java-没有这样的客户端异常Spring Oauth2

我正在尝试使用Java配置来实现Spring Security OAuth2.

我的用例要求使用密码grant_type.

到目前为止,我已经配置了此文件,而无需使用web.xml,并且希望保持这种方式

我使用的版本：

> Spring框架：4.1.6
>春季安全性：4.0.1
>春季安全OAuth：2.0.7

为了简化说明,我在令牌端点上启用了GET

    @Override
    public void configure
        (AuthorizationServerEndpointsConfigurer endpoints) throws Exception
    {
            endpoints
                .tokenStore(tokenStore)
                .authenticationManager(authenticationManager)
                .allowedTokenEndpointRequestMethods(HttpMethod.GET); //<-- Enable GET
    }

我提出的要求如下：

http://localhost:8080/project/oauth/token?
    client_id=testClient&
    grant_type=password&
    username=user&
    password=password

该标头包含一个Authorization标头,其中包含以下内容的编码版本：

Username: user
Password: password

我得到的异常是：

HTTP Status 500 - Request processing failed; nested exception is
   org.springframework.security.oauth2.provider.NoSuchClientException:
   No client with requested id: user

从异常描述中可以看出,OAuth在ClientDetailsS​​ervice中正在寻找client：用户.但是,用户是用户凭证.我显然对配置有些误解.

我的配置如下：

ServletInitializer.java

public class ServletInitializer extends AbstractDispatcherServletInitializer {

    @Override
    protected WebApplicationContext createServletApplicationContext() {
        AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
        context.scan(ClassUtils.getPackageName(getClass()));
        return context;
    }

    @Override
    protected String[] getServletMappings() {
        return new String[]{"/"};
    }

    @Override
    protected WebApplicationContext createRootApplicationContext() {
        return null;
    }

    @Override
    public void onStartup(ServletContext servletContext) throws ServletException{
        super.onStartup(servletContext);
        DelegatingFilterProxy filter = new DelegatingFilterProxy("springSecurityFilterChain");
    filter.setContextAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher");
        servletContext.addFilter("springSecurityFilterChain", filter).addMappingForUrlPatterns(null, false, "/*");
    }
}

WebMvcConfig.java

@Configuration
@EnableWebMvc
public class WebMvcConfig extends WebMvcConfigurerAdapter {

    @Override
    public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
            configurer.enable();
    }
}

SecurityConfiguration.java

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception{
        auth.
            inMemoryAuthentication()
            .withUser("user")
            .password("password")
            .roles("USER");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception{
        http
            .authorizeRequests()
            .antMatchers("/Services/*")
            .authenticated()
        .and()
            .httpBasic();
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

}

OAuth2ServerConfig.java

@Configuration
public class OAuth2ServerConfig {

    @Configuration
    @EnableAuthorizationServer
    protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter{

        @Autowired 
        private TokenStore tokenStore;

        @Autowired
        @Qualifier("authenticationManagerBean")
        private AuthenticationManager authenticationManager;

        @Override
        public void configure(ClientDetailsServiceConfigurer clients) throws Exception{

            clients
                .inMemory()
                    .withClient("testClient")
                    .secret("secret")
                    .scopes("read", "write")
                    .authorities("ROLE_CLIENT")
                    .authorizedGrantTypes("password", "refresh_token")
                    .accessTokenValiditySeconds(60)
                    .refreshTokenValiditySeconds(3600);
        }

        @Bean
        public TokenStore tokenStore() {
            return new InMemoryTokenStore();
        }

        @Override
        public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception{
            endpoints
                .tokenStore(tokenStore)
                .authenticationManager(authenticationManager)
                .allowedTokenEndpointRequestMethods(HttpMethod.GET);
        }

        @Override 
        public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {

        }
    }

    @Configuration
    @EnableResourceServer
    protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

        @Override
        public void configure(ResourceServerSecurityConfigurer resources){
            resources.resourceId("SomeResourseId").stateless(false);
        }

        @Override
        public void configure(HttpSecurity http) throws Exception{

            http
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
                .authorizeRequests()
                    .antMatchers("/secure/**").access("#oauth2.hasScope('read')");
        }
    }
}

gitrepo中的代码以便于访问：https://github.com/dooffas/springOauth2

解决方法:

我不确定500在哪里来自您的情况.我看到一个406,因为没有用于访问令牌的JSON转换器(Spring过去默认为Jackson 1. *注册一个,但现在只为Jackson 2. *注册).如果我将jackson-databind添加到类路径,例如

<dependency>
    <groupId>com.fasterxml.jackson.core</groupId>
    <artifactId>jackson-databind</artifactId>
    <version>2.4.4</version>
    <scope>runtime</scope>
</dependency>

这对我有用：

$curl -v testClient:secret@localhost:8080/oauth/token?'grant_type=password&username=user&password=password'

附言您确实不应该对令牌请求使用GET.

标签：spring-security,oauth-2-0,oauth,spring,java
来源： https://codeday.me/bug/20191120/2043112.html