当前位置: 首页 > 知识库问答 >
问题:

Spring oauth2 ver 2.0.7,404endpoint/OAuth/Token出错

虞正业
2023-03-14

在尝试将我们的web应用程序与Spring Oauth2集成时遇到了问题
endpoint/oauth/token被映射为GET和POST方法

o.s.s.o.p.e.FrameworkEndpointHandlerMapping- Mapped "{[/oauth/token],methods=[GET],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public org.springframework.http.ResponseEntity<org.springframework.security.oauth2.common.OAuth2AccessToken> org.springframework.security.oauth2.provider.endpoint.TokenEndpoint.getAccessToken(java.security.Principal,java.util.Map<java.lang.String, java.lang.String>) throws org.springframework.web.HttpRequestMethodNotSupportedException
o.s.s.o.p.e.FrameworkEndpointHandlerMapping- Mapped "{[/oauth/token],methods=[POST],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public org.springframework.http.ResponseEntity<org.springframework.security.oauth2.common.OAuth2AccessToken> org.springframework.security.oauth2.provider.endpoint.TokenEndpoint.postAccessToken(java.security.Principal,java.util.Map<java.lang.String, java.lang.String>) throws org.springframework.web.HttpRequestMethodNotSupportedException

访问时间:https://192.168.70.19:8072/oauth/token?grant_type=password&client_id=7ca42ea39288ec73212716fc6a51b8a2&username=admin&password=switch

**服务器返回:**错误的客户端凭据

但是,当我添加client_secret https://192.168.70.19:8072/oauth/token?grant_type=password&client_id=7ca42ea39288ec73212716fc6a51b8a2&client_secret=client_secret&username=admin&password=switch时,它是可以的

服务器返回404错误(据我所知,仅当API未映射时会发生这种情况)

我的一些配置:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:security="http://www.springframework.org/schema/security"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.2.xsd
    http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd
    http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd">

    <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
        <property name="targetClass"
                  value="org.springframework.security.core.context.SecurityContextHolder" />
        <property name="targetMethod" value="setStrategyName" />
        <property name="arguments">
            <list>
                <value>MODE_INHERITABLETHREADLOCAL</value>
            </list>
        </property>
    </bean>

    <bean id="authenticationEntryPoint"
          class="com.alu.ov.ngnms.appserver.login.AuthenticationEntryPoint">
        <constructor-arg name="loginUrl" value="/login.html" />
    </bean>
    <bean name="customUserDetailsAuthenticationProvider" class="com.alu.ov.ngnms.appserver.login.CustomUserDetailsAuthenticationProvider">
        <property name="aaaServerRepository" ref="AAAServerRepository"></property>
    </bean>
    <security:authentication-manager alias="authenticationManager"
                                     erase-credentials="false">
             <security:authentication-provider ref="customUserDetailsAuthenticationProvider" />
    </security:authentication-manager>
    <bean id="checkTokenEndPoint"
          class="org.springframework.security.oauth2.provider.endpoint.CheckTokenEndpoint">
        <constructor-arg name="resourceServerTokenServices" ref="tokenServices"/>      
    </bean>
    <bean id="customAccessDeniedHandler"
          class="com.alu.ov.ngnms.appserver.login.CustomAccessDeniedHandler"></bean>

    <security:http pattern="/oauth/token" create-session="stateless" entry-point-ref="authenticationEntryPoint" authentication-manager-ref="clientAuthenticationManager">
        <security:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
        <security:anonymous enabled="false" />
        <security:custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER" />
        <security:access-denied-handler ref="customAccessDeniedHandler" />
    </security:http>

    <security:http use-expressions="true" entry-point-ref="authenticationEntryPoint" create-session="never">
        <!-- for all users (login & non-login) -->
        <security:intercept-url pattern="/favicon.ico" access="permitAll" />
        <security:intercept-url pattern="/bower_components/**" access="permitAll"/>
        <security:intercept-url pattern="/locales/**" access="permitAll"/>
        <security:intercept-url pattern="/ov_components/**" access="permitAll"/>
        <security:intercept-url pattern="/scripts/**" access="permitAll"/>
        <security:intercept-url pattern="/styles/**" access="permitAll"/>
        <security:intercept-url pattern="/template/**" access="permitAll" />
        <security:intercept-url pattern="/webstart/classes/**" access="permitAll" />
        <security:intercept-url pattern="/assets/**" access="permitAll" />

        <!-- only for non-login users -->
        <security:intercept-url pattern="/login.html" access="!isAuthenticated()" />
        <security:intercept-url pattern="/upgrade.html" access="!isAuthenticated()" />
        <security:intercept-url pattern="/api/login" access="!isAuthenticated()" />

