2017-08-01 30 views
0

我的應用程序使用Spring Security Oauth2配置來管理認證。Spring Security oauth 2使用grant_type「password」禁用TokenEndPoint上的客戶機認證

目前,我的請求需要這些信息:grand_type,用戶名,密碼,client_id和client_secret。

但是,我不需要客戶端認證(client_id + client_secret)爲我的應用程序。那麼,我如何刪除這個認證?

這裏是我當前的配置:

AuthorizationServerConfigurerAdapter:

@Configuration 
@EnableAuthorizationServer 
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter { 

@Autowired 
private TokenStore tokenStore; 

@Autowired 
private UserApprovalHandler userApprovalHandler; 

@Autowired 
@Qualifier("authenticationManagerBean") 
private AuthenticationManager authenticationManager; 

@Override 
public void configure(ClientDetailsServiceConfigurer clients) throws Exception { 

    clients.inMemory() 
     .withClient("khk") 
     .autoApprove(true) 
     .authorizedGrantTypes("refresh_token", "password") 
     .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT") 
     .scopes("openid") 
     //.secret("changeme") 
     .accessTokenValiditySeconds(30000) 
     .refreshTokenValiditySeconds(60000); 
} 

@Override 
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { 
    endpoints.tokenStore(tokenStore).userApprovalHandler(userApprovalHandler) 
      .authenticationManager(authenticationManager).pathMapping("/oauth/token", "/connect").accessTokenConverter(accessTokenConverter()); 
} 

public AccessTokenConverter accessTokenConverter() { 
    return new DefaultAccessTokenConverter(); 
} 

@Override 
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception { 
} 
} 

WebSecurityConfigurerAdapter:

@Configuration 
@EnableWebSecurity 
public class OAuth2SecurityConfiguration extends WebSecurityConfigurerAdapter { 

@Autowired 
private ClientDetailsService clientDetailsService; 

@Autowired 
private DataSource dataSource; 

@Autowired 
public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception { 
    auth.jdbcAuthentication().dataSource(dataSource) 
    .usersByUsernameQuery("select us_pseudo, us_passwd, us_enabled from t_user where us_pseudo=?") 
    .authoritiesByUsernameQuery("select us.us_pseudo, gr.name from t_user us, t_group gr, r_groupuser gu where us.us_id = gu.groupuser_user_id and gr.gp_id = gu.groupuser_group_id and us.us_pseudo = ?"); 
    //.groupAuthoritiesByUsername("TO DO FOR RIGHTS"); 
} 


@Override 
@Bean 
public AuthenticationManager authenticationManagerBean() throws Exception { 
    return super.authenticationManagerBean(); 
} 


@Bean 
public TokenStore tokenStore() { 
    return new InMemoryTokenStore(); 
} 

@Bean 
@Autowired 
public TokenStoreUserApprovalHandler userApprovalHandler(TokenStore tokenStore){ 
    TokenStoreUserApprovalHandler handler = new TokenStoreUserApprovalHandler(); 
    handler.setTokenStore(tokenStore); 
    handler.setRequestFactory(new DefaultOAuth2RequestFactory(clientDetailsService)); 
    handler.setClientDetailsService(clientDetailsService); 
    return handler; 
} 

@Bean 
@Autowired 
public ApprovalStore approvalStore(TokenStore tokenStore) throws Exception { 
    TokenApprovalStore store = new TokenApprovalStore(); 
    store.setTokenStore(tokenStore); 
    return store; 
} 

} 

ResourceServerConfigurerAdapter:

@Configuration 
@EnableResourceServer 
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter { 

private static final String RESOURCE_ID = "SPRING_REST_API"; 

@Override 
public void configure(ResourceServerSecurityConfigurer resources) { 
    resources.resourceId(RESOURCE_ID).stateless(false); 
} 

@Override 
public void configure(HttpSecurity http) throws Exception { 
    http 
     .authorizeRequests() 
      .antMatchers(HttpMethod.POST, "/connect").permitAll() 
      .anyRequest().permitAll() 
      .and() 
     .exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler()); 
} 

} 

回答