org.springframework.security.oauth2.provider.endpoint.TokenEndpoint handleException

Posted 2023-02-27

技术标签:

【中文标题】org.springframework.security.oauth2.provider.endpoint.TokenEndpoint handleException【英文标题】： 【发布时间】：2015-05-29 19:35:12 【问题描述】：

我正在使用来自 http://www.e-zest.net/blog/rest-authentication-using-oauth-2-0-resource-owner-password-flow-protocol/#comment-5993 的“Spring OAuth2 REST”代码并开发以使用最新版本的 Spring-Security-OAuth2（即 v 2.0.7.RELEASE），但请注意原始代码仅适用对于最新的较低版本（即 1.0.5.RELEASE）而不是最新的。要使用最新版本的依赖项，我已在以下两个文件中进行了修改，上述站点/ URL 中的其余代码按原样使用。

我正在使用以下配置：

<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
    xmlns:sec="http://www.springframework.org/schema/security" xmlns:mvc="http://www.springframework.org/schema/mvc"
    xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd
        http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd ">


    <http pattern="/oauth/token" create-session="stateless"  authentication-manager-ref="authenticationManager"
        xmlns="http://www.springframework.org/schema/security" > 

        <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
        <anonymous enabled="false" />
        <http-basic entry-point-ref="clientAuthenticationEntryPoint" />
        <custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" /> 
        <access-denied-handler ref="oauthAccessDeniedHandler" />
    </http>

    <http pattern="/resources/**" create-session="never" entry-point-ref="oauthAuthenticationEntryPoint"
        xmlns="http://www.springframework.org/schema/security">
        <anonymous enabled="false" />
        <intercept-url pattern="/resources/**" method="GET" />
        <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
        <access-denied-handler ref="oauthAccessDeniedHandler" />
    </http>

    <http pattern="/logout" create-session="never" 
        entry-point-ref="oauthAuthenticationEntryPoint"
        xmlns="http://www.springframework.org/schema/security">
        <anonymous enabled="false" />
        <intercept-url pattern="/logout" method="GET" />
        <sec:logout invalidate-session="true" logout-url="/logout" success-handler-ref="logoutSuccessHandler"   />
        <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
        <access-denied-handler ref="oauthAccessDeniedHandler" />
    </http>

    <bean id="logoutSuccessHandler" class="demo.oauth2.authentication.security.LogoutImpl" >
        <property name="tokenstore" ref="tokenStore"></property>
    </bean>

    <bean id="oauthAuthenticationEntryPoint"
        class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
    </bean>

    <bean id="clientAuthenticationEntryPoint"
        class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
        <property name="realmName" value="springsec/client" />
        <property name="typeName" value="Basic" />
    </bean>

    <bean id="oauthAccessDeniedHandler"
        class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler">
    </bean>

    <bean id="clientCredentialsTokenEndpointFilter"
        class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
        <property name="authenticationManager" ref="authenticationManager" />
    </bean>

    <authentication-manager alias="authenticationManager"
        xmlns="http://www.springframework.org/schema/security">
        <authentication-provider user-service-ref="clientDetailsUserService" />
    </authentication-manager>

    <bean id="clientDetailsUserService"
        class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
        <constructor-arg ref="clientDetails" />
    </bean>

    <bean id="clientDetails" class="demo.oauth2.authentication.security.ClientDetailsServiceImpl"/>

    <authentication-manager id="userAuthenticationManager" 
        xmlns="http://www.springframework.org/schema/security">
        <authentication-provider  ref="customUserAuthenticationProvider">
        </authentication-provider>
    </authentication-manager>

    <bean id="customUserAuthenticationProvider"
        class="demo.oauth2.authentication.security.CustomUserAuthenticationProvider">
    </bean>

    <oauth:authorization-server
        client-details-service-ref="clientDetails" token-services-ref="tokenServices">
        <oauth:authorization-code />
        <oauth:implicit/>
        <oauth:refresh-token/>
        <oauth:client-credentials />
        <oauth:password authentication-manager-ref="userAuthenticationManager"/>
    </oauth:authorization-server>