        <!-- for all login users -->

        <!-- only for admin user & no-license OV -->
        <security:intercept-url pattern="/noLicense.html" access="hasAnyRole('ROLE_ADMIN_NO_LICENSE')" />

        <security:intercept-url pattern="/**" access="isAuthenticated() and !hasRole('ROLE_ADMIN_NO_LICENSE')" />
        <security:access-denied-handler ref="customAccessDeniedHandler"/>
        <!-- Add filter to extract access token from request and perform authentication -->
        <security:custom-filter ref="customOAuth2AuthenProcessingFilter" before="PRE_AUTH_FILTER" />
        <security:expression-handler ref="oauthWebExpressionHandler" />
    </security:http>

    <bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
        <property name="authenticationManager" ref="clientAuthenticationManager" />
    </bean>

       <security:global-method-security authentication-manager-ref="authenticationManager" pre-post-annotations="enabled"
        secured-annotations="enabled">
    </security:global-method-security>

        <oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices">
        <oauth:authorization-code />
        <oauth:implicit />
        <oauth:refresh-token />
        <oauth:client-credentials />
        <oauth:password authentication-manager-ref="authenticationManager"/>

    </oauth:authorization-server>
    <security:authentication-manager id="clientAuthenticationManager">
        <security:authentication-provider user-service-ref="clientDetailsUserService" />
    </security:authentication-manager>

    <bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
        <constructor-arg ref="clientDetails" />
    </bean>

    <bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices" >
        <property name="tokenStore" ref="mongoDBTokenStore" />
        <property name="supportRefreshToken" value="true" />
        <property name="clientDetailsService" ref="clientDetails" />
        <!--  Access token & Refresh token will be expired in 1 year 1 second after being granted -->
        <property name="accessTokenValiditySeconds" value="31536001"></property>
        <property name="refreshTokenValiditySeconds" value="31536001"></property>
    </bean>

    <bean id="ovTokenExtractor" class="com.alu.ov.ngnms.appserver.login.OVTokenExtractor"></bean>
    <bean id="oauth2AuthenticationManager" class="org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationManager">
        <property name="tokenServices" ref="tokenServices"></property>
    </bean>
    <bean id="customOAuth2AuthenProcessingFilter" class="org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter">
        <property name="authenticationEntryPoint" ref="authenticationEntryPoint"></property>
        <property name="authenticationManager" ref="oauth2AuthenticationManager"></property>
        <property name="tokenExtractor" ref="ovTokenExtractor"></property>
    </bean>

    <bean id="clientDetails" class="com.alu.ov.ngnms.appserver.token.CustomClientDetailsService"/>

    <security:global-method-security pre-post-annotations="enabled" proxy-target-class="true">
        <!--you could also wire in the expression handler up at the layer of the http filters. See https://jira.springsource.org/browse/SEC-1452 -->
        <security:expression-handler ref="oauthExpressionHandler" />
    </security:global-method-security>

    <oauth:expression-handler id="oauthExpressionHandler" />

    <mvc:annotation-driven />

    <mvc:default-servlet-handler />

    <oauth:web-expression-handler id="oauthWebExpressionHandler" />
</beans>

-------编辑1-------添加web.xml:

<servlet>
        <servlet-name>atmoSpring</servlet-name>
        <servlet-class>org.atmosphere.cpr.MeteorServlet</servlet-class>


        <init-param>
            <!-- When MeteorServlet is used, this is the parameter that will be looked 
                and all requests will be delegated to this servlet, Of course, since we are 
                using, Spring MVC, we delegate to DispatcherServlet -->
            <param-name>org.atmosphere.servlet</param-name>
            <param-value>org.springframework.web.servlet.DispatcherServlet</param-value>
        </init-param>

        <!-- Bunch of Atmosphere specific properties -->
        <init-param>
            <param-name>org.atmosphere.cpr.broadcasterClass</param-name>
            <param-value>org.atmosphere.cpr.DefaultBroadcaster</param-value>
        </init-param>

        <!-- Set Atmosphere to use the container native Comet support. -->
        <init-param>
            <param-name>org.atmosphere.useNative</param-name>
            <param-value>true</param-value>
        </init-param>

        <!-- Force Atmosphere to use stream when writing bytes. -->
        <init-param>
            <param-name>org.atmosphere.useStream</param-name>
            <param-value>true</param-value>
        </init-param>

        <init-param>
            <param-name>org.atmosphere.cpr.AtmosphereInterceptor</param-name>
            <param-value>org.atmosphere.interceptor.SSEAtmosphereInterceptor</param-value>
        </init-param>

        <init-param>
            <param-name>org.atmosphere.interceptor.SSEAtmosphereInterceptor.contentType</param-name>
            <param-value>text/event-stream</param-value>
        </init-param>

