我尝试实现自定义身份验证服务器和客户端。我以这段代码为例。我将 Tonr2 应用程序修改为不使用任何用户。我想转换这 2 个应用程序。Tonr2 应该根据来自 Sparklr2 的会话创建用户会话。现在我修改了这部分:
在 Sparklr2(ResourceConfiguration 类)中:
@Bean
public OAuth2ProtectedResourceDetails sparklr() {
ClientCredentialsResourceDetails details = new ClientCredentialsResourceDetails();
details.setId("sparklr/tonr");
details.setClientId("tonr");
details.setClientSecret("secret");
details.setAccessTokenUri(accessTokenUri);
details.setAuthenticationScheme(AuthenticationScheme.query);
details.setClientAuthenticationScheme(AuthenticationScheme.form);
details.setScope(Arrays.asList("read", "write"));
return details;
}
在 Tonr2 中:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
// I removed all users
// @Override
// protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// auth.inMemoryAuthentication().withUser("marissa").password("wombat").roles("USER").and().withUser("sam")
// .password("kangaroo").roles("USER");
// }
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/sparklr/**").permitAll();
}
}
和:
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient("tonr")
.resourceIds(SPARKLR_RESOURCE_ID)
.authorizedGrantTypes("client_credentials")
//.authorities("ROLE_CLIENT")
.scopes("read", "write")
.secret("secret");
但我得到了:
RestTemplate - POST request for "http://localhost:8080/sparklr2/oauth/token" resulted in 401 (Unauthorized); invoking error handler
error="access_denied", error_description="Error requesting access token."
at org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport.retrieveToken(OAuth2AccessTokenSupport.java:145)
如何解决?或者,也许您有一些示例如何正确执行此操作?