    <oauth:resource-server id="resourceServerFilter"
        resource-id="springsec" token-services-ref="tokenServices" />       
    <bean id="tokenStore"              class="org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore" />


    <bean id="tokenServices" 
        class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
        <property name="tokenStore" ref="tokenStore" />
        <property name="supportRefreshToken" value="true" />
        <property name="accessTokenValiditySeconds" value="300000"></property>
        <property name="clientDetailsService" ref="clientDetails" />
    </bean>


    <mvc:annotation-driven />   
    <mvc:default-servlet-handler />

    <bean id="MyResource" class="demo.oauth2.authentication.resources.MyResource"></bean>

</beans>

和

package demo.oauth2.authentication.security;
import java.util.ArrayList;
import java.util.List;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.NoSuchClientException;
import org.springframework.security.oauth2.provider.client.BaseClientDetails;
import org.springframework.stereotype.Service;

@Service
public class ClientDetailsServiceImpl implements ClientDetailsService 

    private static final String CLIENT_CREDENTIALS = "client_credentials";
private static final String REFRESH_TOKEN = "refresh_token";
private static final String PASSWORD = "password";

@Override
public ClientDetails loadClientByClientId(String clientId) throws OAuth2Exception 
    List<String> authorizedGrantTypes = new ArrayList<>();
    authorizedGrantTypes.add(PASSWORD);
    authorizedGrantTypes.add(REFRESH_TOKEN);
    authorizedGrantTypes.add(CLIENT_CREDENTIALS);

    if (clientId.equals("client1")) 
        BaseClientDetails clientDetails = new BaseClientDetails();
        clientDetails.setClientId("client1");
        clientDetails.setClientSecret("client1");
        clientDetails.setAuthorizedGrantTypes(authorizedGrantTypes);
        return clientDetails;
     
    else if(clientId.equals("client2"))
        BaseClientDetails clientDetails = new BaseClientDetails();
        clientDetails.setClientId("client2");
        clientDetails.setClientSecret("client2");
        clientDetails.setAuthorizedGrantTypes(authorizedGrantTypes);
        return clientDetails;
    
    else
        throw new NoSuchClientException("No client with requested id: " + clientId);

代码在上面的类中给出错误。另外，当我尝试从 POSTMAN Rest Client 执行以下命令时 http://localhost:8080/demo.rest.springsecurity.oauth2.0.authentication/oauth/token?username=user1&password=user1&client_id=client1&client_secret=client1&grant_type=password

它给了我以下错误。控制台的主要错误：

Mar 26, 2015 4:57:40 PM 
INFO: Handling error: InvalidScopeException, Empty scope (either the client or the user is not allowed the requested scopes)

这是来自 Postman Rest Client 的消息：


    "error": "invalid_scope",
    "error_description": "Empty scope (either the client or the user is not allowed the requested scopes)"

【问题讨论】：

【参考方案1】：

我得到了这个问题的解决方案。您需要指定范围的值，例如读、写、信任。例如： http://localhost:8080/demo.rest.springsecurity.oauth2.0.authentication/oauth/token?username=user1&password=user1&client_id=client1&client_secret=client1&grant_type=password&scope=read,write,trust

通过提供访问令牌，我也可以访问受保护的资源 http://localhost:8080/demo.rest.springsecurity.oauth2.0.authentication/resources/MyResource/getMyInfo?access_token=27e28c65-5b18-4a0f-b55b-cfs2c5f6997b

这真的很好用！！

【讨论】：

感谢这篇文章....这帮助我在寻找了很长时间的解决方案后解决了我的问题。非常感谢.... 欢迎您。请喜欢帖子并接受答案！

以上是关于org.springframework.security.oauth2.provider.endpoint.TokenEndpoint handleException的主要内容，如果未能解决你的问题，请参考以下文章