spirng boot 2 jwt oauth2 + angular 5 无法获得 JWT [英] spirng boot 2 jwt oauth2 + angular 5 can't get the JWT

问题描述

我是 spring boot 和 spring security 的新手，我正在尝试实现 oauth2 以生成 JWT 并在 angular5 应用程序中使用此令牌，我的情况是，在实现后，如果使用邮递员，我可以获得令牌或 curl，但是当我以 angular 使用我的网络客户端时，我无法获得令牌.

I'm new working with spring boot and spring security and I'm trying to implement oauth2 to generate a JWT and used this token in an angular5 application, my situation is that after implementation I can get the token if a use postman or curl but when I use my web client in angular I can't get the token.

这就是我所做的.

我的登录方式是angular

My login method is angular

login(username: string, password: string ) {
    const params:  HttpParams = new  HttpParams();
    const headers: Headers = new Headers();

    params.set('username', 'GDELOSSANTOS');
    params.set('password', 'ADMIN');
    params.set('client_id', 'ADMIN');
    params.set('client_secret', 'ADMIN');
    params.set('grant_type', 'password');
    params.set('scope', '*');

    headers.set('Content-Type', 'application/x-www-form-urlencoded');

      return this.http.post(Constante.BACKEND_TOKEN_REQUEST, {headers}, {params} ).subscribe
          (res => this.setSession);
  }

我的授权服务器

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    private static final Logger logger = LogManager.getLogger(AuthorizationServerConfig.class);

    @Value("${security.oauth2.resource.id}")
    private String resourceId;

    @Autowired
    @Qualifier("authenticationManagerBean")
    private AuthenticationManager authenticationManager;

    @Override
    public void configure(final AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
        oauthServer.tokenKeyAccess("permitAll()")
        .checkTokenAccess("isAuthenticated()");
    }

    @Override
    public void configure(final ClientDetailsServiceConfigurer clients) throws Exception {
        logger.traceEntry();

        clients
        .inMemory()
        .withClient(ConstanteUtil.Seguridad.CLIEN_ID)
        .secret(Seguridad.CLIENT_SECRET)
        .authorizedGrantTypes(Seguridad.GRANT_TYPE_PASSWORD, Seguridad.AUTHORIZATION_CODE, Seguridad.REFRESH_TOKEN, Seguridad.IMPLICIT )
        .authorities(UsusarioRoles.ROLE_ADMIN, UsusarioRoles.ROLE_USER)
        .resourceIds(resourceId)
        .scopes(Seguridad.SCOPE_READ, Seguridad.SCOPE_WRITE, Seguridad.TRUST)
        .accessTokenValiditySeconds(Seguridad.ACCESS_TOKEN_VALIDITY_SECONDS).
        refreshTokenValiditySeconds(Seguridad.FREFRESH_TOKEN_VALIDITY_SECONDS);
        logger.info("Configuracion " + clients);
        logger.traceExit();
    }

    @Bean
    @Primary
    public DefaultTokenServices tokenServices() {
        final DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        defaultTokenServices.setSupportRefreshToken(true);
        return defaultTokenServices;
    }

    @Override
    public void configure(final AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        final TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
        tokenEnhancerChain.setTokenEnhancers(Arrays.asList(tokenEnhancer(), accessTokenConverter()));
        endpoints.tokenStore(tokenStore())
        .tokenEnhancer(tokenEnhancerChain)
        .authenticationManager(authenticationManager);
    }

    @Bean
    public TokenStore tokenStore() {
        return new JwtTokenStore(accessTokenConverter());
    }

    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        final JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        converter.setSigningKey("123");
        return converter;
    }

    @Bean
    public TokenEnhancer tokenEnhancer() {
        return new CustomTokenEnhancer();
    }

}

我的资源服务器

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    private static final Logger logger = LogManager.getLogger(AuthorizationServerConfig.class);

    @Value("${security.oauth2.resource.id}")
    private String resourceId;

    @Override
    public void configure(final HttpSecurity http) throws Exception {
        logger.traceEntry("Entrada configure");
        // @formatter:off
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
        .and()
        .authorizeRequests().anyRequest().permitAll();
        logger.info("Ejecucion de metodo " + http);
        // @formatter:on                
    }

    @Override
    public void configure(final ResourceServerSecurityConfigurer config) {
        config.resourceId(resourceId).stateless(true);  }
}

