1. 首页
  2. 问答
  3. 如何设置令牌的资源ID?

如何设置令牌的资源ID?

2015-02-24 54 views
2

我试图实现一个RESTful Web服务与使用OAuth本指南:https://spring.io/guides/tutorials/bookmarks如何设置令牌的资源ID?

我可以成功地检索令牌:

curl -v -u android-bookmarks:123456 -X POST http://localhost:8080/oauth/token -H "Accept: application/json" -d "password=password&username=User1&grant_type=password&scope=write&client_secret=12345&client_id=android-bookmarks"

响应:

{"access_token":"cdafc45f-924a-4f87-8bd0-e3e2bdffa540","token_type":"bearer","refresh_token":"609efba8-edd3-4ea3-be7b-78e449cec0ef","expires_in":43199,"scope":"write"}* Connection #0 to host localhost left intact

当我尝试访问该资源:

curl -G http://localhost:8080/bookmarks -H "Authorization: Bearer cdafc45f-924a-4f87-8bd0-e3e2bdffa540"

我得到如下回应:

{"error":"access_denied","error_description":"Invalid token does not contain resource id (oauth2-resource)"}

的Java类设置资源ID:

@Configuration 
@EnableResourceServer 
@EnableAuthorizationServer 
public class OAuth2Configuration extends AuthorizationServerConfigurerAdapter { 

    public static final String RESOURCE_ID = "bookmarks"; 

    @Autowired 
    AuthenticationManagerBuilder authenticationManager; 

    @Override 
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) 
     throws Exception { 
    endpoints.authenticationManager(new AuthenticationManager() { 
     @Override 
     public Authentication authenticate(Authentication authentication) 
       throws AuthenticationException { 
      return authenticationManager.getOrBuild().authenticate(
        authentication); 
      } 
     }); 
    } 

    @Override 
    public void configure(ClientDetailsServiceConfigurer clients) 
     throws Exception { 

     clients.inMemory() 
      .withClient("android-" + RESOURCE_ID) 
      .authorizedGrantTypes("password", "authorization_code", "refresh_token") 
      .authorities("ROLE_USER") 
      .scopes("write") 
      .secret("123456") 
      .resourceIds(RESOURCE_ID); 
    } 

}

当我更改此代码:

clients.inMemory() 
     .withClient("android-" + applicationName) 
     .authorizedGrantTypes("password", "authorization_code", "refresh_token") 
     .authorities("ROLE_USER") 
     .scopes("write") 
     .secret("123456");

我可以用访问资源先前提到(卷曲)命令成功。

来源

2015-02-24 Steve S.

回答

16

原来,我不得不实现接口ResourceServerConfigurerAdapter。以下实现完美工作:

@Configuration 
@EnableResourceServer 
public class ResourceServer extends ResourceServerConfigurerAdapter{ 

    @Override 
    public void configure(HttpSecurity http) throws Exception { 
     // @formatter:off 
     http 
     .requestMatchers().antMatchers("/bookmarks", "/bookmarks/**")  
     .and() 
     .authorizeRequests().anyRequest().access("#oauth2.hasScope('write')"); 
     // @formatter:on 
    } 

    @Override 
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception { 
     resources.resourceId(OAuth2Configuration.RESOURCE_ID); 
    } 

}

来源

2015-02-25 08:46:52

+0

我在关注[本教程](https://medium.com/@nydiarra/secure-a-spring-boot-rest-api-with-json-web-令牌引用给角度积分-e57a25806c50)(见[我的问题](https://stackoverflow.com/questions/47054496/spring-oauth2-invalid-token-does-not-contain-resource-id-oauth2 -resource))。我复制粘贴这个答案,现在它的作品 - 你能解释*为什么*?我没有得到它,因为我认为我在'AuthorizationServerConfig.java'中执行了这个操作(请参阅教程)。 – displayname 2017-11-01 12:33:27

相关问题

 相关问题