java – 如何为令牌设置资源ID？

发布时间：2020-12-15 02:02:24 所属栏目：Java 来源：网络整理

导读：我尝试使用本指南实现OAOF的RESTFul Web服务： https://spring.io/guides/tutorials/bookmarks 我可以成功检索一个令牌： curl -v -u android-bookmarks:123456 -X POST http://localhost:8080/oauth/token -H "Accept: application/json" -d "password=pass

我尝试使用本指南实现OAOF的RESTFul Web服务： https://spring.io/guides/tutorials/bookmarks

我可以成功检索一个令牌：

curl -v -u android-bookmarks:123456 -X POST http://localhost:8080/oauth/token -H "Accept: application/json" -d "password=password&username=User1&grant_type=password&scope=write&client_secret=12345&client_id=android-bookmarks"

响应：

{"access_token":"cdafc45f-924a-4f87-8bd0-e3e2bdffa540","token_type":"bearer","refresh_token":"609efba8-edd3-4ea3-be7b-78e449cec0ef","expires_in":43199,"scope":"write"}* Connection #0 to host localhost left intact

当我尝试访问资源时：

curl -G http://localhost:8080/bookmarks -H "Authorization: Bearer cdafc45f-924a-4f87-8bd0-e3e2bdffa540"

我收到以下回复：

{"error":"access_denied","error_description":"Invalid token does not contain resource id (oauth2-resource)"}

设置资源ID的Java类：

@Configuration
@EnableResourceServer
@EnableAuthorizationServer
public class OAuth2Configuration extends AuthorizationServerConfigurerAdapter {

    public static final String RESOURCE_ID = "bookmarks";

    @Autowired
    AuthenticationManagerBuilder authenticationManager;

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints)
        throws Exception {
    endpoints.authenticationManager(new AuthenticationManager() {
        @Override
        public Authentication authenticate(Authentication authentication)
                throws AuthenticationException {
            return authenticationManager.getOrBuild().authenticate(
                    authentication);
            }
        });
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients)
        throws Exception {

        clients.inMemory()
            .withClient("android-" + RESOURCE_ID)
            .authorizedGrantTypes("password","authorization_code","refresh_token")
            .authorities("ROLE_USER")
            .scopes("write")
            .secret("123456")
            .resourceIds(RESOURCE_ID);
    }

}

当我将此代码更改为：

clients.inMemory()
        .withClient("android-" + applicationName)
        .authorizedGrantTypes("password","refresh_token")
        .authorities("ROLE_USER")
        .scopes("write")
        .secret("123456");

我可以成功地使用前面提到的(curl)命令访问资源.

解决方法

事实证明我必须实现接口ResourceServerConfigurerAdapter.以下实现完美地运行：

@Configuration
@EnableResourceServer
public class ResourceServer extends ResourceServerConfigurerAdapter{

    @Override 
    public void configure(HttpSecurity http) throws Exception {
         // @formatter:off
         http
         .requestMatchers().antMatchers("/bookmarks","/bookmarks/**")    
         .and()
         .authorizeRequests().anyRequest().access("#oauth2.hasScope('write')");
         // @formatter:on
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
         resources.resourceId(OAuth2Configuration.RESOURCE_ID);
    }

}

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!