网络安全

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private static final Logger logger = LogManager.getLogger(WebSecurityConfig.class);


    @Autowired
    @Resource(name = "UsuarioService")
    private UserDetailsService userDetailsService;

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Autowired
    public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
        logger.traceEntry("globalUserDetails", auth);
        auth.userDetailsService(userDetailsService)
        .passwordEncoder(encoder());

        logger.traceExit("globalUserDetails", auth);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        logger.traceEntry();
        logger.info("ejecutando configuracion " + http);
        http.cors().disable()
        .csrf().disable()
        .anonymous().disable()
        .authorizeRequests()
        .antMatchers("/login", "/logout.do").permitAll() 
        .antMatchers("/**").authenticated()
        .and().formLogin().loginPage("/login").permitAll()
        .and().httpBasic();

        logger.info("se ejecuto configuracion " + http);

    }

    @Bean
    public BCryptPasswordEncoder encoder(){
        return new BCryptPasswordEncoder();
    }

    @Bean
    public FilterRegistrationBean corsFilter() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = new CorsConfiguration();
        config.setAllowCredentials(true);
        config.addAllowedOrigin("*");
        config.addAllowedHeader("*");
        config.addAllowedMethod("*");
        source.registerCorsConfiguration("/**", config);
        FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
        bean.setOrder(0);
        return bean;
    }

    @Bean
    public WebMvcConfigurer corsConfigurer() {
        return new WebMvcConfigurerAdapter() {
            @Override
            public void addCorsMappings(CorsRegistry registry) {
                registry.addMapping("/auth/token").allowedOrigins("http://localhost:9000");
            }
        };
    }
}

UserDetailService的loadUserDetail的实现@覆盖public UserDetails loadUserByUsername(String username) 抛出 UsernameNotFoundException {logger.traceEntry("Iniciando loadUserByUsername");/这里我们使用的是虚拟数据，您需要从中加载用户数据数据库或其他第三方应用程序/尝试 {Usuario usuario = findAllUsuarioRoleByName(username);logger.info("Se encontro el usaurio " + usuario);

The implementation of loadUserDetail of UserDetailService @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { logger.traceEntry("Iniciando loadUserByUsername"); /Here we are using dummy data, you need to load user data from database or other third party application/ try { Usuario usuario = findAllUsuarioRoleByName(username); logger.info("Se encontro el usaurio " + usuario);

    UserBuilder builder = null;
    if (usuario != null) {
        List<String> roles =  new ArrayList<>();

        Collection<UsuarioRole> usuarioRoleByUsuarioName = usuarioRoleRepository.findAllUsuarioRoleByUsuarioName(usuario.getNombreUsuario());
        logger.info("Roles encontrados " + usuarioRoleByUsuarioName.size());
        for(UsuarioRole usuarioRole : usuarioRoleByUsuarioName) {
            roles.add(usuarioRole.getRole().getNombreRole());
        }

        String[] rolesArray = new String[roles.size()];
        rolesArray = roles.toArray(rolesArray);

        builder = org.springframework.security.core.userdetails.User.withUsername(username);
        builder.password(new BCryptPasswordEncoder().encode(usuario.getClaveUsuario()));
        for (String string : rolesArray) {
            logger.debug("**** " + string);
        }
        builder.roles(rolesArray);
    } else {
        throw new UsernameNotFoundException("User not found.");
    }

    return builder.build();
    }finally {
        logger.traceExit("Finalizando loadUserByUsername");
    }
}

推荐答案

对您的 Angular 代码进行以下调整.

Make the following adjustments to your angular code.

1. 通过授权标头传递 client_id 和 client_secret.

2. 发布前序列化对象(您可以参考这个答案).

login(username: string, password: string ) {

    let body = {
        username: 'GDELOSSANTOS',
        password: 'ADMIN',
        grant_type: 'password'
    };

    // Serialize body object

    let bodySerialized = 'grant_type=password&password=ADMIN&username=GDELOSSANTOS';

    let headers = new HttpHeaders()
        .set('Content-Type', 'application/x-www-form-urlencoded')
        .set('Authorization', 'Basic ' + btoa("ADMIN:ADMIN"));

    return this.http.post(Constante.BACKEND_TOKEN_REQUEST,
        bodySerialized,
        {
            headers: headers
        }).subscribe(res => this.setSession);
 }

这篇关于spirng boot 2 jwt oauth2 + angular 5 无法获得 JWT的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！