1

有人可以帮忙吗,我正在尝试在我的 Rest 应用程序上设置 OAuth2,但是我遇到了一个错误。

我使用 Postman Rest Client 进行测试。

样品请求 在此处输入图像描述

弹簧安全.xml

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.2.xsd

http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-4.2.xsd

http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.2.xsd

http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-4.2.xsd

http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.1.xsd

http://www.springframework.org/schema/security/oauth2
http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd">

<http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager" use-expressions="false"
      xmlns="http://www.springframework.org/schema/security">
      <csrf disabled="true"/>
    <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY"/>
    <anonymous enabled="false"/>
    <http-basic entry-point-ref="clientAuthenticationEntryPoint"/>
    <!-- include this only if you need to authenticate clients via request parameters -->
    <custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER"/>
    <access-denied-handler ref="oauthAccessDeniedHandler"/>
</http>

<!-- The OAuth2 protected resources are separated out into their own block so we can deal with authorization and error handling
   separately. This isn't mandatory, but it makes it easier to control the behaviour. -->
<http pattern="/api/*" create-session="never" entry-point-ref="oauthAuthenticationEntryPoint" use-expressions="false"
      access-decision-manager-ref="accessDecisionManager" xmlns="http://www.springframework.org/schema/security">
    <anonymous enabled="false"/>
    <csrf disabled="true"/>
    <intercept-url pattern="/api/*" access="ROLE_USER"/>
    <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER"/>
    <access-denied-handler ref="oauthAccessDeniedHandler"/>
</http>

<bean id="oauthAuthenticationEntryPoint"
      class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
    <property name="realmName" value="api"/>
</bean>

<bean id="clientAuthenticationEntryPoint"
      class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
    <property name="realmName" value="api"/>
    <property name="typeName" value="Basic"/>
</bean>

<bean id="oauthAccessDeniedHandler"
      class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler"/>

<bean id="clientCredentialsTokenEndpointFilter"
      class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
    <property name="authenticationManager" ref="clientAuthenticationManager"/>
</bean>

<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased"
      xmlns="http://www.springframework.org/schema/beans">
    <constructor-arg>
        <list>
            <bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter"/>
            <bean class="org.springframework.security.access.vote.RoleVoter"/>
            <bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
        </list>
    </constructor-arg>
</bean>

<authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
    <authentication-provider user-service-ref="clientDetailsUserService"/>
</authentication-manager>

<bean id="passwordEncoder"
      class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
    <constructor-arg name="strength" value="11"/>
</bean>

<authentication-manager alias="authenticationManager" xmlns="http://www.springframework.org/schema/security">
    <authentication-provider user-service-ref="userService">
        <password-encoder ref="passwordEncoder"/>
    </authentication-provider>
</authentication-manager>

<bean id="clientDetailsUserService"
      class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
    <constructor-arg ref="clientDetails"/>
</bean>

<!-- Used for the persistenceof tokens (currently an in memory implementation) -->
<bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.JdbcTokenStore">
    <constructor-arg ref="dataSource"/>
</bean>

<bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
    <property name="tokenStore" ref="tokenStore"/>
    <property name="supportRefreshToken" value="true"/>
    <property name="clientDetailsService" ref="clientDetails"/>
</bean>

<bean id="oAuth2RequestFactory"
      class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory">
    <constructor-arg ref="clientDetails"/>
</bean>

<bean id="userApprovalHandler"
      class="org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler">
    <property name="tokenStore" ref="tokenStore"/>
    <property name="requestFactory" ref="oAuth2RequestFactory"/>
</bean>


<!-- authorization-server aka AuthorizationServerTokenServices is an interface that defines everything necessary for token management -->
<oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices"
                            user-approval-handler-ref="userApprovalHandler">
    <oauth:authorization-code/>
    <oauth:implicit/>
    <oauth:refresh-token/>
    <oauth:client-credentials/>
    <oauth:password/>
</oauth:authorization-server>

