一尘不染

Spring Boot OAuth:不支持的授权类型

spring-boot

请帮助我…不支持的授予类型会让我发疯..我的Spring Boot设置看起来像这样。

    @Configuration
    @EnableAuthorizationServer
    public class AuthServerConfig extends AuthorizationServerConfigurerAdapter{

        @Override
        public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
            // TODO Auto-generated method stub
            super.configure(endpoints);
        }

        @Override
        public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
            // TODO Auto-generated method stub
            security
            /*.tokenKeyAccess("permitAll()")*/
              .checkTokenAccess("isAuthenticated()");
        }

        @Bean
        public TokenStore tokenStore() {
            return new JwtTokenStore(jwtAccessTokenConverter());
        }

        @Bean
        public JwtAccessTokenConverter jwtAccessTokenConverter() {
            return new JwtAccessTokenConverter();
        }

        @Override
        public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
            // TODO Auto-generated method stub
            clients.inMemory()
            .withClient("foo")
            .secret("{noop}bar")
            .authorizedGrantTypes("password", "authorization_code", "refresh_token","client_credentials")

            .authorities("ROLE_CLIENT","ROLE_TRUSTED_CLIENT")

            .scopes("read", "write","trust","openid")

            .accessTokenValiditySeconds(120).//Access token is only valid for 2 minutes.

            refreshTokenValiditySeconds(600);//Refresh token is only valid for 10 minutes.


        }

    }

这是邮递员测试的结果,总是返回不受支持的授权类型“密码”

在此处输入图片说明

在此处输入图片说明


阅读 449

收藏
2020-05-30

共1个答案

一尘不染

如果您使用的是 grant_type =“ password” ,则必须:

在自己的WebSecurityConfigurerAdapter类中创建以下bean

@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
   return super.authenticationManagerBean();
}

注入AuthorizationServerConfigurerAdapter课堂

@Autowired
private AuthenticationManager authenticationManager;

configure(AuthorizationServerEndpointsConfigurer endpoints)方法中使用

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
   endpoints.authenticationManager(authenticationManager);
}

完整示例:

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
    @Bean
    @Override
    protected UserDetailsService userDetailsService(){
        InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
        manager.createUser(User.withUsername("a").password("123456").authorities("USER").build());
        return manager;
    }
}



@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    private AuthenticationManager authenticationManager;

    @Autowired
    public AuthorizationServerConfig(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
        endpoints.authenticationManager(authenticationManager);
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) {
         security.tokenKeyAccess("permitAll()")         
                 .checkTokenAccess("isAuthenticated()") 
                 .allowFormAuthenticationForClients();
    }

    @Override
        public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                .withClient("CLIEN_ID").secret("CLIENT_SECRET")
                .authorizedGrantTypes("password", "refresh_token")
                .authorities("CLIENT")
                .scopes("read");
    }
}

测试:

curl -i -X POST -d "username=a&password=123456&grant_type=password&client_id=CLIENT_ID&client_secret=CLIENT_SECRET" http://localhost:8080/oauth/token
2020-05-30