我得到token 0时出错
Handling error: InsufficientAuthenticationException, There is no client authentication. Try adding an appropriate authentication filter.
字符串
我可以从http://localhost:8080/oauth/authorize?response_type=code&client_id=a&redirect_uri=http://localhost:8080/callback&scope=email profile openid&state=12获取代码,然后我去postman中获取令牌,它显示错误{“error”:“unauthorized”,“error_description”:“There is no client authentication. Try adding an appropriate authentication filter”}。
这里是配置
@Configuration
@EnableWebSecurity
@Order(-1)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/oauth/**","/login/**","/auth/get-token").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().permitAll()
.and()
// .addFilterBefore(customHeaderFilter, UsernamePasswordAuthenticationFilter.class)
.logout().permitAll()
.and()
.csrf().disable();
// .httpBasic();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password(passwordEncoder().encode("user")).roles("USER")
.and().withUser("admin").password(passwordEncoder().encode("admin")).roles("ADMIN");
}
}
@EnableAuthorizationServer
@Configuration
public class AuthServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient("a")
.secret(passwordEncoder.encode("qwe"))
.authorizedGrantTypes("authorization_code")
.scopes("email","profile","openid").autoApprove(true)
.redirectUris("http://localhost:8080/callback");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.tokenStore( new InMemoryTokenStore())
// .authenticationManager(authenticationManager)
// .userDetailsService()
.allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security
.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()")
.allowFormAuthenticationForClients();
}
}
的数据
1条答案
按热度按时间p5fdfcr11#
我也不知道是什么原因,升级spring-security-oauth2和更改配置就解决了
父相同
在pom之前
字符串
在POM之后
型
安全
之前
型
之后
型