH2 auth server to accept username/password and returns me token.
If I use:
curl curl:password@localhost:8081/oauth/token\?grant_type=client_credentials it returns me the token but the problem is that it registers user "curl" in the DB so... not so good...
If I use:
http://www.example.com:8081/oauth/authorize?client_id=web&response_type=token it prompts username and password dialog, I enter them and then it asks me I "Do you authorize 'web' to access your protected resources?
scope.read: Approve Deny"
Can I combine those two and just create simple request which will return me the token? I want to use it for angularjs frontend using RESTful WS in Spring Boot and Jersey.
Should I use this scheme https://github.com/spring-projects/spring-security-oauth/blob/master/spring-security-oauth2/src/test/resources/schema.sql
use this config -> clients.jdbc(dataSource);
How to setup one user for that scheme? just basic login with username and password.
OauthConfiguration
@Configuration
@EnableAuthorizationServer
public class OAuthConfiguration extends AuthorizationServerConfigurerAdapter
{
@Autowired
private DataSource dataSource;
@Bean
public TokenStore tokenStore()
{
return new JdbcTokenStore(dataSource);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception
{
endpoints.tokenStore(tokenStore());
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception
{
// @formatter:off
clients.inMemory()
.withClient("curl")
.authorities("USER")
.resourceIds("reee")
.scopes("read", "write")
.authorizedGrantTypes("client_credentials")
.secret("password")
.and()
.withClient("web")
.redirectUris("http://github.com/techdev-solutions/")
.resourceIds("reee")
.scopes("read")
.authorizedGrantTypes("implicit");
// @formatter:on
}
}
SecurityConfiguration
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter
{
@Autowired
private DataSource dataSource;
@Override
protected void configure(HttpSecurity http) throws Exception
{
http.authorizeRequests().antMatchers("/**").authenticated()
.and().httpBasic().realmName("OAuth Server");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
{
PasswordEncoder encoder = new BCryptPasswordEncoder();
auth.userDetailsService(userDetailsService()).passwordEncoder(encoder);
auth.jdbcAuthentication().dataSource(dataSource);
}
@Bean
public UserDetailsService userDetailsService()
{
return new CustomUserDetailsService(dataSource);
}
}
i think we have similar issues as i have opened a q & a what are the java* configuration for oauth2 to return token after authentication
you can avoid the username and password box by adding username and password in the header of the request http://localhost:8081/oauth/authorize?client_id=web&response_type=token and in your client configuration for web add clients.inMemory().autoApprove(true) however server will respond with the redirect url. My problem is that I don't want it to redirect I just want the token in the response..
这篇关于春季安全的oauth2获得令牌的用户名/密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!