Spring-boot oauth2 拆分授权服务器和资源服务器 [英] Spring-boot oauth2 splitting authorization server and resource server

问题描述

我试图在 spring-boot 中将资源服务器与授权服务器分开.我有两个不同的应用程序，我分别运行.在授权服务器中，我可以从 oauth/token 获取不记名令牌，但是当我尝试访问资源(在标头中发送令牌)时，我收到无效令牌错误.我的目的是使用 InMemoryTokenStore 和不记名令牌.谁能告诉我我的代码有什么问题?

Im trying to split the resource server from the authorization server in spring-boot. I have two different applications that i'm running separately. In the authorization server i can get the bearer token from oauth/token but when i'm trying to get access to the resource(sending the token in header) i'm getting an invalid token error. My intention is to use the InMemoryTokenStore and the bearer token. Can anyone tell me what is wrong in my code?

授权服务器:

@SpringBootApplication
public class AuthorizationServer extends WebMvcConfigurerAdapter {

  public static void main(String[] args) {
    SpringApplication.run(AuthorizationServer.class, args);
  }

  @Configuration
  @EnableAuthorizationServer
  protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {

  private TokenStore tokenStore = new InMemoryTokenStore();

  @Autowired
  private AuthenticationManager authenticationManager;

  @Override
  public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
      endpoints
        .authenticationManager(authenticationManager)
        .tokenStore(tokenStore);
  }

  @Override
  public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
      security.checkTokenAccess("hasAuthority('ROLE_USER')");
  }

  @Override
  public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
      clients
          .inMemory()
            .withClient("user")
            .secret("password")
            .authorities("ROLE_USER")
            .authorizedGrantTypes("password")
            .scopes("read", "write")
            .accessTokenValiditySeconds(1800);
  }  
}

资源服务器:

@SpringBootApplication 
@RestController
@EnableOAuth2Resource
@EnableWebSecurity
@Configuration
public class ResourceServer extends WebSecurityConfigurerAdapter {



public static void main(String[] args){
     SpringApplication.run(ResourceServer.class, args);
}

@RequestMapping("/")
public String home(){
    return "Hello Resource World!";
}

@Bean
public ResourceServerTokenServices tokenService() {
    RemoteTokenServices tokenServices = new RemoteTokenServices();
    tokenServices.setClientId("user");
    tokenServices.setClientSecret("password");
    tokenServices.setTokenName("tokenName");
    tokenServices.setCheckTokenEndpointUrl("http://localhost:8080/oauth/check_token");
    return tokenServices;
}

@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
    OAuth2AuthenticationManager authenticationManager = new OAuth2AuthenticationManager();
    authenticationManager.setTokenServices(tokenService());
    return authenticationManager;
}

@Configuration
@EnableResourceServer
protected static class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
            .requestMatchers()
            .antMatchers("/","/home")
            .and()
            .authorizeRequests()
            .anyRequest().access("#oauth2.hasScope('read')");
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        TokenStore tokenStore = new InMemoryTokenStore();
        resources.resourceId("Resource Server");
        resources.tokenStore(tokenStore);
    }
}

推荐答案

您已经创建了 InMemoryTokenStore 的 2 个实例.如果您想在身份验证服务器和资源服务器之间共享令牌，则它们需要相同的存储.

You have created 2 instances of InMemoryTokenStore. If you want to share tokens between the auth server and resource server they need the same store.

这篇关于Spring-boot oauth2 拆分授权服务器和资源服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！