一尘不染

Spring-boot OAuth2拆分授权服务器和资源服务器

spring-boot

我试图在Spring引导中从授权服务器中拆分资源服务器。我有两个分别运行的不同应用程序。在授权服务器中,我可以从oauth /
token获取承载令牌,但是当我尝试访问资源(在标头中发送令牌)时,我得到了无效的令牌错误。我的意图是使用InMemoryTokenStore和承载令牌。谁能告诉我代码中的错误吗?

授权服务器:

@SpringBootApplication
public class AuthorizationServer extends WebMvcConfigurerAdapter {

  public static void main(String[] args) {
    SpringApplication.run(AuthorizationServer.class, args);
  }

  @Configuration
  @EnableAuthorizationServer
  protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {

  private TokenStore tokenStore = new InMemoryTokenStore();

  @Autowired
  private AuthenticationManager authenticationManager;

  @Override
  public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
      endpoints
        .authenticationManager(authenticationManager)
        .tokenStore(tokenStore);
  }

  @Override
  public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
      security.checkTokenAccess("hasAuthority('ROLE_USER')");
  }

  @Override
  public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
      clients
          .inMemory()
            .withClient("user")
            .secret("password")
            .authorities("ROLE_USER")
            .authorizedGrantTypes("password")
            .scopes("read", "write")
            .accessTokenValiditySeconds(1800);
  }  
}

资源服务器:

@SpringBootApplication 
@RestController
@EnableOAuth2Resource
@EnableWebSecurity
@Configuration
public class ResourceServer extends WebSecurityConfigurerAdapter {



public static void main(String[] args){
     SpringApplication.run(ResourceServer.class, args);
}

@RequestMapping("/")
public String home(){
    return "Hello Resource World!";
}

@Bean
public ResourceServerTokenServices tokenService() {
    RemoteTokenServices tokenServices = new RemoteTokenServices();
    tokenServices.setClientId("user");
    tokenServices.setClientSecret("password");
    tokenServices.setTokenName("tokenName");
    tokenServices.setCheckTokenEndpointUrl("http://localhost:8080/oauth/check_token");
    return tokenServices;
}

@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
    OAuth2AuthenticationManager authenticationManager = new OAuth2AuthenticationManager();
    authenticationManager.setTokenServices(tokenService());
    return authenticationManager;
}

@Configuration
@EnableResourceServer
protected static class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
            .requestMatchers()
            .antMatchers("/","/home")
            .and()
            .authorizeRequests()
            .anyRequest().access("#oauth2.hasScope('read')");
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        TokenStore tokenStore = new InMemoryTokenStore();
        resources.resourceId("Resource Server");
        resources.tokenStore(tokenStore);
    }
}

阅读 1149

收藏
2020-05-30

共1个答案

一尘不染

您创建了2个实例InMemoryTokenStore。如果要在身份验证服务器和资源服务器之间共享令牌,则它们需要相同的存储。

2020-05-30