spring-oauth2: HTTP状态403 -访问被拒绝
spring-oauth2: HTTP状态403 -访问被拒绝
提问于 2015-09-10 03:49:34
我尝试用curl和spring安全oauth2向我的rest-api发送请求,但是我得到了这个错误:
* Hostname was NOT found in DNS cache
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /test/oauth/token HTTP/1.1
> User-Agent: curl/7.35.0
> Host: localhost:8080
> Accept: application/json
> Authorization: Basic bXktdHJ1c3RlZC1jbGllbnQ6MTIzNDU=
> Content-Length: 99
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 99 out of 99 bytes
< HTTP/1.1 403 Forbidden
* Server Apache-Coyote/1.1 is not blacklisted
< Server: Apache-Coyote/1.1
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Content-Type: text/html;charset=utf-8
< Content-Language: en
< Content-Length: 1030
< Date: Wed, 09 Sep 2015 19:37:49 GMT
<
<!DOCTYPE html><html><head><title>Apache Tomcat/8.0.20 - Error report</title><style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}.line {height: 1px; background-color: #525D76; border: none;}</style> </head><body><h1>HTTP Status 403 - Access Denied</h1><div class="line"></div><p><b>type</b> Status report</p><p><b>message</b> <u>Access Denied</u></p><p><b>description</b> <u>Access to the specified resource has been forbidden.</u></p><hr class="line"><h3>Apache Tomcat/8.0.20</h3></body><* Connection #0 to host localhost left intact我的要求是:
curl -X GET -k -vu my-trusted-client:12345 http://localhost:8080/test/oauth/token -H "Accept: application/jd "grant_type=password&scope=read&client_secret=12345&client_id=my-trusted-client&resource_id=rest_api"我的代码的一部分:
我的oauth2serverconfiguration:
@Configuration
@EnableResourceServer
public class OAuth2ServerConfiguration {
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// @formatter:off
clients.inMemory()
.withClient("my-trusted-client")
.authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")
.authorities("USER")
.scopes("read", "write", "trust")
.resourceIds("rest_api")
.secret("12345")
.accessTokenValiditySeconds(600);
// @formatter:on
}
}
}我的securityconfiguration类:
@Configuration
@EnableWebMvcSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder builder) throws Exception {
//builder.userDetailsService(userService).passwordEncoder(new BCryptPasswordEncoder());
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity security) throws Exception {
security.authorizeRequests()
.antMatchers("/oauth/token")
.hasRole("USER")
.antMatchers("/greeting").authenticated();
}
}我的控制器:
@Path("/oauth")
@Produces(MediaType.APPLICATION_JSON)
public class TestController {
public TestController() {
ApplicationContext applicationContext = new AnnotationConfigApplicationContext(OAuth2ServerConfiguration.class);
AutowireCapableBeanFactory acbFactory = applicationContext.getAutowireCapableBeanFactory();
acbFactory.autowireBean(this);
}
@GET
@Path("/token")
public Response testToken() {
return Response.status(200).entity("is working \n").build();
}
}Spring已经生成了refresh_token,但是我没有得到access_token,有人能帮我吗?什么是假的?我的代码还是我的请求?
谢谢。
回答 1
Stack Overflow用户
发布于 2015-09-10 10:01:42
您正在使用grant_type=password参数,这意味着您希望使用资源所有者流。
+----------+
| Resource |
| Owner |
| |
+----------+
v
| Resource Owner
(A) Password Credentials
|
v
+---------+ +---------------+
| |>--(B)---- Resource Owner ------->| |
| | Password Credentials | Authorization |
| Client | | Server |
| |<--(C)---- Access Token ---------<| |
| | (w/ Optional Refresh Token) | |
+---------+ +---------------+
Figure 5: Resource Owner Password Credentials Flow
The flow illustrated in Figure 5 includes the following steps:
(A) The resource owner provides the client with its username and
password.
(B) The client requests an access token from the authorization
server's token endpoint by including the credentials received
from the resource owner. When making the request, the client
authenticates with the authorization server.
(C) The authorization server authenticates the client and validates
the resource owner credentials, and if valid, issues an access
token.对于这个流,您必须包括用户的用户名和密码,而不仅仅是您的client_id和client_secret。
从代码中,您还没有为用户设置身份验证管理器。尝试将其添加到您的SecurityConfiguration类中。
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception
{
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}测试它
curl -X GET -k -vu user:password http://localhost:8080/test/oauth/token -H "Accept: application/jd "grant_type=password&scope=read&client_secret=12345&client_id=my-trusted-client"页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/32488007
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号