1. casa
  2. Domanda e risposta
  3. org.springframework.security.oauth2.provider.endpoint.TokenEndpoint handleException

org.springframework.security.oauth2.provider.endpoint.TokenEndpoint handleException

2015-03-25 14 views
7

Sto usando il codice "Spring OAuth2 REST" da http://www.e-zest.net/blog/rest-authentication-using-oauth-2-0-resource-owner-password-flow-protocol/#comment-5993 e lo sviluppo per funzionare con l'ultima versione di Spring-Security-OAuth2 (che è v 2.0.7 .RELEASE), ma si noti che il codice originale funziona solo per le ultime versioni inferiori (che è 1.0.5.RELEASE) e non per l'ultima. Per utilizzare le dipendenze della versione più recente, ho modificato sotto due file, rimanendo il codice dal sito/URL menzionato che utilizza così com'è.org.springframework.security.oauth2.provider.endpoint.TokenEndpoint handleException

sto utilizzando la seguente configurazione:

<?xml version="1.0" encoding="UTF-8" ?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oauth="http://www.springframework.org/schema/security/oauth2" 
    xmlns:sec="http://www.springframework.org/schema/security" xmlns:mvc="http://www.springframework.org/schema/mvc" 
    xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd 
     http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd 
     http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd 
     http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd "> 


    <http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="authenticationManager" 
     xmlns="http://www.springframework.org/schema/security" > 

     <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" /> 
     <anonymous enabled="false" /> 
     <http-basic entry-point-ref="clientAuthenticationEntryPoint" /> 
     <custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" /> 
     <access-denied-handler ref="oauthAccessDeniedHandler" /> 
    </http> 

    <http pattern="/resources/**" create-session="never" entry-point-ref="oauthAuthenticationEntryPoint" 
     xmlns="http://www.springframework.org/schema/security"> 
     <anonymous enabled="false" /> 
     <intercept-url pattern="/resources/**" method="GET" /> 
     <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" /> 
     <access-denied-handler ref="oauthAccessDeniedHandler" /> 
    </http> 

    <http pattern="/logout" create-session="never" 
     entry-point-ref="oauthAuthenticationEntryPoint" 
     xmlns="http://www.springframework.org/schema/security"> 
     <anonymous enabled="false" /> 
     <intercept-url pattern="/logout" method="GET" /> 
     <sec:logout invalidate-session="true" logout-url="/logout" success-handler-ref="logoutSuccessHandler" /> 
     <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" /> 
     <access-denied-handler ref="oauthAccessDeniedHandler" /> 
    </http> 

    <bean id="logoutSuccessHandler" class="demo.oauth2.authentication.security.LogoutImpl" > 
     <property name="tokenstore" ref="tokenStore"></property> 
    </bean> 

    <bean id="oauthAuthenticationEntryPoint" 
     class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint"> 
    </bean> 

    <bean id="clientAuthenticationEntryPoint" 
     class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint"> 
     <property name="realmName" value="springsec/client" /> 
     <property name="typeName" value="Basic" /> 
    </bean> 

    <bean id="oauthAccessDeniedHandler" 
     class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler"> 
    </bean> 

    <bean id="clientCredentialsTokenEndpointFilter" 
     class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter"> 
     <property name="authenticationManager" ref="authenticationManager" /> 
    </bean> 

    <authentication-manager alias="authenticationManager" 
     xmlns="http://www.springframework.org/schema/security"> 
     <authentication-provider user-service-ref="clientDetailsUserService" /> 
    </authentication-manager> 

    <bean id="clientDetailsUserService" 
     class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService"> 
     <constructor-arg ref="clientDetails" /> 
    </bean> 

    <bean id="clientDetails" class="demo.oauth2.authentication.security.ClientDetailsServiceImpl"/> 

    <authentication-manager id="userAuthenticationManager" 
     xmlns="http://www.springframework.org/schema/security"> 
     <authentication-provider ref="customUserAuthenticationProvider"> 
     </authentication-provider> 
    </authentication-manager> 

    <bean id="customUserAuthenticationProvider" 
     class="demo.oauth2.authentication.security.CustomUserAuthenticationProvider"> 
    </bean> 

    <oauth:authorization-server 
     client-details-service-ref="clientDetails" token-services-ref="tokenServices"> 
     <oauth:authorization-code /> 
     <oauth:implicit/> 
     <oauth:refresh-token/> 
     <oauth:client-credentials /> 
     <oauth:password authentication-manager-ref="userAuthenticationManager"/> 
    </oauth:authorization-server> 

