3
我有一個Spring Boot應用程序,它能夠登錄並註冊新用戶。我的用戶保存在一個數據庫中(到目前爲止,我使用內存中的H2數據庫進行測試)。Spring Boot登錄登錄返回401與匹配憑據
該服務使用OAuth2進行安全保護(它是我正在開發的其他服務的auth服務器)。
一切工作正常,我能夠檢查用戶的憑據,但我想重新定向登錄後成功的用戶。如果我使用response_type=token參數訪問登錄頁面,它將起作用。
http://localhost:9000/auth/oauth/authorize?response_type=token&client_id=client&redirect_uri=http://localhost:9000/auth/user
但是,當我直接訪問登陸頁面和登錄,它重定向我我選擇我的默認的成功頁面,但沒有令牌或任何其他的網頁,將表明該用戶登錄和我401.直行到/login,並使用正確的憑據結果在此:
<oauth>
<error_description>
Full authentication is required to access this resource
</error_description>
<error>unauthorized</error>
</oauth>
可能有人指出,給我什麼,我需要調整,使登錄工作?
WebSecurityConfig:
@Configuration
@Order(-20)
@EnableResourceServer
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("userDetailsService")
private UserDetailsService userDetailsService;
@Autowired
private AuthenticationManager authenticationManager;
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/register", "/confirm").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/")
.permitAll()
.and()
.requestMatchers()
.antMatchers("/login", "/oauth/authorize", "/oauth/confirm_access", "/register", "/confirm")
.and()
.logout()
.permitAll();
// @formatter:on
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.parentAuthenticationManager(authenticationManager);
auth.userDetailsService(userDetailsService);
}
}
OAuth2Config:
@Configuration
@EnableAuthorizationServer
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
@Qualifier("userDetailsService")
private UserDetailsService userDetailsService;
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private TokenStore tokenStore;
@Autowired
private DataSource dataSource;
// password encryptor
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer configurer) throws Exception {
configurer.authenticationManager(authenticationManager);
configurer.userDetailsService(userDetailsService);
configurer.tokenStore(tokenStore);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.jdbc(dataSource);
}
}
的LoginController:
@Controller
public class LoginController {
@GetMapping("/login")
public String login() {
return "login";
}
}
登錄頁面:
<body>
<div class="container">
<form class="form-signin" th:action="@{/login}" method="post">
<h2 class="form-signin-heading">Sign in</h2>
<div th:if="${param.error}">Invalid username and password.</div>
<div th:if="${param.logout}">You have been logged out.</div>
<label for="inputEmail" class="sr-only">Email</label>
<input type="text" id="username"
class="form-control" placeholder="Email" name="username" th:required="required" th:autofocus="autofocus" />
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" id="inputPassword"
class="form-control" placeholder="Password" name="password" th:required="required" />
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
</form>
</div>
<!-- /container -->
<!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</body>
謝謝你的幫助。如果這還不夠,我很樂意提供更多細節。
編輯:我想要的基本上是身份驗證服務器和其他微服務之間的無情驗證,但在Auth服務器本身基於會話的登錄。
這是一種可能性。但是,是否也可以舉辦某種會議?因此,該令牌將用於外部客戶端,會話將在表單登錄後在auth服務器上進行?所有其他的例子開箱即用,所以我不知道我在做什麼錯我的... – Smajl
看看是否有幫助: https://stackoverflow.com/questions/35785628/spring-security-oauth- 2-0-client-secret-always-required-for-authorization-code –
我不認爲這篇文章與我的問題有聯繫 – Smajl