java 如何为令牌设置资源 ID?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/28703847/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do you set a resource ID for a token?
提问by Steve S.
I try to implement a RESTFul webservice with OAuth using this guide: https://spring.io/guides/tutorials/bookmarks
我尝试使用本指南使用 OAuth 实现 RESTFul 网络服务:https://spring.io/guides/tutorials/bookmarks
I can successfully retrieve a token:
我可以成功检索令牌:
curl -v -u android-bookmarks:123456 -X POST http://localhost:8080/oauth/token -H "Accept: application/json" -d "password=password&username=User1&grant_type=password&scope=write&client_secret=12345&client_id=android-bookmarks"
Response:
回复:
{"access_token":"cdafc45f-924a-4f87-8bd0-e3e2bdffa540","token_type":"bearer","refresh_token":"609efba8-edd3-4ea3-be7b-78e449cec0ef","expires_in":43199,"scope":"write"}* Connection #0 to host localhost left intact
When I try to access the resource:
当我尝试访问资源时:
curl -G http://localhost:8080/bookmarks -H "Authorization: Bearer cdafc45f-924a-4f87-8bd0-e3e2bdffa540"
I get the following response:
我收到以下回复:
{"error":"access_denied","error_description":"Invalid token does not contain resource id (oauth2-resource)"}
The Java class setting the resource id:
设置资源 id 的 Java 类:
@Configuration
@EnableResourceServer
@EnableAuthorizationServer
public class OAuth2Configuration extends AuthorizationServerConfigurerAdapter {
public static final String RESOURCE_ID = "bookmarks";
@Autowired
AuthenticationManagerBuilder authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
endpoints.authenticationManager(new AuthenticationManager() {
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
return authenticationManager.getOrBuild().authenticate(
authentication);
}
});
}
@Override
public void configure(ClientDetailsServiceConfigurer clients)
throws Exception {
clients.inMemory()
.withClient("android-" + RESOURCE_ID)
.authorizedGrantTypes("password", "authorization_code", "refresh_token")
.authorities("ROLE_USER")
.scopes("write")
.secret("123456")
.resourceIds(RESOURCE_ID);
}
}
When I change this code to:
当我将此代码更改为:
clients.inMemory()
.withClient("android-" + applicationName)
.authorizedGrantTypes("password", "authorization_code", "refresh_token")
.authorities("ROLE_USER")
.scopes("write")
.secret("123456");
I can access the resource with the previously mentioned (curl) commands successfully.
我可以使用前面提到的 (curl) 命令成功访问资源。
回答by Steve S.
Turns out that I had to implement the interface ResourceServerConfigurerAdapter. The following implementation works perfectly:
事实证明,我必须实现接口 ResourceServerConfigurerAdapter。以下实现完美地工作:
@Configuration
@EnableResourceServer
public class ResourceServer extends ResourceServerConfigurerAdapter{
@Override
public void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.requestMatchers().antMatchers("/bookmarks", "/bookmarks/**")
.and()
.authorizeRequests().anyRequest().access("#oauth2.hasScope('write')");
// @formatter:on
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId(OAuth2Configuration.RESOURCE_ID);
}
}
