问题:
Spring Oauth2访问令牌无效
皇甫心思
<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2
http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd">
<context:component-scan base-package="com.mx.testing.mem.back" />
<sec:http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="authenticationManager">
<sec:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
<sec:anonymous enabled="false" />
<sec:http-basic entry-point-ref="clientAuthenticationEntryPoint" />
<sec:custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
<sec:access-denied-handler ref="oauthAccessDeniedHandler" />
</sec:http>
<sec:http pattern="/protected/**" create-session="never" entry-point-ref="oauthAuthenticationEntryPoint">
<sec:anonymous enabled="false" />
<sec:intercept-url pattern="/protected/**" method="GET" access="IS_AUTHENTICATED_FULLY" />
<sec:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<sec:access-denied-handler ref="oauthAccessDeniedHandler" />
</sec:http>
<bean id="oauthAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
</bean>
<bean id="clientAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="springsec/client" />
<property name="typeName" value="Basic" />
</bean>
<bean id="oauthAccessDeniedHandler"
class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler">
</bean>
<bean id="clientCredentialsTokenEndpointFilter"
class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider user-service-ref="clientDetailsUserService" />
</sec:authentication-manager>
<bean id="clientDetailsUserService"
class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
<constructor-arg ref="clientDetails" />
</bean>
<bean id="clientDetails" class="com.mx.testing.mem.back.controller.GuestServiceImpl">
<property name="id" value="testingTrustedClient" />
<property name="secretKey" value="testingKeyTrusted" />
</bean>
<sec:authentication-manager id="userAuthenticationManager">
<sec:authentication-provider ref="customUserAuthenticationProvider" />
</sec:authentication-manager>
<bean id="customUserAuthenticationProvider"
class="com.mx.testing.mem.back.controller.UserAuthenticationProvider">
</bean>
<oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices">
<oauth:authorization-code />
<oauth:implicit/>
<oauth:refresh-token/>
<oauth:client-credentials />
<oauth:password authentication-manager-ref="userAuthenticationManager"/>
</oauth:authorization-server>
<oauth:resource-server id="resourceServerFilter" resource-id="springsec" token-services-ref="tokenServices" />
<bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore" />
<bean id="tokenServices"
class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
<property name="tokenStore" ref="tokenStore" />
<property name="supportRefreshToken" value="true" />
<property name="accessTokenValiditySeconds" value="12000"></property>
<property name="clientDetailsService" ref="clientDetails" />
</bean>
<!-- Enable @Controller annotation support -->
<mvc:annotation-driven />
<mvc:resources mapping="/assets/**" location="/assets/" />
<mvc:resources mapping="/druid/**" location="/WEB-INF/support/http/resources" />
<!-- <bean id="dataSource"
class="com.alibaba.druid.pool.DruidDataSource"
init-method="init" destroy-method="close">
<property name="driverClassName" value="com.microsoft.sqlserver.jdbc.SQLServerDriver" />
<property name="url" value="jdbc:sqlserver://captrade.database.windows.net;database=AgileTrade;" />
<property name="username" value="testing" />
<property name="password" value="C4pgemini2017" />
<property name="validationQuery" value="SELECT 1" />
</bean> -->
<bean id="dataSource" class="oracle.jdbc.pool.OracleDataSource">
<property name="dataSourceName" value="ds"/>
<property name="URL" value="jdbc:oracle:thin:@127.0.0.1:1521:cdb1"/>
<property name="user" value="C##testing_SCHEME"/>
<property name="password" value="testing"/>
</bean>
<bean id="sessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
<property name="dataSource" ref="dataSource" />
</bean>
<bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
<property name="basePackage" value="com.mx.testing.mem.back.mapper" />
</bean>
<bean id="transactionManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource" />
</bean>
<mvc:default-servlet-handler />
<context:annotation-config/>
</beans>
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="verwandlung" version="3.0">
<display-name>testing MX</display-name>
<session-config>
<session-timeout>
3000
</session-timeout>
</session-config>
<!-- Spring MVC Configuration -->
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/dispatcher-servlet.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>100000</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Druid -->
<servlet>
<servlet-name>DruidStatView</servlet-name>
<servlet-class>com.alibaba.druid.support.http.StatViewServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>DruidStatView</servlet-name>
<url-pattern>/druid/*</url-pattern>
</servlet-mapping>
<!-- Home Page -->
<welcome-file-list>
<welcome-file>/</welcome-file>
</welcome-file-list>
</web-app>
我得到的令牌是:
http://localhost:8080/servicesmem/oauth/token?username=myuser&password=mypassword&grant_type=password&scope=read,write,trust
我得到:
{
"access_token": "261c2808-9df1-43a6-a6bd-f389a4ed0178",
"token_type": "bearer",
"refresh_token": "e53212b5-3cd3-4286-8833-c78069473d74",
"expires_in": 10673,
"scope": "read,write,trust"
}
我得到:
{
"error": "invalid_token",
"error_description": "Invalid access token: 261c2808-9df1-43a6-a6bd-f389a4ed0178"
}
我使用头:Authorization Bearer ACCESS_TOKEN,但我得到了同样的错误。我错过了什么?