<oauth:resource-server id="resourceServerFilter" resource-id="test" token-services-ref="tokenServices"/>

<bean id="clientDetails"
      class="com.example.service.impl.ClientService">
</bean>

<sec:global-method-security pre-post-annotations="enabled" proxy-target-class="true">
    <!--you could also wire in the expression handler up at the layer of the http filters. See https://jira.springsource.org/browse/SEC-1452 -->
    <sec:expression-handler ref="oauthExpressionHandler"/>
</sec:global-method-security>

<oauth:expression-handler id="oauthExpressionHandler"/>

<oauth:web-expression-handler id="oauthWebExpressionHandler"/>

表设置

DROP TABLE IF EXISTS auth_details;
CREATE TABLE auth_details (
   id BIGINT NOT NULL AUTO_INCREMENT,
    username varchar(256),
     password varchar(256),
   PRIMARY KEY (id)
) ENGINE=InnoDB ;

   <!--test/password-->
 insert into auth_details values('test','$2a$11$gxpnezmYfNJRYnw/EpIK5Oe08TlwZDmcmUeKkrGcSGGHXvWaxUwQ2');

DROP TABLE IF EXISTS oauth_client_details;
  CREATE TABLE oauth_client_details (
  client_id varchar(256) NOT NULL,
   resource_ids varchar(256) DEFAULT NULL,
  client_secret varchar(256) DEFAULT NULL,
      scope varchar(256) DEFAULT NULL,
     authorized_grant_types varchar(256) DEFAULT NULL,
     web_server_redirect_uri varchar(256) DEFAULT NULL,
    authorities varchar(256) DEFAULT NULL,
     access_token_validity int(11) DEFAULT NULL,
    refresh_token_validity int(11) DEFAULT NULL,
   additional_information varchar(4096) DEFAULT NULL,
    autoapprove varchar(4096) DEFAULT NULL,
     PRIMARY KEY (client_id)
      );

   INSERT INTO oauth_client_details(client_id, resource_ids,   client_secret, scope, authorized_grant_types, authorities, access_token_validity, refresh_token_validity)VALUES ('test-client-id', 'rest_api', '12345', 'trust,read,write', 'password,authorization_code,refresh_token,implicit', 'ROLE_USER', '5', '1000');

DROP TABLE IF EXISTS oauth_access_token;

  CREATE TABLE oauth_access_token (
  token_id varchar(256) DEFAULT NULL,
   token blob,
     authentication_id varchar(256) DEFAULT NULL,
   user_name varchar(256) DEFAULT NULL,
  client_id varchar(256) DEFAULT NULL,
   authentication blob,
    refresh_token varchar(256) DEFAULT NULL
    ) ENGINE=InnoDB DEFAULT CHARSET=latin1;


 DROP TABLE IF EXISTS oauth_refresh_token;

 CREATE TABLE oauth_refresh_token (
 token_id varchar(256) DEFAULT NULL,
    token blob,
    authentication blob
 ) ENGINE=InnoDB DEFAULT CHARSET=latin1;

web.xml

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/rest-servlet.xml,
       classpath*:META-INF/spring/applicationContext.xml,
       classpath*:META-INF/spring/applicationContext-security.xml
     </param-value>
  </context-param>
  <listener>
    <listener- class>org.springframework.web.context.ContextLoaderListener</listener-class>
 </listener>
 <filter>
    <filter-name>characterEncodingFilter</filter-name>
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
    <init-param>
        <param-name>encoding</param-name>
        <param-value>UTF-8</param-value>
    </init-param>
    <init-param>
        <param-name>forceEncoding</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>characterEncodingFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<!-- Spring Security -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    <init-param>
        <param-name>contextAttribute</param-name>
        <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.rest</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
    <servlet-name>rest</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>rest</servlet-name>
    <url-pattern>/api/</url-pattern>
</servlet-mapping>

谢谢。

4

0 回答 0