Spring-Security-Oauth2:访问此资源需要完全身份验证 [英] Spring-Security-Oauth2: Full authentication is required to access this resource
问题描述
我正在尝试使用基于Java的配置的 spring-security-oauth2.0
。我的配置已完成,但是当我在tomcat上部署应用程序并点击访问令牌的 / oauth / token
url时, Oauth
产生以下错误:
I am trying to use spring-security-oauth2.0
with Java based configuration. My configuration is done, but when i deploy application on tomcat and hit the /oauth/token
url for access token, Oauth
generate the follwoing error:
<oauth>
<error_description>Full authentication is required to access this resource</error_description>
<error>unauthorized</error>
</oauth>
我的配置在 Git hub,请点击链接
代码很大,所以请参考git。我正在使用chrome postman客户端发送请求。以下是我的要求。
The code is large, so refer to git. I am using chrome postman client for send request. follwing is my request.
POST /dummy-project-web/oauth/token HTTP/1.1
Host: localhost:8081
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&client_id=abc%40gmail.com&client_secret=12345678
错误就好了,网址是安全的 Oauth
,但在配置中,我授予访问此URL的所有权限。这个问题实际上是什么?
The error is just like, the URL is secure by Oauth
, but in configuration, i give the all permission for access this URL. What actual this problem is?
推荐答案
client_id
和 client_secret
,默认情况下,应该放在Authorization标头中,而不是form-urlencoded主体。
The client_id
and client_secret
, by default, should go in the Authorization header, not the form-urlencoded body.
- 连接你的
client_id
和client_secret
,它们之间有一个冒号:abc@gmail.com :12345678
。 - Base 64对结果进行编码:
YWJjQGdtYWlsLmNvbToxMjM0NTY3OA ==
- 设置授权标题:
授权:基本YWJjQGdtYWlsLmNvbToxMjM0NTY3OA ==
- Concatenate your
client_id
andclient_secret
, with a colon between them:abc@gmail.com:12345678
. - Base 64 encode the result:
YWJjQGdtYWlsLmNvbToxMjM0NTY3OA==
- Set the Authorization header:
Authorization: Basic YWJjQGdtYWlsLmNvbToxMjM0NTY3OA==
这篇关于Spring-Security-Oauth2:访问此资源需要完全身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!