gpt4 book ai didi

Grails Spring Security Oauth Provider 插件 : Full authentication is required to access this resource

转载 作者:行者123 更新时间:2023-12-01 06:26:00 26 4
gpt4 key购买 nike

我正在使用 grails“Spring Security OAuth Provider”插件。我可以得到 访问代码对以下 URL 的响应。

http://localhost:8080/oauthServer/oauth/authorize?response_type=code&client_id=test_client&scope=read&redirect_uri=http://example.com?

但是当我发送获取 的请求时访问 token 来自 访问代码使用以下 URL,我收到“ 访问此资源需要完整身份验证 ”错误消息。
curl -header "Authorization: Basic bnVkZ2VDbGllbnQ6YjRkNzA3NmE3YTA4N2E4MWMzMTE2ZjZlNWQzZWY0MDJjNmQ4ZjM3Nw==" http://localhost:8080/oauthServer/oauth/token?grant_type=authorization_code&code=kuH8aC

注: base64(client_id:client_secret)=bnVkZ2VDbGllbnQ6YjRkNzA3NmE3YTA4N2E4MWMzMTE2ZjZlNWQzZWY0MDJjNmQ4ZjM3Nw==
下面给出了完整的错误消息。
<oauth>
<error_description>
Full authentication is required to access this resource
</error_description>
<error>unauthorized</error>
</oauth>

我缺少什么。请建议。

谢谢

更新 1

其实我在关注 this documentation Spring 安全 oauth 提供程序插件。

有我的配置设置。
// Added by the Spring Security OAuth2 Provider plugin:
grails.plugin.springsecurity.oauthProvider.clientLookup.className = 'com.oauth.Client'
grails.plugin.springsecurity.oauthProvider.authorizationCodeLookup.className = 'com.oauth.AuthorizationCode'
grails.plugin.springsecurity.oauthProvider.accessTokenLookup.className = 'com.oauth.AccessToken'
grails.plugin.springsecurity.oauthProvider.refreshTokenLookup.className = 'com.oauth.RefreshToken'
grails.plugin.springsecurity.logout.postOnly = false

//grails.plugin.springsecurity.successHandler.defaultTargetUrl = '/client/index'

// Added by the Spring Security Core plugin:
grails.plugin.springsecurity.userLookup.userDomainClassName = 'com.auth.User'
grails.plugin.springsecurity.userLookup.authorityJoinClassName = 'com.auth.UserRole'
grails.plugin.springsecurity.authority.className = 'com.auth.Role'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/oauth/authorize.dispatch': ["isFullyAuthenticated() and (request.getMethod().equals('GET') or request.getMethod().equals('POST'))"],
'/oauth/token.dispatch': ["isFullyAuthenticated() and request.getMethod().equals('POST')"],
'/': ['permitAll'],
'/index': ['permitAll'],
'/index.gsp': ['permitAll'],
'/assets/**': ['permitAll'],
'/**/js/**': ['permitAll'],
'/**/css/**': ['permitAll'],
'/**/images/**': ['permitAll'],
'/**/favicon.ico': ['permitAll']
]

grails.plugin.springsecurity.providerNames = [
'clientCredentialsAuthenticationProvider',
'daoAuthenticationProvider',
'anonymousAuthenticationProvider',
'rememberMeAuthenticationProvider'
]

grails.exceptionresolver.params.exclude = ['password', 'client_secret']

grails.plugin.springsecurity.filterChain.chainMap = [
'/oauth/token': 'JOINED_FILTERS,-oauth2ProviderFilter,-securityContextPersistenceFilter,-logoutFilter,-rememberMeAuthenticationFilter',
'/securedOAuth2Resources/**': 'JOINED_FILTERS,-securityContextPersistenceFilter,-logoutFilter,-rememberMeAuthenticationFilter',
'/**': 'JOINED_FILTERS,-statelessSecurityContextPersistenceFilter,-oauth2ProviderFilter,-clientCredentialsTokenEndpointFilter'
]

我的 Controller 是默认的。
@Secured(["#oauth2.clientHasRole('ROLE_CLIENT')"])
def clientRoleExpression() {
render "client role expression"
}

@Secured(["ROLE_CLIENT"])
def clientRole() {
render "client role"
}

@Secured(["#oauth2.clientHasAnyRole('ROLE_CLIENT', 'ROLE_TRUSTED_CLIENT')"])
def clientHasAnyRole() {
render "client has any role"
}

@Secured(["#oauth2.isClient()"])
def client() {
render "is client"
}

@Secured(["#oauth2.isUser()"])
def user() {
// code
}

@Secured(["#oauth2.isUser()"])
def getSubscriptionDetail() {
//code
}

@Secured(["#oauth2.isUser()"])
def getHistory(){
//code
}

@Secured(["#oauth2.denyOAuthClient()"])
def denyClient() {
render "no client can see"
}

@Secured(["permitAll"])
def anyone() {
render "anyone can see"
}

def nobody() {
render "nobody can see"
}

@Secured(["#oauth2.clientHasRole('ROLE_TRUSTED_CLIENT') and #oauth2.isClient() and #oauth2.hasScope('trust')"])
def trustedClient() {
render "trusted client"
}

@Secured(["hasRole('ROLE_USER') and #oauth2.isUser() and #oauth2.hasScope('trust')"])
def trustedUser() {
render "trusted user"
}

@Secured(["hasRole('ROLE_USER') or #oauth2.hasScope('read')"])
def userRoleOrReadScope() {
render "user role or read scope"
}

最佳答案

您的 token 端点配置要求请求为 POST。除非你的 curl 命令比上面显示的更多,否则你需要有类似的东西

curl -X POST

除了您的 --header 选项。

关于Grails Spring Security Oauth Provider 插件 : Full authentication is required to access this resource,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/28514750/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com