POST请求“需要完全认证才能访问该资源". [英] POST request "Full authentication is required to access this resource"

问题描述

有人尝试使用POST请求oauth/token进行身份验证时是否遇到错误访问此资源需要完全身份验证"?

Does anybody encountered the error "Full authentication is required to access this resource" trying to authenticate by using POST request oauth/token?

卷曲命令:

curl localhost:85/oauth/token -d grant_type=password -d client_id=web_app -d username=reader -d password=reader

回复:

{"timestamp":1486841819620,"status":401,"error":"Unauthorized","message":"Full authentication is required to access this resource","path":"/oauth/token"}

ResourceServerConfiguration配置

http .csrf().disable() .authorizeRequests() .antMatchers("/**").authenticated() .antMatchers(HttpMethod.GET, "/me").hasAuthority("FOO_READ")

WebSecurityConfig配置

http .csrf().disable() .exceptionHandling() .authenticationEntryPoint((request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED))

谢谢！

推荐答案

此错误消息来自您自己的后端服务器.这是一个Spring框架错误.如果使用2个提供程序进行检查，则可以看到错误消息对于两个提供商都是相同的.就我而言，问题的根源是我作为回调URL的错误映射.我将服务器配置为允许到达端点localhost:8080/oauth2/callback/**的所有请求都无需身份验证就可以通过，而来自提供程序的回调被配置为localhost:8080/login/oauth2/**.我在此教程后犯了这个错误.由于任何原因，如果这些配置之间不匹配，您将得到错误.

This error message is from your own back end server. It is a spring framework error. If you check this with 2 providers, you can see that the error message is the same for both. The source of the problem, in my case, was my wrong mapping as a call back url. I configured my server to permit all requests that hit the endpoint localhost:8080/oauth2/callback/** to pass without authentication while the callback coming from the providers was configured as localhost:8080/login/oauth2/**. I did this mistake following this tutorial. For any reason, if there is a mismatch between these configurations, you will get the error.

这篇关于POST请求“需要完全认证才能访问该资源".的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！