我想實現Spring Security的OAuth2授權服務器。當試圖訪問令牌端點(/ oauth/token)時,我得到了404。我認爲我缺少某些東西,但對於我而言,我看不到它。春季安全OAuth2授權服務器/ oauth /令牌 - 500沒有適配器的處理程序
我正在使用Java配置;
- 春季安全4.0.1
- 春季安全的OAuth2 2.0.7
我的配置如下:
ApplicationSecurityConfig.java
用於註冊的配置文件WAR
public class ApplicationSecurityConfig extends
AbstractSecurityWebApplicationInitializer {
public ApplicationSecurityConfig() {
super(SecurityConfig.class, AuthorizationServerConfig.class);
}
}
SpringSecurityConfig.java
配置的URL模式匹配所有端點httpbasic認證/
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user")
.password("password")
.roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/")
.authenticated()
.and()
.httpBasic();
}
}
OauthAuthorizationServerConfig.java
用於配置授權服務器
@Configuration
@EnableAuthorizationServer
public class OauthAuthorizationServerConfig extends
AuthorizationServerConfigurerAdapter{
@Autowired
private TokenStore tokenStore;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception{
clients
.inMemory()
.withClient("testClient")
.scopes("read", "write")
.authorities("ROLE_CLIENT")
.authorizedGrantTypes("password", "refresh_token")
.accessTokenValiditySeconds(60)
.refreshTokenValiditySeconds(3600);
}
@Bean
public TokenStore tokenStore(){
return new InMemoryTokenStore();
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception{
endpoints.tokenStore(tokenStore);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception{
oauthServer.allowFormAuthenticationForClients();
}
}
道歉,如果這是一個'學校男孩錯誤',但我花了一些時間廁所在Spring和Github上發佈的文檔和樣例中,我顯然是誤解了一些東西。
- 編輯 -
我已經取代 ApplicationSecurityConfig.java與SpringApplicationInit.java
public class SpringApplicationInit extends
AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return null;
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[]{
SpringSecurityConfig.class,
OauthAuthorizationServerConfig.class
};
}
@Override
protected String[] getServletMappings() {
return new String[]{"/"};
}
}
這yeilds不同的結果。我現在得到一個500服務器錯誤狀態代碼:
javax.servlet.ServletException: No adapter for handler [public org.springframework.http.ResponseEntity<org.springframework.security.oauth2.common.OAuth2AccessToken> org.springframework.security.oauth2.provider.endpoint.TokenEndpoint.getAccessToken(java.security.Principal,java.util.Map<java.lang.String, java.lang.String>) throws org.springframework.web.HttpRequestMethodNotSupportedException]: The DispatcherServlet configuration needs to include a HandlerAdapter that supports this handler
org.springframework.web.servlet.DispatcherServlet.getHandlerAdapter(DispatchrServlet.java:1163)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:939)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:966)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:857)
javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:842)
javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
我已經推了代碼到一個混帳回購協議,如果它可以更容易地遵循。
你檢查了/ oauth/token的PREFIX嗎?確保它是一個有效的URI。 – OhadR
是的。我有一些REST端點位於我可以訪問的/ rest下。 – dooffas
第一個電話 -/oauth/authorize - 有效嗎? – OhadR