我尝试创建spring rest服务,whis是我自己的oauth2资源服务器的高手 . 我创建了资源服务器:
@Configuration
@EnableResourceServer
protected static class ResourceServer extends ResourceServerConfigurerAdapter {
@Autowired
private TokenStore tokenStore;
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.tokenStore(tokenStore).resourceId("mobileapp");
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/api/shop /**").authenticated().and()
.authorizeRequests().antMatchers("/auth/**").anonymous();
}
}
和授权服务器:
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager auth;
@Autowired
private DataSource dataSource;
@Autowired
private BCryptPasswordEncoder passwordEncoder;
@Bean
public JdbcTokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Bean
protected AuthorizationCodeServices authorizationCodeServices() {
return new JdbcAuthorizationCodeServices(dataSource);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.passwordEncoder(passwordEncoder);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authorizationCodeServices(authorizationCodeServices())
.authenticationManager(auth)
.tokenStore(tokenStore())
.approvalStoreDisabled();
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.jdbc(dataSource)
.passwordEncoder(passwordEncoder);
.withClient("mobile")
.authorizedGrantTypes("password", "refresh_token")
.authorities("ROLE_CLIENT")
.scopes("read", "write", "trust")
.autoApprove(true)
.resourceIds("mobileapp")
.secret("123456");
}
当我尝试从服务器接收访问令牌时,使用curl:
curl -X POST -vu mobile:123456 http:// localhost:8080 / oauth / token -H“Accept:application / json”-d“password=test123&username=admin@gmail.com&grant_type=password&scope=read&client_secret=123456&client_id=mobile “
我收到此错误作为响应消息:
{“error”:“server_error”,“error_description”:“java.io.NotSerializableException:org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder”}
在tomcat日志中也有
o.s.s.o.p.token.store.JdbcTokenStore - 无法找到令牌的访问令牌
编辑:密码编码器的Bean定义:
@Bean
public BCryptPasswordEncoder passwordEncoder() {
BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
return bCryptPasswordEncoder;
}
此bean是在类中创建的,其中声明了OAuth2Config和ResourceServer .
我检查了代码并找出了 spring 使用的表格,表格是空的 . 我的问题是:它是自动生成还是我的代码有问题?
在此先感谢您的帮助 .
2 回答
覆盖JdbcTokenStore类并将此函数替换为 .
解决了无法找到访问令牌的问题 . 在OAuth2Config中使用此类 .
您的模型必须具有未序列化的BCryptPasswordEncoder . 在您的用户bmodel中使其成为瞬态 .