3
我有一個oauth2的工作示例,併爲資源的客戶端和所有者進行內存認證和授權。我試圖將其轉換爲JDBC身份驗證和授權,但很成功。我不斷收到Bad Credentials錯誤。過濾器安全性經過對我來說是相當困惑的調試:-)Oauth2 Java配置JDBC
插入是我的java代碼,它現在使用inmemory認證用戶,但不是爲客戶端。該模式與this相同。
是否有使用JDBC身份驗證和授權的OAuth2.0與 Java的配置某處一個完整的工作的例子嗎?
-------------------代碼below--
public class WebSecurityConfig extends OAuth2ServerConfigurerAdapter {
private final static Logger logger = LogFactory.getLogger(WebSecurityConfig.class);
private JdbcClientDetailsService jdbcClientDetailsService;
private JdbcTokenStore jdbcTokenStore;
private JdbcUserDetailsManagerConfigurer jdbcUserDetailsManagerConfigurer;
// @formatter:off
@Override
protected void configure(HttpSecurity http) throws Exception {
OAuth2ServerConfigurer oAuth2ServerConfigurer = new OAuth2ServerConfigurer().tokenStore(jdbcTokenStore);
http
.requestMatchers()
.and()
.authorizeRequests()
.antMatchers("/").permitAll()
.anyRequest().authenticated()
.and()
.apply(oAuth2ServerConfigurer);
http.setSharedObject(ClientDetailsService.class, jdbcClientDetailsService);
}
// @formatter:on
// // @formatter:off
// @Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// int validityInSec = Integer.parseInt(validtityInSeconds);
auth
.userDetailsService(new InMemoryUserDetailsManager(getUserDetails()));
}
// @formatter:on
//
private final Collection<UserDetails> getUserDetails() {
List<UserDetails> userDetails = new ArrayList<UserDetails>();
userDetails.add(new User("auction", "password", AuthorityUtils.createAuthorityList(
"USER", "read", "write")));
return userDetails;
}
@Autowired
@Qualifier("oauth_details_ds")
public void setDataSource(DataSource dataSource){
jdbcClientDetailsService = new JdbcClientDetailsService(dataSource);
jdbcTokenStore = new JdbcTokenStore(dataSource);
// try {
// jdbcUserDetailsManagerConfigurer = new JdbcUserDetailsManagerConfigurer().dataSource(dataSource);
// } catch (Exception e) {
// logger.error("Bad code design: ",e);
// e.printStackTrace();
// }
}
}
爲什麼不在你的security.xml中配置JDBC?該文檔顯示瞭如何做到這一點...... – OhadR