    <oauth:resource-server id="resourceServerFilter" 
     resource-id="springsec" token-services-ref="tokenServices" />  
    <bean id="tokenStore"    class="org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore" /> 


    <bean id="tokenServices" 
     class="org.springframework.security.oauth2.provider.token.DefaultTokenServices"> 
     <property name="tokenStore" ref="tokenStore" /> 
     <property name="supportRefreshToken" value="true" /> 
     <property name="accessTokenValiditySeconds" value="300000"></property> 
     <property name="clientDetailsService" ref="clientDetails" /> 
    </bean> 


    <mvc:annotation-driven /> 
    <mvc:default-servlet-handler /> 

    <bean id="MyResource" class="demo.oauth2.authentication.resources.MyResource"></bean> 

</beans>

e

package demo.oauth2.authentication.security; 
import java.util.ArrayList; 
import java.util.List; 
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; 
import org.springframework.security.oauth2.provider.ClientDetails; 
import org.springframework.security.oauth2.provider.ClientDetailsService; 
import org.springframework.security.oauth2.provider.NoSuchClientException; 
import org.springframework.security.oauth2.provider.client.BaseClientDetails; 
import org.springframework.stereotype.Service; 

@Service 
public class ClientDetailsServiceImpl implements ClientDetailsService { 

    private static final String CLIENT_CREDENTIALS = "client_credentials"; 
private static final String REFRESH_TOKEN = "refresh_token"; 
private static final String PASSWORD = "password"; 

@Override 
public ClientDetails loadClientByClientId(String clientId) throws OAuth2Exception { 
    List<String> authorizedGrantTypes = new ArrayList<>(); 
    authorizedGrantTypes.add(PASSWORD); 
    authorizedGrantTypes.add(REFRESH_TOKEN); 
    authorizedGrantTypes.add(CLIENT_CREDENTIALS); 

    if (clientId.equals("client1")) { 
     BaseClientDetails clientDetails = new BaseClientDetails(); 
     clientDetails.setClientId("client1"); 
     clientDetails.setClientSecret("client1"); 
     clientDetails.setAuthorizedGrantTypes(authorizedGrantTypes); 
     return clientDetails; 
    } 
    else if(clientId.equals("client2")){ 
     BaseClientDetails clientDetails = new BaseClientDetails(); 
     clientDetails.setClientId("client2"); 
     clientDetails.setClientSecret("client2"); 
     clientDetails.setAuthorizedGrantTypes(authorizedGrantTypes); 
     return clientDetails; 
    } 
    else{ 
     throw new NoSuchClientException("No client with requested id: " + clientId); 
    } 
}

Il codice sta dando errore alla classe superiore. Anche quando ho provato ad eseguire il seguente comando da POSTMAN Rest Client http://localhost:8080/demo.rest.springsecurity.oauth2.0.authentication/oauth/token?username=user1&password=user1&client_id=client1&client_secret=client1&grant_type=password

mi danno i seguenti errori. L'errore principale sulla console:

Mar 26, 2015 4:57:40 PM org.springframework.security.oauth2.provider.endpoint.TokenEndpoint handleException 
INFO: Handling error: InvalidScopeException, Empty scope (either the client or the user is not allowed the requested scopes)

Questo è il messaggio da Postman Riposo Cliente:

{ 
    "error": "invalid_scope", 
    "error_description": "Empty scope (either the client or the user is not allowed the requested scopes)" 
}

fonte

2015-03-25 Prateek

risposta

10

ho avuto la soluzione a questo problema. È necessario specificare il valore per l'ambito come read, write, trust. Per Es: http://localhost:8080/demo.rest.springsecurity.oauth2.0.authentication/oauth/token?username=user1&password=user1&client_id=client1&client_secret=client1&grant_type=password&scope=read,write,trust enter image description here

Ecco quello che posso accedere alle risorse protette, nonché fornendo token di accesso http://localhost:8080/demo.rest.springsecurity.oauth2.0.authentication/resources/MyResource/getMyInfo?access_token=27e28c65-5b18-4a0f-b55b-cfs2c5f6997b

enter image description here

Questo è davvero lavorando molto bello !!

fonte

2015-03-26 19:12:05 Prateek

+0

grazie per questo post .... questo mi ha aiutato a risolvere il mio problema dopo aver cercato molto tempo per un solution.thanku molto ... – KJEjava48

+0

Benvenuto. Si prega di come il post e la risposta accettata !! –

 Problemi correlati

  • Nessun problema correlato^_^