任何人都可以告诉我应该顺序调用什么http GET或POST方法,以便授权我的apache cxf web服务并获取资源?我试着打电话:
http://localhost:8080/oauth/token?client_id=client1&client_secret=client1&grant_type=password&username=client1&password=client1
而我所能得到的只是令牌回应:
{"access_token":"7186f8b2-9bae-48b6-90c2-033a4476c0fc","token_type":"bearer","refresh_token":"d7fe8cda-812b-4b3e-9ce7-b15067e001e4","expires_in":298653}
但获得此令牌后的下一步是什么?如何验证用户并访问url/resources/MyResource/getMyInfo中的资源,这需要具有角色ROLE_USER的用户?谢谢.
我有以下servlet配置:
<http pattern="/oauth/token" create-session="stateless"
authentication-manager-ref="authenticationManager"
xmlns="http://www.springframework.org/schema/security">
<intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY"/>
<anonymous enabled="false"/>
<http-basic entry-point-ref="clientAuthenticationEntryPoint"/>
<custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER"/>
</http>
<http pattern="/resources/**" create-session="never"
entry-point-ref="oauthAuthenticationEntryPoint"
xmlns="http://www.springframework.org/schema/security">
<anonymous enabled="false"/>
<intercept-url pattern="/resources/MyResource/getMyInfo" access="ROLE_USER" method="GET"/>
<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER"/>
<access-denied-handler ref="oauthAccessDeniedHandler"/>
</http>
<http pattern="/logout" create-session="never"
entry-point-ref="oauthAuthenticationEntryPoint"
xmlns="http://www.springframework.org/schema/security">
<anonymous enabled="false"/>
<intercept-url pattern="/logout" method="GET"/>
<sec:logout invalidate-session="true" logout-url="/logout" success-handler-ref="logoutSuccessHandler"/>
<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER"/>
<access-denied-handler ref="oauthAccessDeniedHandler"/>
</http>
<bean id="logoutSuccessHandler" class="demo.oauth2.authentication.security.LogoutImpl">
<property name="tokenstore" ref="tokenStore"/>
</bean>
<bean id="oauthAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
</bean>
<bean id="clientAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="springsec/client"/> …java spring spring-security oauth-2.0 spring-security-oauth2
我有一个受 spring security OAuth2 保护的 Web Sesrvices,我可以使用 http 请求 oauth/token 获取访问令牌...我还有另一个要求:在 java 中生成访问令牌并使用以下方式对用户进行身份验证:
SecurityContextHolder.getContext().setAuthentication(oauthToken);
为了通过此令牌访问网络服务。这是我当前的代码:
UserDetails user = (UserDetails)userService.getUserByUserName(userName);
if (user == null) {
throw new InvalidAuthorizationException("User " + userName + " was not found");
} else {
//TODO: how to create 'oauthToken' ?
SecurityContextHolder.getContext().setAuthentication(oauthToken);
}
我怎样才能做到这一点?
我创建了一个将我的文件拆分成小块的作业,所有这些块都在分开的步骤中读取.对于前者 完成3个步骤没有任何错误,并且记录被提交到数据库,但如果第4步失败,我需要回滚上一步中的所有记录.有可能以某种方式回滚它们吗?
或者也许只有在最后一步正确完成后才有可能提交所有记录?(但这是大文件的问题)