oauth2在验证后返回令牌的java 配置是什么？ [英] what are the java* configuration for oauth2 to return token after authentication*

查看：406 发布时间：2019/1/15 20:52:00 security java-ee spring-security oauth-2.0 spring-boot

本文介绍了oauth2在验证后返回令牌的java *配置是什么？的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

您好我正在为我的项目使用spring boot，所以我没有使用xml来进行任何配置，只使用java。我在github上使用这个项目作为参考 https://github.com/techdev-solutions/ jaxenter-showcase 。

Hi I am using spring boot for my project so I am not using xml for any of my configurations, only java. I am using this project on github as a reference https://github.com/techdev-solutions/jaxenter-showcase .

当我提出请求时（ http：// localhost：8081 / oauth / authorize？client_id = web& response_type = token ，标题中包含用户名和密码）令牌返回重定向html网站不是令牌..如何配置oauth2以在响应中返回令牌。

When I make a request(http://localhost:8081/oauth/authorize?client_id=web&response_type=token with username and password in header) for the token it returns the redirect html site not the token.. How do I configure oauth2 to return the token in the response.

如果我使用curl发送请求，它会给我我想要的内容：curl curl：password @ localhost：8081 / oauth / token\？grant_type = client_credentials

If I send a request using curl it gives me exactly what I want: curl curl:password@localhost:8081/oauth/token\?grant_type=client_credentials

如果我尝试通过http客户端模仿相同的请求
http：// localhost：8081 / oauth / token？client_secret = password& client_id = curl& grant_type = client_credentials

if I try to mimic the same request via a http client http://localhost:8081/oauth/token?client_secret=password&client_id=curl&grant_type=client_credentials

我获得401未经授权

这是我的java配置：

Here is my java config:

package de.techdev.jaxenter;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;

import javax.sql.DataSource;

/**
 * @author Moritz Schulze
 */
@Configuration
@EnableAuthorizationServer
public class OAuthConfiguration extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private DataSource dataSource;

    @Bean
    public TokenStore tokenStore() {
        return new JdbcTokenStore(dataSource);
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.tokenStore(tokenStore());
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
        .withClient("curl") //curl curl:password@localhost:8081/oauth/token\?grant_type=client_credentials
        .authorities("ROLE_ADMIN")
        .resourceIds("jaxenter")
        .scopes("read", "write")
        .authorizedGrantTypes("client_credentials")
        .secret("password")
        .and()
        .withClient("web") //http://localhost:8081/oauth/authorize?client_id=web&response_type=token
        .redirectUris("http://github.com/techdev-solutions/")
        .authorities("ROLE_ADMIN")
        .resourceIds("jaxenter")
        .scopes("read, write")
        //.authorizedGrantTypes("implicit")
        .authorizedGrantTypes("implicit","client_credentials")
        .autoApprove(true)
        .secret("password")
        .and()
        .withClient("my-trusted-client")
            .authorizedGrantTypes("password","authorization_code","refresh_token","implicit","redirect")
            .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
            .scopes("read", "write", "trust")
            .redirectUris("http://localhost:8080")
            .authorizedGrantTypes("implicit")
            .accessTokenValiditySeconds(60)
            .refreshTokenValiditySeconds(30);
    }
}

package de.techdev.jaxenter;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * @author Moritz Schulze
 */
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
            .withUser("John").roles("ADMIN").password("password")
            .and()
            .withUser("Mary").roles("BASIC").password("password");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/**").authenticated()
            .and().httpBasic().realmName("OAuth Server");
    }
}

还发现了一个类似问题尚未解决的帖子
Spring Security OAUTH2获取用户名/密码的令牌

also discovered a post with similar issue that is unresolved Spring Security OAUTH2 getting token with username/password

推荐答案

首先，您必须提供授权类型

first of all you always have to provide grant type

http：// username：password@url.com 格式几乎不再支持，
https://code.google.com/p / chromium / issues / detail？id = 82250＃c7
所以您的问题可能是将凭据传递给授权服务器，这是浏览器问题而不是Oauth的配置而我不太确定为什么你想直接在网络浏览器中访问/ oauth / token，如果你正在使用spring应用程序进行登录一堆Oauth restTemplates并且它们在这种情况下运行良好，oauth不仅仅是任何基本的登录功能，它允许一个服务器使用令牌与其他服务器建立连接并使用其资源，如果你想登录该服务器直接使用Web浏览器，您应该提供这样做的方法

http://username:password@url.com format is pretty much no more supproted , https://code.google.com/p/chromium/issues/detail?id=82250#c7 so your problem is probably with passing credentials to the authorizng server, it is the browser issue not the configuration of the Oauth and I am not really sure why you would want to acces /oauth/token directly in web browser, if you are loging with spring application you have bunch of Oauth restTemplates and they work fine with this scenario, oauth is not just any basic login feature it allows one server to establish connection with some other server with the use of token and use its resources, if you want to log into that server directly with web browser you should provide the way to do so

例如，如果您已经使用curl获取令牌并尝试访问资源，您可以尝试将其传递给网页浏览器，因为你不再需要身份验证只需添加Bearer e2cb0291-596c-48e0-8e93-2b29b2881406（示例令牌）作为标题，它将在这次工作

for example if you already acquire token with your curl and try to acces the resource you can try to pass it in web browser beacuse you do not need authentication anymore just add Bearer e2cb0291-596c-48e0-8e93-2b29b2881406(sample token )as header and it will work this time

这篇关于oauth2在验证后返回令牌的java *配置是什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

oauth2在验证后返回令牌的java 配置是什么？ [英] what are the java* configuration for oauth2 to return token after authentication*

问题描述

推荐答案

相关文章

J2EE最新文章

热门教程

热门工具

登录关闭

oauth2在验证后返回令牌的java *配置是什么？ [英] what are the java* configuration for oauth2 to return token after authentication

问题描述

推荐答案

相关文章

J2EE最新文章

热门教程

热门工具

登录 关闭

oauth2在验证后返回令牌的java 配置是什么？ [英] what are the java* configuration for oauth2 to return token after authentication*

登录关闭