的Oauth問題 「未經授權」 春4

Question

我在使用OAuth彈簧應用的實現，但可以得到令牌：

OAuth2ServerConfigAuthorizationServerConfiguration.java

@Configuration 
public class OAuth2ServerConfigAuthorizationServerConfiguration { 

    private static final String RESOURCE_ID = "restservice"; 

    @Configuration 
    @EnableResourceServer 
    protected static class ResourceServerConfiguration extends 
      ResourceServerConfigurerAdapter { 

     @Override 
     public void configure(ResourceServerSecurityConfigurer resources) { 
      // @formatter:off 
      resources 
       .resourceId(RESOURCE_ID); 
      // @formatter:on 
     } 

     @Override 
     public void configure(HttpSecurity http) throws Exception { 
      // @formatter:off 
      http 
       .authorizeRequests() 
        .antMatchers("/entuzona/**").authenticated(); 
      // @formatter:on 
     } 
} 

    @Configuration 
    @EnableAuthorizationServer 
    protected static class AuthorizationServerConfiguration extends 
      AuthorizationServerConfigurerAdapter { 

     private TokenStore tokenStore = new InMemoryTokenStore(); 

     @Autowired 
     @Qualifier("authenticationManagerBean") 
     private AuthenticationManager authenticationManager; 

     @Override 
     public void configure(AuthorizationServerEndpointsConfigurer endpoints) 
       throws Exception { 
      // @formatter:off 
      endpoints 
       .tokenStore(this.tokenStore) 
       .authenticationManager(this.authenticationManager); 
      // @formatter:on 
     } 

     @Override 
     public void configure(ClientDetailsServiceConfigurer clients) throws Exception { 
      // @formatter:off 
      clients 
       .inMemory() 
        .withClient("clientapp") 
         .authorizedGrantTypes("password","refresh_token") 
         .authorities("USER") 
         .scopes("read", "write") 
         .resourceIds(RESOURCE_ID) 
         .secret("123456"); 
      // @formatter:on 
     } 

     @Bean 
     @Primary 
     public DefaultTokenServices tokenServices() { 
      DefaultTokenServices tokenServices = new DefaultTokenServices(); 
      tokenServices.setSupportRefreshToken(true); 
      tokenServices.setTokenStore(this.tokenStore); 
      return tokenServices; 
     } 

    } 
} 

OAuth2ClientConfig.java

@Configuration 
@ComponentScan("com.sprhib") 
@EnableWebSecurity 
@EnableWebMvcSecurity 
public class OAuth2ClientConfig extends WebSecurityConfigurerAdapter { 

    @Override 
    protected void configure(AuthenticationManagerBuilder auth) throws Exception { 
    auth.inMemoryAuthentication().withUser("teste").password("teste").authorities("USER"); 
    } 

    @Override 
    @Bean 
    public AuthenticationManager authenticationManagerBean() throws Exception { 
     return super.authenticationManagerBean(); 
    } 
} 

我正在發帖並得到郵遞員：

POS牛逼的要求：

http://localhost:8080/entuzona/oauth/token 
grant_type: password 
username: teste 
password: teste 

並配有GET：

http://localhost:8080/entuzona/oauth/token?grant_type=password&cliend_id=clientapp&client_secret=123456&username=teste&password=teste 

{ 
    "error": "unauthorized", 
    "error_description": "Full authentication is required to access this resource" 
} 

你知道我爲什麼在這兩種情況下收到此錯誤？ 首先我在標題中放置了一些東西來獲取令牌？

版本。

<dependency> 
     <groupId>org.springframework.security.oauth</groupId> 
     <artifactId>spring-security-oauth2</artifactId> 
     <version>2.0.0.RELEASE</version> 
    </dependency> 

<properties> 
    <hibernate.version>4.2.0.Final</hibernate.version> 
    <mysql.connector.version>5.1.21</mysql.connector.version> 
    <spring.version>4.0.9.RELEASE</spring.version> 
    <spring.security.version>3.2.5.RELEASE</spring.security.version> 
</properties> 

謝謝。

Answer 1

它缺少這樣的代碼：

@Override 公共無效配置（AuthorizationServerSecurityConfigurer oauthServer）拋出異常{ oauthServer.allowFormAuthenticationForClients（）; }