0
У меня есть реализация в весеннем применении с Oauth, но может получить маркер:OAuth вопрос "несанкционированным" весной 4
OAuth2ServerConfigAuthorizationServerConfiguration.java
@Configuration
public class OAuth2ServerConfigAuthorizationServerConfiguration {
private static final String RESOURCE_ID = "restservice";
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends
ResourceServerConfigurerAdapter {
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
// @formatter:off
resources
.resourceId(RESOURCE_ID);
// @formatter:on
}
@Override
public void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/entuzona/**").authenticated();
// @formatter:on
}
}
@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends
AuthorizationServerConfigurerAdapter {
private TokenStore tokenStore = new InMemoryTokenStore();
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
// @formatter:off
endpoints
.tokenStore(this.tokenStore)
.authenticationManager(this.authenticationManager);
// @formatter:on
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// @formatter:off
clients
.inMemory()
.withClient("clientapp")
.authorizedGrantTypes("password","refresh_token")
.authorities("USER")
.scopes("read", "write")
.resourceIds(RESOURCE_ID)
.secret("123456");
// @formatter:on
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setSupportRefreshToken(true);
tokenServices.setTokenStore(this.tokenStore);
return tokenServices;
}
}
}
OAuth2ClientConfig.java
@Configuration
@ComponentScan("com.sprhib")
@EnableWebSecurity
@EnableWebMvcSecurity
public class OAuth2ClientConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("teste").password("teste").authorities("USER");
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
Я делаю сообщение и получает почтальон:
POS T запрос:
http://localhost:8080/entuzona/oauth/token
grant_type: password
username: teste
password: teste
И с ГЭТ:
http://localhost:8080/entuzona/oauth/token?grant_type=password&cliend_id=clientapp&client_secret=123456&username=teste&password=teste
{
"error": "unauthorized",
"error_description": "Full authentication is required to access this resource"
}
Вы знаете, почему я получаю эту ошибку в обоих случаях? Shoul Я положил что-то в заголовок для получения токена?
Версии.
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.0.0.RELEASE</version>
</dependency>
<properties>
<hibernate.version>4.2.0.Final</hibernate.version>
<mysql.connector.version>5.1.21</mysql.connector.version>
<spring.version>4.0.9.RELEASE</spring.version>
<spring.security.version>3.2.5.RELEASE</spring.security.version>
</properties>
Спасибо.