Python中文网

一个关于 编程问题的解答网站.

有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

java无法通过BasicAuth登录

2 周,4 日 Questions & Answers

我正在尝试用token实现oauth。一切似乎都很好,但在发帖之后

http://localhost:8080/oauth/token?grant_type=password

设置BasicAuth admin/admin(我在数据库中有一个登录名为admin和密码为admin的用户)

我得到了带有基本身份验证的窗口,当我写我的登录名和密码时,我一次又一次地得到了带有基本身份验证的窗口

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/**").authenticated();
    }
}


@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private AuthenticationManager authenticationManager;

    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security
                .tokenKeyAccess("permitAll()")
                .checkTokenAccess("isAuthenticated()")
                .allowFormAuthenticationForClients();
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory().withClient("安卓-client")
                .authorizedGrantTypes("client-credentials", "password","refresh_token")
                .authorities("ROLE_CLIENT", "ROLE_ANDROID_CLIENT")
                .scopes("read", "write", "trust")
                .resourceIds("oauth2-resource")
                .accessTokenValiditySeconds(5000)
                .secret("安卓-secret").refreshTokenValiditySeconds(50000);
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.authenticationManager(authenticationManager)
                .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
    }
}


@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserRepository userRepository;

    @Bean
    public AuthenticationManager customAuthenticationManager() throws Exception {
        return authenticationManager();
    }

    private PasswordEncoder encoder =
            PasswordEncoderFactories.createDelegatingPasswordEncoder();

    @Autowired
    protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(username -> {
            Optional<User> user = userRepository.findById(username);
            if (user.isPresent()) {
                return new org.springframework.security.core.userdetails.User(user.get().getUsername(), encoder.encode(user.get().getPassword()),
                        true, true, true, true, AuthorityUtils.createAuthorityList("USER"));
            } else {
                throw new UsernameNotFoundException("Could not find the user '" + username + "'");
            }
        });
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().fullyAuthenticated().and().httpBasic().and().csrf().disable();
    }
}

非常重要:
如果我删除ResourceServerConfig。java我可以通过BasicAuth登录,在写了admin/admin之后,我从本地主机获得了JSON:8080,但我希望通过令牌访问

这是我的第一个RESTful API
有人能帮我吗?有人知道我哪里出错了吗
互联网上的信息很少。我怎样才能修好它


共 (1) 个答案

  1. # 1 楼答案

    您需要将clientId:“android client”和机密“android secret”作为基本身份验证凭据发送,而不是像“grant_type”参数那样将用户(管理员/管理员)凭据作为http参数(用户名=管理员密码=管理员)发送

    所以你的要求应该是这样的

    http://localhost:8080/oauth/token?grant_type=password&username=admin&password=admin

    然后将您的clientId和secret添加到基本身份验证凭据中