Oauth2和Spring-Security：使用Oauth2和spring-security进行身份验证失败 [英] Oauth2 and Spring-Security: Fail on authentication using Oauth2 and spring-security

问题描述

我想使用Oauth2和Spring-security与休息Web服务。我是新的，我正在尝试通过一些网站的帮助创建配置。不过，我显然不明白oauth如何以及为oauth进行身份认证的流程。我正在使用最新的依赖关系点击链接查看我的配置。我正在使用数据库来存储客户端信息和令牌。当我尝试访问该令牌时，使用以下请求和发布正文的URL：

I want to use Oauth2 and Spring-security with rest web service. I am new for this, i am trying to create configuration with the help of some websites. Still, i clearly not understand how and what is the flow for oauth authenticate for rest service. i am using latest dependencies Click on the link for see my configurations. I am using database for store clients information and tokens. when i trying to access the token, using follwoing url with post request and post body:

http://localhost:8080/empirecl-api/oauth/token
grant_type=password&username=a@a.com&password=password&client_id=my-client-with-secret&client_secret=ak_secret

将显示基本身份验证弹出框。我正在使用chrome rest postman客户端。我在我的数据库中存储用户表，用户名和密码，当我输入用户名和密码时，验证失败，如果我使用我的 client_id 和 client_secret 作为用户名和密码，认证失败。当我取消 json 之后的基本身份验证的弹出时，返回：

The basic authentication pop-up box will appear. I am using chrome rest postman client. I have user table in my database where i store, username and password, when i enter those username and password, the authentication fail, If i use i my client_id and client_secret as a username and password, the authentication is fail. When i cancel the pop of basic authentication following json is return:

{
"error": "unauthorized",
"error_description": "No client with requested id: a@a.com"
}

我无法确定会发生什么。

I am unable to figure out what will happen.

当我尝试访问以下网址获得reqquest：

When i trying to access following url with get reqquest:

http://localhost:8080/empirecl-api/oauth/authorize?grant_type=password&username=a@a.com&password=password

以下错误将返回：

{
"error": {
    "error": "invalid_client",
    "error_description": "Bad client credentials"
}
}

当我检查控制台中的错误时，eclipse显示以下错误：

When i check the error in console, of eclipse, the follwoing error is display:

AuthorizationEndpoint:436 - Handling ClientRegistrationException error: No client with requested id: null

我如何解决这个问题，以及如何使用Oauth和我的休息api。我也想用Oauth来保护我的所有休息地址。

How i resolve this problem and how to use Oauth with my rest api. I also want to secure my all rest url with Oauth.

推荐答案

您需要将您的客户端用户名和密码作为Base64编码的授权头文件传递。

You need to pass your client username and password as a Base64 encoded Authorization header.

尝试使用卷曲。这是一个例子：

Try using curl. Here is an example:


curl -v -X POST \

-HContent-类型：application / json\

-H授权：基本MzUzYjMwMmM0NDU3NGY1NjUwNDU2ODdlNTM0ZTdkNmE6Mjg2OTI0Njk3ZTYxNWE2NzJhNjQ2YTQ5MzU0NTY0NmM =\

'http：// localhost：8080 / empirecl-api / oauth / token？ grant_type = password& username=a@a.com& password = password'


我有一个描述的工作示例href =http://porterhead.blogspot.co.uk/2014/05/securing-rest-services-with-spring.html =nofollow> here

I have a working example described here

这篇关于Oauth2和Spring-Security：使用Oauth2和spring-security进行身份验证失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！