如何为OAuth2RestTemplate设置HTTP标头 [英] How to set HTTP Header for OAuth2RestTemplate

问题描述

我正在尝试使用Spring Secruity的OAuth API从基于Spring MVC 4的Web服务（不是Spring Boot）中从外部发布的API获取访问令牌。

Am trying to use Spring Secruity's OAuth API to obtain an access token from an externally published API within a Spring MVC 4 based Web Services (not Spring Boot).

该curl命令有效（并且它的内容是获取访问令牌所需的全部内容）：

This curl command works (and its contents are all that I need to obtain an access token):

curl -X POST \
https://api.app.com/v1/oauth/token \
  -H 'content-type: application/x-www-form-urlencoded' \
  -d'grant_type=client_credentials&client_id=bcfrtew123&client_secret=Y67493012'

Spring Security OAuth API：

Spring Security OAuth API:

<dependency>
   <groupId>org.springframework.security.oauth</groupId>
     <artifactId>spring-security-oauth2</artifactId>
     <version>2.1.1.RELEASE</version>
</dependency>

我获取访问令牌的代码：

My code to obtain access token:

@RequestMapping(value = "/getAccessToken", method = RequestMethod.POST, consumes="application/x-www-form-urlencoded")
public OAuth2AccessToken getAccessToken(@RequestParam(value="client_id", required=true) String clientId, @RequestParam(value="client_secret", required=true) String clientSecret) throws Exception {
    String tokenUri = "https://api.app.com/v1/oauth/token";

    ResourceOwnerPasswordResourceDetails resourceDetails = new ResourceOwnerPasswordResourceDetails();

    resourceDetails.setAccessTokenUri(tokenUri);
    resourceDetails.setClientId(clientId);
    resourceDetails.setClientSecret(clientSecret);
    resourceDetails.setGrantType("client_credentials");
    resourceDetails.setScope(Arrays.asList("read", "write"));

    DefaultOAuth2ClientContext clientContext = new DefaultOAuth2ClientContext();

    oauth2RestTemplate = new OAuth2RestTemplate(resourceDetails, clientContext);

    OAuth2AccessToken token = oauth2RestTemplate.getAccessToken();
    return token;
}

当我从本地tomcat实例调用getAccessToken调用时：

When I invoke the getAccessToken call from my local tomcat instance:

access_denied 
error_description=Unable to obtain a new access token for resource 'null'. 
The provider manager is not configured to support it.

我怀疑原因是我的Http Header的Content-Type没有设置为

Am suspecting the reason is that my Http Header's Content-Type is not set for

application/x-www-form-urlencoded

如何为以下项设置该值：

How do I do set that for:

import org.springframework.security.oauth2.client.OAuth2RestTemplate;

如果您注意到，我试图在@RequestMapping内设置，不要以为工作：

If you notice, I am trying to set in inside the @RequestMapping and don't think that its working:

@RequestMapping(consumes="application/x-www-form-urlencoded") 

推荐答案

在Oauth2Restemplate中访问令牌的http标头在以下情况下设置： ClientCredentialsAccessTokenProvider的方法（因为授予类型是客户端凭据）

The http headers for accessing the token in Oauth2Restemplate in case of Client credentials are set in below method of ClientCredentialsAccessTokenProvider (since grant type is client credentials)

public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails details, AccessTokenRequest request)
        throws UserRedirectRequiredException, AccessDeniedException, 
OAuth2AccessDeniedException {

ClientCredentialsResourceDetails resource = (ClientCredentialsResourceDetails) details;
return retrieveToken(request, resource, getParametersForTokenRequest(resource), new HttpHeaders());

}

我们可以通过使用新的自定义访问令牌来设置http标头客户端凭据的提供者，并按如下所示修改方法：

We can set the http headers by having new custom Access token provider for client credentials and modifying the method as follows:

public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails details, AccessTokenRequest request)
        throws UserRedirectRequiredException, AccessDeniedException, OAuth2AccessDeniedException {

ClientCredentialsResourceDetails resource = (ClientCredentialsResourceDetails) details;

    HttpHeaders headers1 = new HttpHeaders();

    headers1.add("Content-Type", "application/x-www-form-urlencoded");

    return retrieveToken(request, resource, getParametersForTokenRequest(resource), headers1);

}

您可以将类与ClientCredentialsAccessTokenProvider保持相同，并仅添加

You can keep the class same as ClientCredentialsAccessTokenProvider and add just the header lines.

最后一步是在配置Oauth2RestTemplate时将此新类设置为访问令牌。

Last step will be to set this new class as access token in configuration of Oauth2RestTemplate.

oauth2RestTemplate.setAccessTokenProvider(new ClientCredentialsCustomAccessTokenProvider());

这对我有用！

这篇关于如何为OAuth2RestTemplate设置HTTP标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！