共有1个答案
赵禄
答:
我需要将MemoryToken存储更改为JDBC令牌存储:
只需将inMemoryTokenStore替换为JDBCTokenStore:
<bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.JdbcTokenStore">
<constructor-arg name="dataSource" ref="dataSource" />
</bean>
create table oauth_access_token(
token_id varchar2(100),
token BLOB,
authentication_id varchar2(100),
user_name varchar2(100),
client_id varchar2(100),
authentication BLOB,
refresh_token varchar2(4000),
primary key(token_id)
);
create table oauth_refresh_token(
token_id varchar2(100),
token BLOB,
authentication BLOB
);
类似资料:
-
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=your_app_client_id&response_type=code&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2foauth2%2fnativeclient&res
-
访问令牌凭据(以及任何机密的访问令牌属性)在传输和储存时必须保持机密性,并只与授权服务器、访问令牌生效的资源服务器和访问令牌被颁发的客户端共享。访问令牌凭据必须只能使用带有RFC2818定义的服务器身份验证的1.6节所述的TLS 传输。 当使用隐式授权许可类型时,访问令牌在URI片段中传输,这可能泄露访问令牌给未授权的一方。 授权服务器必须确保访问令牌不能被生成、修改或被未授权一方猜测而产生有效的
-
访问令牌是用于访问受保护资源的凭据。访问令牌是一个代表向客户端颁发的授权的字符串。该字符串通常对于客户端是不透明的。令牌代表了访问权限的由资源所有者许可并由资源服务器和授权服务器实施的具体范围和期限。 令牌可以表示一个用于检索授权信息的标识符或者可以以可验证的方式自包含授权信息(即令牌字符串由数据和签名组成)。额外的身份验证凭据——在本规范范围以外——可以被要求以便客户端使用令牌。 访问令牌提供了
-
我目前正在开发一个简单的Spring Boot应用程序,在该应用程序中,我传递client_id和secret以获得访问令牌,从而获得一个刷新和访问令牌。 但是,当我尝试使用该令牌访问资源(我的REST API)时(具有以下URL:curl-h“authorization:Bearer ead8ba5d-88ad-4531-a821-db08bf25e888”localhost:8081/my-e
-
我知道有些人会发表评论,比如这篇文章重复了很多问题,但是我已经尝试了很多方法来在领英Oauth中实现访问令牌。解释我所尝试的。 1)我正在关注它的官方文档LinkedIn Oauth2 2) 我已成功从步骤 2 获取授权代码,并将该代码传递给步骤 3,以交换身份验证代码以获取访问令牌。但是我收到以下错误{“error_description”:“缺少必需参数,包含无效的参数值,参数不止一次。 :无
-
我试图使用从Spring应用程序中的公共客户端获取访问令牌。 谁能帮我弄清楚我做错了什么吗?