        <!-- Use this interceptor to prevent firewall/proxies from canceling the 
            connection after a specific idle time -->
        <init-param>
            <param-name>org.atmosphere.cpr.AtmosphereInterceptor</param-name>
            <param-value>org.atmosphere.interceptor.HeartbeatInterceptor</param-value>
        </init-param>
        <init-param>
            <param-name>org.atmosphere.interceptor.HeartbeatInterceptor.heartbeatFrequencyInSeconds</param-name>
            <param-value>30</param-value>
        </init-param>

        <init-param>
            <param-name>org.atmosphere.useWebSocketAndServlet3</param-name>
            <param-value>false</param-value>
        </init-param>

        <init-param>
            <param-name>org.atmosphere.cpr.AtmosphereInterceptor.disableDefaults</param-name>
            <param-value>true</param-value>
        </init-param>

        <init-param>
            <param-name>org.atmosphere.cpr.broadcasterCacheClass</param-name>
            <param-value>org.atmosphere.cache.UUIDBroadcasterCache</param-value>
        </init-param>

        <init-param>
            <param-name>org.atmosphere.cpr.broadcaster.shareableThreadPool</param-name>
            <param-value>true</param-value>
        </init-param>


        <init-param>
            <param-name>org.atmosphere.cpr.sessionSupport</param-name>
            <param-value>true</param-value>
        </init-param>

        <load-on-startup>1</load-on-startup>
        <async-supported>true</async-supported>
    </servlet>
    <servlet-mapping>
        <servlet-name>atmoSpring</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/webContext.xml</param-value>
    </context-param>

    <!-- Spring Security -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        <async-supported>true</async-supported>
        <init-param>
            <param-name>contextAttribute</param-name>
            <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher> 
        <dispatcher>ASYNC</dispatcher>
        <dispatcher>ERROR</dispatcher>
    </filter-mapping>

    <filter>
        <filter-name>cacheControlFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        <async-supported>true</async-supported>
    </filter>

    <filter-mapping>
        <filter-name>cacheControlFilterChain</filter-name>
        <url-pattern>/api/*</url-pattern>
    </filter-mapping>

    <!-- Session Listener for Webstart -->
    <listener>
        <listener-class>com.alu.ov.ngnms.appserver.controller.SessionListener</listener-class>
    </listener>

共有1个答案

卓胜
2023-03-14

不能在ContextLoaderListener中定义授权服务器endpoint。我真的不知道meteorServlet是如何工作的,但是您必须将配置放到dispatcherServlet中,以便它能够处理“/oauth/token”请求(处理程序由 声明创建)。

 类似资料:
  • Spring OAuth2实现多因素身份验证的完整代码已经上传到文件共享站点的这个链接。下面给出了在几分钟内在任何计算机上重新创建当前问题的说明。

  • 我正在尝试使用 adfs 的 oAuth 功能,但正在努力从中获取访问令牌。安装程序是安装在虚拟虚拟机中的Windows Server 2012 R2预览版。 我可以通过发出以下命令来获取访问代码: 这会将我重定向到以下url 但是当我尝试使用此请求兑换令牌时: 有一个错误,我没有得到访问令牌。 adfs服务的事件查看器声明以下错误: 路径 /adfs/oauth2/token 上没有注册的协议处

  • 我想重写CheckTokenEndpoint,以将我自己的自定义输出作为映射提供给资源服务器。我试过以下方法,但不起作用。 为(/oauth/check_token)引入了新的自定义控制器,但Spring拒绝了此自定义,并注册了自己的控制器。 用不同的定义重写bean“check tokenendpoint”的bean定义:将[Generic bean:class[com.datami.auth.

  • 我想使用Spring Cloud实现OAuth2的令牌刷新。 我可以使用以下有效负载通过向发送请求来创建令牌: 但对于刷新令牌,则使用相同的路径。我还需要将用户名和密码发送到标题中,但我没有它们。我可以使用以下负载使用刷新令牌创建一个新令牌: Github代码

  • 问题内容: 我正在尝试为我的角度应用程序启用oauth2令牌获取。我的配置运行正常(身份验证对于所有请求均正常运行,令牌提取也正常运行),但是有一个问题。 CORS请求要求在将GET OPTIONS请求发送到服务器之前。更糟糕的是,该请求不包含任何身份验证标头。我希望此请求始终返回200状态,而无需在服务器上进行任何身份验证。可能吗?也许我想念一些东西 我的Spring安全配置: angular

  • 我使用Spring Boot来创建一个简单的rest服务。为了在Angular 2中使用它,我在OAuth/令牌endpoint上检索令牌时遇到了CORS问题。 Chrome 中的错误消息如下所示。 相关文件如下。 MyConfig.java OAuth2ResourceServerConfig.java 我是Java和spring的新手。我发现了一些类似的问题,如在检索令牌时选项请求上的OAut