从OAuth2 LoginFrom登录时获取OAuth2

Question

我使用spring OAuth2 loginForm和access_token方法进行身份验证。但是当我登录时，我无法访问需要access_token授权的资源服务器。

当我登录时，如何获得access_token？

我应该手动创建access_token吗？

我配置spring安全性的内容是：

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private SpringDataMyBatisUserDetailsService userDetailsService;

    @Override
    @Autowired
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
        .userDetailsService(this.userDetailsService)
        .passwordEncoder(Manager.PASSWORD_ENCODER);
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
            .antMatchers(
                      "/druid/**",
                      "/images/**"
            );
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.addFilterBefore(new CorsFilter(), ChannelProcessingFilter.class);
    }

    @Order(1)
    @Configuration
    @EnableAuthorizationServer
    public static class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

        private final AuthenticationManager authenticationManager;
        @Autowired
        private TokenStore tokenStore;
        @Autowired
        private SpringDataMyBatisClientDetailsService clientDetailsService;

        @Autowired
        public AuthorizationServerConfig(AuthenticationManager authenticationManager) {
            this.authenticationManager = authenticationManager;
        }

        /**
         * Defines the security constraints on the token endpoints /oauth/token_key and /oauth/check_token
         * Client credentials are required to access the endpoints
         *
         * @param oauthServer
         * @throws Exception
         */
        @Override
        public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
            oauthServer
//          .passwordEncoder(Client.PASSWORD_ENCODER)
            .tokenKeyAccess("permitAll()")
            .checkTokenAccess("isAuthenticated()");
        }

        /**
         * Defines the authorization and token endpoints and the token services
         *
         * @param endpoints
         * @throws Exception
         */
        @Override
        public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
            endpoints
            .authenticationManager(this.authenticationManager)
            .tokenEnhancer(tokenEnhancer())
            .tokenStore(tokenStore);
        }

        @Override
        public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
            clients
            .withClientDetails(clientDetailsService);
        }

        @Bean
        public TokenEnhancer tokenEnhancer() {
            return new CustomTokenEnhancer();
        }

    }

    @Order(3)
    @Configuration
    @EnableResourceServer
    public static class ApiResources extends ResourceServerConfigurerAdapter {

        @Autowired
        private RestAuthenticationEntryPoint restAuthenticationEntryPoint;
        @Autowired
        private AuthenticationSuccessHandler successHandler;
        @Autowired
        private AuthenticationFailureHandler failureHandler;
        @Autowired
        private TokenStore tokenStore;

        @Override
        public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
            resources
            .tokenStore(tokenStore);
        }

        @Override
        public void configure(HttpSecurity http) throws Exception {
            http
            .antMatcher("/api/**")
            .exceptionHandling()
            .authenticationEntryPoint(restAuthenticationEntryPoint)
            .and()
            .authorizeRequests()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .successHandler(successHandler)
                .failureHandler(failureHandler)
                .and()
            .logout();
        }

    }

    @Order(4)
    @Configuration
    public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
            .csrf().disable()
            .authorizeRequests()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/authention/login")
                .defaultSuccessUrl("/", true)
                .failureUrl("/authention/login?error")
                .permitAll()
                .and()
            .logout()
                .logoutSuccessUrl("/authention/login?success")
                .and()
            .sessionManagement()
                .sessionFixation().migrateSession();
        }

    }

    @Bean
    public static AuthenticationSuccessHandler myAuthenticationSuccessHandler() {
        return new SavedRequestAwareAuthenticationSuccessHandler();
    }

    @Bean
    public static AuthenticationFailureHandler myAuthenticationFailureHandler() {
        return new SavedRequestAwareAuthenticationFailureHandler();
    }

}

Answer 1

当您在应用程序中配置spring时，您可以访问REST来获取令牌、撤销令牌等等。请参阅这个链接来获取spring引导应用程序的基本oauth配置。也可以通过API参考

样本OAuth2AuthorizationServerConfig：

@Configuration
@EnableAuthorizationServer
public class OAuth2AuthorizationServerConfig extends      AuthorizationServerConfigurerAdapter {

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients
            .inMemory()
            .withClient("hello")
            .authorizedGrantTypes("password", "refresh_token")
            .authorities("ROLE_APP")
            .scopes("read", "write")
            .secret("secret");
     }
}

SecurityConfig类：

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@ComponentScan(basePackages = {"com.test.config"})
public class SecurityConfig extends WebSecurityConfigurerAdapter {


@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/resources/**");
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .csrf()
            .disable();
    http
            .authorizeRequests()
            .anyRequest().access("#oauth2.hasScope('read')")
            .and()
            .exceptionHandling()
            .authenticationEntryPoint(oauthAuthenticationEntryPoint())
            .accessDeniedHandler(oAuth2AccessDeniedHandler());
    http
            .formLogin()
            .loginPage("/login")
            .failureUrl("/")
            .permitAll()
            .and()
            .logout()
            .logoutSuccessUrl("/login")
            .permitAll();
}
}

配置应用程序之后。您可以访问REST，如下所示。

1. 为了获得令牌，您需要访问这个URL： localhost:8080/oauth/token?grant_type=password&client_id=hello&client_secret=secret&username=admin&password=password

如果用户成功，这将对其进行身份验证，然后生成令牌，如下所示：

{
    "access_token": "0307d70f-e3da-40f4-804b-f3a8aba4d8a8",
    "token_type": "bearer",
    "refresh_token": "daf21f97-f425-4245-8e47-19e4c87000e8",
    "expires_in": 119,
    "scope": "read write"
}

1. 获得此令牌后，只需传递此令牌即可访问应用程序的REST。例如，如果您有一个URL "/hello“，那么在通过上述步骤获得的令牌后面添加一个请求。 "http://localhost:8080/hello?access_token=0307d70f-e3da-40f4-804b-f3a8aba4d8a8"