使用oauth2进行休息服务：无法找到令牌的访问令牌-Java 学习之路

我尝试创建spring rest服务，whis是我自己的oauth2资源服务器的高手 . 我创建了资源服务器：

@Configuration
@EnableResourceServer
protected static class ResourceServer extends ResourceServerConfigurerAdapter {

    @Autowired
    private TokenStore tokenStore;

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.tokenStore(tokenStore).resourceId("mobileapp");
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/api/shop /**").authenticated().and()
                .authorizeRequests().antMatchers("/auth/**").anonymous();
    }

}

和授权服务器：

@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private AuthenticationManager auth;

    @Autowired
    private DataSource dataSource;

    @Autowired
    private BCryptPasswordEncoder passwordEncoder;

    @Bean
    public JdbcTokenStore tokenStore() {
        return new JdbcTokenStore(dataSource);
    }

    @Bean
    protected AuthorizationCodeServices authorizationCodeServices() {
        return new JdbcAuthorizationCodeServices(dataSource);
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security.passwordEncoder(passwordEncoder);
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints
                .authorizationCodeServices(authorizationCodeServices())
                .authenticationManager(auth)
                .tokenStore(tokenStore())
                .approvalStoreDisabled();
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.jdbc(dataSource)
                .passwordEncoder(passwordEncoder);
                .withClient("mobile")
                .authorizedGrantTypes("password", "refresh_token")
                .authorities("ROLE_CLIENT")
                .scopes("read", "write", "trust")
                .autoApprove(true)
               .resourceIds("mobileapp")
                .secret("123456");
    }

当我尝试从服务器接收访问令牌时，使用curl：

curl -X POST -vu mobile：123456 http：// localhost：8080 / oauth / token -H“Accept：application / json”-d“password=test123&username=admin@gmail.com&grant_type=password&scope=read&client_secret=123456&client_id=mobile “

我收到此错误作为响应消息：

{“error”：“server_error”，“error_description”：“java.io.NotSerializableException：org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder”}

在tomcat日志中也有

o.s.s.o.p.token.store.JdbcTokenStore - 无法找到令牌的访问令牌

编辑：密码编码器的Bean定义：

@Bean
public BCryptPasswordEncoder passwordEncoder() {
    BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
    return bCryptPasswordEncoder;
}

此bean是在类中创建的，其中声明了OAuth2Config和ResourceServer .

我检查了代码并找出了 spring 使用的表格，表格是空的 . 我的问题是：它是自动生成还是我的代码有问题？

在此先感谢您的帮助 .

2 回答

覆盖JdbcTokenStore类并将此函数替换为 .

public OAuth2AccessToken readAccessToken(String tokenValue) {
    OAuth2AccessToken accessToken = null;

    try {
        accessToken = new DefaultOAuth2AccessToken(tokenValue);
    }
    catch (EmptyResultDataAccessException e) {
        if (LOG.isInfoEnabled()) {
            LOG.info("Failed to find access token for token "+tokenValue);
        }
    }
    catch (IllegalArgumentException e) {
        LOG.warn("Failed to deserialize access token for " +tokenValue,e);
        removeAccessToken(tokenValue);
    }

    return accessToken;
}

解决了无法找到访问令牌的问题 . 在OAuth2Config中使用此类 .

回复于 2024-05-12T02:59:51+08:00

7
您的模型必须具有未序列化的BCryptPasswordEncoder . 在您的用户bmodel中使其成为瞬态 .
```
private transient BCryptPasswordEncoder passwordEncoder;
```
回复于 2024-05-12T02:59:51+08:00

使用oauth2进行休息服务：无法找到令牌的访问令牌

2 回答

相关问题