我已经成功实现了代码,允许我通过OAuth和UserDetailsService从我的应用程序中检索JWT令牌 .
Atm我正在尝试实施测试以确认这一点但是我一直受到400 Bad请求的攻击
@Test
public void is_status_up() throws InterruptedException, JSONException {
// Given
final String TOKEN_URL = "http://localhost:8080/oauth/token";
MultiValueMap<String, String> params = new LinkedMultiValueMap<String, String>();
params.add("username","username");
params.add("credential","credentials");
params.add("grant_type","password");
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON_UTF8));
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
HttpEntity<String> entity = new HttpEntity<>("parameters" , headers);
HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<MultiValueMap<String, String>>(params, headers);
RestTemplate restTemplate = new RestTemplate();
restTemplate.getInterceptors().add(new BasicAuthorizationInterceptor("client-id","client-secret"));
//When
String result = restTemplate.postForObject(TOKEN_URL, request, String.class);
//Then
assertThat(result).isNotNull();
}
这应该尝试尝试从Spring Security Authorization Server的/ oauth / token endpoints 检索令牌,我遇到400 Bad Request .
在成功检索令牌的邮递员中,我设置了请求
Headers 授权:基本内容类型:application / x-www-form-urlencoded
body(x-www-form-urlencoded selected)用户名:密码:grant_type:“password”
1 回答
问题是我把凭证放在我的param Map中,它应该是密码 . 我最初这样做是因为SonarLint或IntelliJ强调了它并且引发了密码被公开声明的密码 .
Solution
在参数图中更改"credential"成为"password"