Spring/OAuth2 错误 - InsufficientAuthenticationException,没有客户端身份验证。尝试添加适当的身份验证过滤器
Posted
技术标签:
【中文标题】Spring/OAuth2 错误 - InsufficientAuthenticationException,没有客户端身份验证。尝试添加适当的身份验证过滤器【英文标题】:Spring/OAuth2 Error - InsufficientAuthenticationException, There is no client authentication. Try adding an appropriate authentication filter 【发布时间】:2017-10-31 12:51:46 【问题描述】:我被困了好几个小时,试图弄清楚这个 Spring Security OAuth2 实现到底出了什么问题。
当我去打/oauth/token端点时发生错误:
localhost:8080/my-oauth-practice-app/oauth/token
错误:InsufficientAuthenticationException, There is no client authentication. Try adding an appropriate authentication filter.
授权服务器配置
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter
@Autowired
@Qualifier("authenticationManagerBean")
AuthenticationManager authenticationManager;
@Autowired
DefaultTokenServices tokenServices;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception
super.configure(endpoints);
endpoints.tokenServices(this.tokenServices).authenticationManager(this.authenticationManager);
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception
super.configure(security);
security.tokenKeyAccess("permitAll()");
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception
clients.inMemory().withClient("clientid").secret("clientpass").authorizedGrantTypes("password").scopes("read").autoApprove(true);
资源服务器配置
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter
@Autowired
DefaultTokenServices tokenServices;
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception
super.configure(resources);
resources.tokenServices(this.tokenServices);
@Override
public void configure(HttpSecurity http) throws Exception
super.configure(http);
http.authorizeRequests().anyRequest().hasRole("USER");
一般网络安全配置
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter
@Primary
@Bean
DefaultTokenServices tokenServices()
DefaultTokenServices d = new DefaultTokenServices();
d.setAccessTokenValiditySeconds(600);
d.setRefreshTokenValiditySeconds(1000);
d.setTokenStore(new InMemoryTokenStore());
return d;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
@Override
protected void configure(HttpSecurity http) throws Exception
http.authorizeRequests().antMatchers("/**").hasRole("USER");
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception
return super.authenticationManagerBean();
【问题讨论】:
【参考方案1】:您应该像这样检查 WebSecurityConfigurerAdapter 方法:
@Override
public void configure(WebSecurity web) throws Exception
web.ignoring().antMatchers("/webjars/**", "/oauth/**");
删除“/oauth/**”路径。否则
TokenEndpoint.postAccessToken(Principal principal, @RequestParam Map<String, String> parameters)
principal 将为空。
【讨论】:
当 Principal 为 null 时,可能意味着在到达方法之前没有调用 spring 安全链。可以找到可能的修复***.com/questions/31504556/…以上是关于Spring/OAuth2 错误 - InsufficientAuthenticationException,没有客户端身份验证。尝试添加适当的身份验证过滤器的主要内容,如果未能解决你的问题,请参考以下文章
spring-security oauth2 REST 服务器在错误凭据(400)错误响应中不需要的 Stacktrace
Java spring OAuth2客户端(资源服务器)总是返回'invalid token'错误
Traincascade Error: Bad argument (Can not get new positive sample. Themost possible reason is insuff
Spring oauth2 ver 2.0.7,端点 /oauth/token 上出现 404 错误