Mar*_*cin 3 spring-mvc spring-security spring-security-oauth2 spring-restcontroller
我尝试创建spring rest服务,whis是我自己的oauth2资源服务器的高手.我创建了资源服务器:
@Configuration
@EnableResourceServer
protected static class ResourceServer extends ResourceServerConfigurerAdapter {
@Autowired
private TokenStore tokenStore;
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.tokenStore(tokenStore).resourceId("mobileapp");
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/api/shop /**").authenticated().and()
.authorizeRequests().antMatchers("/auth/**").anonymous();
}
}
和授权服务器:
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager auth;
@Autowired
private DataSource dataSource;
@Autowired
private BCryptPasswordEncoder passwordEncoder;
@Bean
public JdbcTokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Bean
protected AuthorizationCodeServices authorizationCodeServices() {
return new JdbcAuthorizationCodeServices(dataSource);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.passwordEncoder(passwordEncoder);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authorizationCodeServices(authorizationCodeServices())
.authenticationManager(auth)
.tokenStore(tokenStore())
.approvalStoreDisabled();
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.jdbc(dataSource)
.passwordEncoder(passwordEncoder);
.withClient("mobile")
.authorizedGrantTypes("password", "refresh_token")
.authorities("ROLE_CLIENT")
.scopes("read", "write", "trust")
.autoApprove(true)
.resourceIds("mobileapp")
.secret("123456");
}
当我尝试从服务器接收访问令牌时,使用curl:
curl -X POST -vu mobile:123456 http:// localhost:8080/oauth/token -H"Accept:application/json"-d"password=test123&username=admin@gmail.com&grant_type=password&scope=read&client_secret=123456&client_id=mobile"
我收到此错误作为响应消息:
{"error":"server_error","error_description":"java.io.NotSerializableException:org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"}
在tomcat日志中也有
ossoptoken.store.JdbcTokenStore - 无法找到令牌的访问令牌
编辑:密码编码器的Bean定义:
@Bean
public BCryptPasswordEncoder passwordEncoder() {
BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
return bCryptPasswordEncoder;
}
此bean是在类中创建的,其中声明了OAuth2Config和ResourceServer.
我检查了代码并找出了弹簧使用的表格,表格是空的.我的问题是:它是自动生成还是我的代码有问题?
在此先感谢您的帮助.
小智 9
覆盖JdbcTokenStore类并将此函数替换为.
public OAuth2AccessToken readAccessToken(String tokenValue) {
OAuth2AccessToken accessToken = null;
try {
accessToken = new DefaultOAuth2AccessToken(tokenValue);
}
catch (EmptyResultDataAccessException e) {
if (LOG.isInfoEnabled()) {
LOG.info("Failed to find access token for token "+tokenValue);
}
}
catch (IllegalArgumentException e) {
LOG.warn("Failed to deserialize access token for " +tokenValue,e);
removeAccessToken(tokenValue);
}
return accessToken;
}
解决了无法找到访问令牌的问题.在OAuth2Config中使用此类.
| 归档时间: |
|
| 查看次数: |
6093 次 |
| 最近记录: |