我正在尝试实现Spring Security的OAuth2授权服务器 . 当试图访问令牌 endpoints (/ oauth / token)时,我得到了404.我认为有一些我不知道的东西,但对于我的生活,我看不到它 .
我正在使用Java配置;
-
Spring Security 4.0.1
-
Spring Security OAuth2 2.0.7
我的配置如下:
ApplicationSecurityConfig.java
用于在WAR中注册配置文件
public class ApplicationSecurityConfig extends
AbstractSecurityWebApplicationInitializer {
public ApplicationSecurityConfig() {
super(SecurityConfig.class, AuthorizationServerConfig.class);
}
}
SpringSecurityConfig.java
为与URL模式匹配的所有 endpoints 配置httpbasic身份验证/
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user")
.password("password")
.roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/")
.authenticated()
.and()
.httpBasic();
}
}
OauthAuthorizationServerConfig.java
用于配置授权服务器
@Configuration
@EnableAuthorizationServer
public class OauthAuthorizationServerConfig extends
AuthorizationServerConfigurerAdapter{
@Autowired
private TokenStore tokenStore;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception{
clients
.inMemory()
.withClient("testClient")
.scopes("read", "write")
.authorities("ROLE_CLIENT")
.authorizedGrantTypes("password", "refresh_token")
.accessTokenValiditySeconds(60)
.refreshTokenValiditySeconds(3600);
}
@Bean
public TokenStore tokenStore(){
return new InMemoryTokenStore();
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception{
endpoints.tokenStore(tokenStore);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception{
oauthServer.allowFormAuthenticationForClients();
}
}
抱歉,如果这是一个“学校男孩错误”,但我花了一些时间来查看Spring在Github上发布的文档和样本,但我显然误解了一些东西 .
--EDIT--
我已经用SpringApplicationInit.java替换了ApplicationSecurityConfig.java
public class SpringApplicationInit extends
AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return null;
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[]{
SpringSecurityConfig.class,
OauthAuthorizationServerConfig.class
};
}
@Override
protected String[] getServletMappings() {
return new String[]{"/"};
}
}
这会产生不同的结果 . 我现在得到500服务器错误状态代码:
javax.servlet.ServletException: No adapter for handler [public org.springframework.http.ResponseEntity<org.springframework.security.oauth2.common.OAuth2AccessToken> org.springframework.security.oauth2.provider.endpoint.TokenEndpoint.getAccessToken(java.security.Principal,java.util.Map<java.lang.String, java.lang.String>) throws org.springframework.web.HttpRequestMethodNotSupportedException]: The DispatcherServlet configuration needs to include a HandlerAdapter that supports this handler
org.springframework.web.servlet.DispatcherServlet.getHandlerAdapter(DispatchrServlet.java:1163)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:939)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:966)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:857)
javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:842)
javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
如果它更容易遵循,我已将代码推送到git repo .
2 回答
Here是我的单独身份验证和资源服务器的最小配置示例 - 只有必要的东西才能使其工作 .
据我所见,你试图发送
GET
请求到/oauth/token
这是错误的方法 . 此 endpoints 应接受POST
请求,因此只需使用相同的字段发布 .