我目前正在开发用于 Oauth2 身份验证的 spring 应用程序,但在实现自定义 ClientDetailsS​​ervice 时遇到了一些问题。

我不能使用常见的 inMemory ou jdbc clientDetailsS​​ervice 因为客户端信息没有存储在我的应用程序中,我从外部网络服务中获取它们。但是当我设置自定义 ClientDetailService 时,我不再获得 access_confirmation 页面(我得到一个空白页面)。

为了向您展示我的问题,我不使用我的应用程序,而是使用官方 spring--security-oauth 项目中的 vanilla 测试 spring-security-oauth

这是应用程序代码:

@SpringBootApplication 
@EnableResourceServer 
@RestController 
public class Application { 
 
    public static void main(String[] args) { 
        SpringApplication.run(Application.class, args); 
    } 
 
    @RequestMapping("/") 
    public String home() { 
        return "Hello World"; 
    } 
 
    @RequestMapping(value = "/", method = RequestMethod.POST) 
    @ResponseStatus(HttpStatus.CREATED) 
    public String create(@RequestBody MultiValueMap<String, String> map) { 
        return "OK"; 
    } 
 
    @Configuration 
    @EnableAuthorizationServer 
    protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter { 
 
        @Autowired 
        private AuthenticationManager authenticationManager; 
 
        @Override 
        public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { 
            endpoints.authenticationManager(authenticationManager); 
        } 
 
        @Override 
        public void configure(AuthorizationServerSecurityConfigurer security) throws Exception { 
            security.checkTokenAccess("isAuthenticated()"); 
        } 
 
        public ClientDetailsService clientDetailsService() { 
            return new ClientDetailsService() { 
                @Override 
                public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException { 
                    BaseClientDetails details = new BaseClientDetails(); 
                    details.setClientId(clientId); 
                    details.setAuthorizedGrantTypes(Arrays.asList("authorization_code") ); 
                    details.setScope(Arrays.asList("read, trust")); 
                    details.setResourceIds(Arrays.asList("oauth2-resource")); 
                    Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>(); 
                    authorities.add(new SimpleGrantedAuthority("ROLE_CLIENT")); 
                    details.setAuthorities(authorities); 
                    return details; 
                } 
            }; 
        }  //*/ 
 
 
        @Override 
        public void configure(ClientDetailsServiceConfigurer clients) throws Exception { 
            // @formatter:off 
 
            clients.withClientDetails(clientDetailsService()); 
 
            /*clients.inMemory() 
                .withClient("test") 
                    .authorizedGrantTypes("authorization_code") 
                    .authorities("ROLE_CLIENT") 
                    .scopes("read", "trust") 
                    .resourceIds("oauth2-resource"); 
            //*/ 
            // @formatter:on 
        } 
    } 
 
} 

如您所见,我添加了我的自定义 clientDetailsS​​ervice 并更改 ClientDetailsS​​erviceconfigurer 配置以设置它而不是内存中的 clientDetailsS​​ervice。

我的问题是,当我尝试获取我的 token 时,我在登录用户后不再获得我的 access_confirmation 页面。

我发现了我的问题,我在 clientDetails 中对范围的定义是错误的。我有 Arrays.asList("read, trust") 而不是 Arrays.asList("read", "trust")

我错过了什么吗?我必须在其他地方设置我的自定义 clientDetailsS​​ervice 吗?

请您参考如下方法:

尝试像这样更改您的 ClientDetails impl:

public ClientDetailsService clientDetailsService() { 
        return new ClientDetailsService() { 
            @Override 
            public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException { 
                BaseClientDetails details = new BaseClientDetails(); 
                details.setClientId(clientId); 
                details.setAuthorizedGrantTypes(Arrays.asList("authorization_code") ); 
                details.setScope(Arrays.asList("read, trust")); 
                details.setRegisteredRedirectUri(Collections.singleton("http://anywhere.com")); 
                details.setResourceIds(Arrays.asList("oauth2-resource")); 
                Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>(); 
                authorities.add(new SimpleGrantedAuthority("ROLE_CLIENT")); 
                details.setAuthorities(authorities); 
                return details; 
            } 
        }; 
    }  //*/ 


评论关闭
IT干货网

微信公众号号:IT虾米 (左侧二维码扫一扫)欢迎添加!