gpt4 book ai didi

Spring oauth2 基本身份验证

转载 作者:行者123 更新时间:2023-12-02 03:38:09 26 4
gpt4 key购买 nike

我正在尝试使用 OAuth2 实现开发一个带有 Spring Security 的 REST API。但如何删除基本身份验证。我只想将用户名和密码发送到 body 并在 postman 上获取 token 。

@Configuration
public class OAuthServerConfigration {

private static final String SERVER_RESOURCE_ID = "oauth2-server";

private static InMemoryTokenStore tokenStore = new InMemoryTokenStore();


@Configuration
@EnableResourceServer
protected static class ResourceServer extends ResourceServerConfigurerAdapter {

@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId(SERVER_RESOURCE_ID).stateless(false);
}

@Override
public void configure(HttpSecurity http) throws Exception {
http.anonymous().disable().requestMatchers().antMatchers("/api/**").and().authorizeRequests().antMatchers("/api/**").access("#oauth2.hasScope('read')");
}
}

@Configuration
@EnableAuthorizationServer
protected static class AuthConfig extends AuthorizationServerConfigurerAdapter {

@Autowired
private AuthenticationManager authenticationManager;


@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager).tokenStore(tokenStore).approvalStoreDisabled();
}

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("client")
.secret("$2a$10$5OkeCLKNs/BkdO0qcYRri.MdIcKhFvElAllhPgLfRQqG7wkEiPmq2")
.authorizedGrantTypes("password","authorization_code","refresh_token")
.authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
.scopes("read", "write", "trust")
.resourceIds(SERVER_RESOURCE_ID)
//.accessTokenValiditySeconds(ONE_DAY)
.accessTokenValiditySeconds(300)
.refreshTokenValiditySeconds(50);

}


@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {

oauthServer
// we're allowing access to the token only for clients with 'ROLE_TRUSTED_CLIENT' authority
.tokenKeyAccess("hasAuthority('ROLE_TRUSTED_CLIENT')")
.checkTokenAccess("hasAuthority('ROLE_TRUSTED_CLIENT')");

}

}

}

@Configuration
@Order(2)
public static class ApiLoginConfig extends
WebSecurityConfigurerAdapter{
@Autowired
DataSource dataSource;

@Autowired
ClientDetailsService clientDetailsService;


@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/oauth/**");
}

@Override
protected void configure(HttpSecurity http) throws Exception {

http.httpBasic().disable().csrf().disable().antMatcher("/oauth/token").authorizeRequests().anyRequest().permitAll();


}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}

@Bean
public TokenStore tokenStore() {
return new InMemoryTokenStore();
}

@Bean
@Autowired
public TokenStoreUserApprovalHandler userApprovalHandler(TokenStore tokenStore){
TokenStoreUserApprovalHandler handler = new TokenStoreUserApprovalHandler();
handler.setTokenStore(tokenStore);
handler.setRequestFactory(new DefaultOAuth2RequestFactory(clientDetailsService));
handler.setClientDetailsService(clientDetailsService);
return handler;
}

@Bean
@Autowired
public ApprovalStore approvalStore(TokenStore tokenStore) throws Exception {
TokenApprovalStore store = new TokenApprovalStore();
store.setTokenStore(tokenStore);
return store;
}
}

想要删除基本身份验证并从 postman 发送 body 标记中的用户名密码以获取 token

我遇到了一些问题{ “错误”:“未经授权”, "error_description": "没有客户端身份验证。尝试添加适当的身份验证过滤器。"}

最佳答案

在方法中的 @EnableAuthorizationServer 配置类中:-

@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer)

尝试添加以下内容:-

oauthServer.allowFormAuthenticationForClients()

完成后,您必须调用 oauth 获取 token url,如下所示:-

网址将与 http(s)://{HOST_NAME}/oauth/token 相同

HTTP 方法类型现在将为 POST

标题:-

Content-Type=application/x-www-form-urlencoded

参数将是 postman 正文中 x-www-form-urlencoded 的键值对

对于 client_credentials grant_type:-

grant_type=client_credentials
client_id=client_id_value
client_secret=client_secret_value
scope=scopes

密码 grant_type:-

grant_type=password
client_id=client_id_value
client_secret=client_secret_value
scope=scopes
username=username
password=password

此处的范围将以逗号分隔

关于Spring oauth2 基本身份验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49497609/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com