我使用 Spring security Oauth2 在 java 中创建了一个 RESTEasy 服务,用于身份验证和令牌生成。一切对我来说都很好,但是当我尝试访问我的服务以从浏览器 REST 客户端生成令牌时,它会要求提供凭据,但它会失败,但同时如果我通过 Java 中的 HTTPClient 访问相同的服务,它对我有用,
HttpClient client = new DefaultHttpClient();
HttpPost post = new HttpPost("http://localhost:80/my-rest-application/oauth/token");
List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(1);
nameValuePairs.add(new BasicNameValuePair("client_id","myclientid"));
nameValuePairs.add(new BasicNameValuePair("client_secret","myclientsecret"));
nameValuePairs.add(new BasicNameValuePair("username","someuser"));
nameValuePairs.add(new BasicNameValuePair("password","somepassword"));
nameValuePairs.add(new BasicNameValuePair("grant_type","password"));
post.setEntity(new UrlEncodedFormEntity(nameValuePairs));
HttpResponse response = client.execute(post);
java中的Http客户端为我工作,但在浏览器休息客户端中它要求凭据并返回错误请求
知道为什么会这样吗?
我的配置,
<http pattern="/oauth/token" create-session="stateless"
authentication-manager-ref="clientAuthenticationManager"
xmlns="http://www.springframework.org/schema/security" >
<intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
<anonymous enabled="false" />
<http-basic entry-point-ref="clientAuthenticationEntryPoint" />
<!-- include this only if you need to authenticate clients via request parameters -->
<custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
<authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
<authentication-provider user-service-ref="clientDetailsUserService" />
</authentication-manager>
<bean id="clientDetailsUserService"
class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
<constructor-arg ref="clientDetails" />
</bean>
<bean id="clientDetails" class="my own client details implementation"/>
<bean id="clientAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<!-- <property name="realmName" value="springsec/client" /> -->
<property name="realmName" value="test/client" />
<property name="typeName" value="Basic" />
</bean>
<bean id="clientCredentialsTokenEndpointFilter"
class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
<property name="authenticationManager" ref="clientAuthenticationManager" />
</bean>
<authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
<authentication-provider user-service-ref="clientDetailsUserService" />
</authentication-manager>