ben*_*eve 7 spring oauth spring-security spring-security-oauth2 oauth2
我目前正在开发一个用于Oauth2身份验证的spring应用程序,但是我在实现自定义ClientDetailsService时遇到了一些问题.
我不能使用常见的inMemory ou jdbc clientDetailsService,因为客户端信息没有存储在我的应用程序中,我从外部Web服务获取它们.但是当我设置自定义ClientDetailService时,我不再获得access_confirmation页面(我得到一个空白页面).
为了向您展示我的问题,我不使用我的应用程序,而是使用官方spring中的vanilla测试 - security-oauth项目spring-security-oauth
这是应用程序代码:
@SpringBootApplication
@EnableResourceServer
@RestController
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
@RequestMapping("/")
public String home() {
return "Hello World";
}
@RequestMapping(value = "/", method = RequestMethod.POST)
@ResponseStatus(HttpStatus.CREATED)
public String create(@RequestBody MultiValueMap<String, String> map) {
return "OK";
}
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.checkTokenAccess("isAuthenticated()");
}
public ClientDetailsService clientDetailsService() {
return new ClientDetailsService() {
@Override
public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
BaseClientDetails details = new BaseClientDetails();
details.setClientId(clientId);
details.setAuthorizedGrantTypes(Arrays.asList("authorization_code") );
details.setScope(Arrays.asList("read, trust"));
details.setResourceIds(Arrays.asList("oauth2-resource"));
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority("ROLE_CLIENT"));
details.setAuthorities(authorities);
return details;
}
};
} //*/
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// @formatter:off
clients.withClientDetails(clientDetailsService());
/*clients.inMemory()
.withClient("test")
.authorizedGrantTypes("authorization_code")
.authorities("ROLE_CLIENT")
.scopes("read", "trust")
.resourceIds("oauth2-resource");
//*/
// @formatter:on
}
}
}
如您所见,我添加了自定义clientDetailsService并更改ClientDetailsServiceconfigurer配置以设置它而不是内存clientDetailsService.
我的问题是,当我尝试获取我的令牌时,我在登录用户后不再获取access_confirmation页面了.
我发现了我的问题,我在clientDetails中对范围的定义是错误的.我有Arrays.asList("read,trust")而不是Arrays.asList("read","trust")
我错过了什么吗?我是否必须在其他地方设置自定义clientDetailsService?
小智 5
尝试像这样更改您的ClientDetails impl:
public ClientDetailsService clientDetailsService() {
return new ClientDetailsService() {
@Override
public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
BaseClientDetails details = new BaseClientDetails();
details.setClientId(clientId);
details.setAuthorizedGrantTypes(Arrays.asList("authorization_code") );
details.setScope(Arrays.asList("read, trust"));
details.setRegisteredRedirectUri(Collections.singleton("http://anywhere.com"));
details.setResourceIds(Arrays.asList("oauth2-resource"));
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority("ROLE_CLIENT"));
details.setAuthorities(authorities);
return details;
}
};
} //*/
| 归档时间: |
|
| 查看次数: |
9131 次 |
| 最近记录: |