OAuth2-Autoconfigure:缺少客户端认证。尝试添加适当的认证过滤器。

huangapple
未分类评论49阅读模式
英文:

OAuth2-Autoconfigure: There is no client authentication. Try adding an appropriate authentication filter

问题

我知道在stackoverflow上有类似的问题但它们都没有帮助我我按照建议为`/oauth/**`添加了`web.ignoring`,但仍然不起作用

当我尝试访问:`/oauth/token?grant_type=password&password=123456&username=admin`(当然我会添加适当的客户端ID和秘密密钥进行基本身份验证),我收到以下错误消息

```json
{
    "error": "unauthorized",
    "error_description": "There is no client authentication. Try adding an appropriate authentication filter."
}

现在可能出了什么问题?

我对Spring Boot的OAuth的易于出错感到有些失望。就像彩票一样,你关闭电脑,第二天就会出现某种不知从何而来的错误(没有代码更改)。有更好的方法来做这个吗?

我在TokenEndPoint.postAccessToken中设置了断点,Principal似乎为null。

由于可能会出现任何问题,我将项目上传到了GitHub上:https://github.com/Warrolen/stackoverflow-question/tree/master/forum

OAuth2-Autoconfigure:缺少客户端认证。尝试添加适当的认证过滤器。

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(jsr250Enabled = true)
@Order(Ordered.HIGHEST_PRECEDENCE)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    @Qualifier("userDetailsService")
    private UserDetailsServiceImpl userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .userDetailsService(userDetailsService)
                .passwordEncoder(bCryptPasswordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .authorizeRequests()
                .antMatchers("/api/topics/**").permitAll()
                .antMatchers("/api/users/**").permitAll()
                .anyRequest().authenticated()
                .and()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web
                .ignoring()
                .antMatchers("/webjars/**", "/oauth/**");
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }

}

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private BCryptPasswordEncoder bCryptPasswordEncoder;

    @Autowired
    private TokenStore tokenStore;

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private UserDetailsServiceImpl userDetailsService;

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients
                .inMemory()
                .withClient("trusted")
                .secret(bCryptPasswordEncoder.encode("secret"))
                .authorizedGrantTypes("password", "authorization_code", "refresh_token")
                .autoApprove(true)
                .scopes("read", "write")
                .accessTokenValiditySeconds(15 * 60)
                .refreshTokenValiditySeconds(30 * 60);
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints
                .tokenStore(tokenStore)
                .authenticationManager(authenticationManager)
                .userDetailsService(userDetailsService);
    }

    @Bean
    public TokenStore tokenStore() {
        return new InMemoryTokenStore();
    }

}

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

}
英文:

I know there are similar questions on stackoverflow but none of them helped me. I added web.ignoring for /oauth/** as suggested but it still doesn't work.

When I try to access: /oauth/token?grant_type=password&password=123456&username=admin (of course I add Basic auth with the appropriate client id and secret key), I'm receiving the following error message:

{
    "error": "unauthorized",
    "error_description": "There is no client authentication. Try adding an appropriate authentication filter."
}

What could possibly be broken now?

I'm kinda disappointed in how easily spring boot's oauth breaks. It's like lottery, you turn off your PC and on the next day something breaks from nowhere (without code changes). Are there better ways to do that?

I put a breakpoint at TokenEndPoint.postAccessToken and Principal seems to be null.

Since it can be anything being broken, I uploaded the project on GitHub: https://github.com/Warrolen/stackoverflow-question/tree/master/forum

OAuth2-Autoconfigure:缺少客户端认证。尝试添加适当的认证过滤器。

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(jsr250Enabled = true)
@Order(Ordered.HIGHEST_PRECEDENCE)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    @Qualifier("userDetailsService")
    private UserDetailsServiceImpl userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .userDetailsService(userDetailsService)
                .passwordEncoder(bCryptPasswordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .authorizeRequests()
                .antMatchers("/api/topics/**").permitAll()
                .antMatchers("/api/users/**").permitAll()
                .anyRequest().authenticated()
                .and()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web
                .ignoring()
                .antMatchers("/webjars/**", "/oauth/**");
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }

}

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private BCryptPasswordEncoder bCryptPasswordEncoder;

    @Autowired
    private TokenStore tokenStore;

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private UserDetailsServiceImpl userDetailsService;

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients
                .inMemory()
                .withClient("trusted")
                .secret(bCryptPasswordEncoder.encode("secret"))
                .authorizedGrantTypes("password", "authorization_code", "refresh_token")
                .autoApprove(true)
                .scopes("read", "write")
                .accessTokenValiditySeconds(15 * 60)
                .refreshTokenValiditySeconds(30 * 60);
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints
                .tokenStore(tokenStore)
                .authenticationManager(authenticationManager)
                .userDetailsService(userDetailsService);
    }

    @Bean
    public TokenStore tokenStore() {
        return new InMemoryTokenStore();
    }

}

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

}

huangapple
  • 本文由 发表于 2020年4月7日 19:32:34
  • 转载请务必保留本文链接:https://java.coder-hub.com/61079081.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定