java—通过web门户获取访问令牌作为响应(oauth2)

cwtwac6a 于 2021-07-03 发布在 Java

关注(0)|答案(1)|浏览(319)

我用microservices架构实现了一个简单的系统，在我的系统中，大约有5个microservice示例，它们作为资源服务器工作。资源服务器和授权服务器之间的通信是通过遵循oauth密码流的非对称方法完成的。
当用户通过web门户模块注册或登录系统调用服务时，我必须返回一个包含电子邮件和访问令牌的响应，该响应应保存在本地存储器中。
当我打电话的时候 http://localhost:9098/oauth/token 然后发生以下错误。

org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException: Unable to obtain a new access token for resource 'null'. The provider manager is not configured to support it.

应用程序.yml

security:
  oauth2:
    client:
      grant-type: password
      client-id: web
      client-secret: 14292
      access-token-uri: http://127.0.0.1:9098/oauth/token

配置类

@Configuration
public class WebPortalConfig {

    @Bean
    @ConfigurationProperties("security.oauth2.client")
    public ClientCredentialsResourceDetails oAuthDetails()
    {
        return new ClientCredentialsResourceDetails();
    }

    @Bean
    public RestTemplate restTemplate()
    {
        return new OAuth2RestTemplate(oAuthDetails());
    }
}

oauthdetails类

@Getter
@Setter
public class OAuthDetails {

    private String access_token;
    private String token_type;
    private String refresh_token;
    private int expires_in;

}

服务等级

private OAuthDetails getOAuthDetails()
    {
        String url="http://127.0.0.1:9098/oauth/token?grant_type=password&username=nafazbenzema@gmail.com&password=benz";

        return restTemplate.getForObject(url, OAuthDetails.class);
    }

p、 s码-
如何克服这个错误？
这个方法是正确的还是错误的，如果你有更好的方法请建议作为答案

Java spring-boot spring-security oauth-2.0 microservices

来源：https://stackoverflow.com/questions/65060425/get-access-token-as-a-response-through-web-portal-oauth2

1条答案

按热度按时间

rkkpypqq1#

我在以前的代码中发现了另一种方法和一些错误。
错误01
已为创建bean示例 ClientCredentialsResourceDetails 但我用的是 password flow .
我会把我的答案贴出来 access_token 响应使用 password flow 在 OAUTH2 .
应用程序.yml

security:
  oauth2:
    access-token-uri: http://localhost:9098/oauth/token
    client-id: web
    client-secret: 14292
    grant-type: password

属性类

@ConfigurationProperties(prefix = "security")
public class SecurityProperties {

    private OAuth2Properies oauth2;

    public OAuth2Properies getOauth2() {
        return oauth2;
    }

    public void setOauth2(OAuth2Properies oauth2) {
        this.oauth2 = oauth2;
    }

    public static class OAuth2Properies{

        private String accessTokenUri;
        private String clientId;
        private String clientSecret;
        private String grantType;

        public String getAccessTokenUri() {
            return accessTokenUri;
        }

        public void setAccessTokenUri(String accessTokenUri) {
            this.accessTokenUri = accessTokenUri;
        }

        public String getClientId() {
            return clientId;
        }

        public void setClientId(String clientId) {
            this.clientId = clientId;
        }

        public String getClientSecret() {
            return clientSecret;
        }

        public void setClientSecret(String clientSecret) {
            this.clientSecret = clientSecret;
        }

        public String getGrantType() {
            return grantType;
        }

        public void setGrantType(String grantType) {
            this.grantType = grantType;
        }
    }
}

customeauthenticationprovider类

@Component
@EnableConfigurationProperties(SecurityProperties.class)
public class Oauth2AuthenticationProvider {

    private SecurityProperties securityProperties;

    public Oauth2AuthenticationProvider(SecurityProperties securityProperties)
    {
        this.securityProperties=securityProperties;
    }

    public OAuth2AccessToken obtainToken(String username, String password) {

        SecurityProperties.OAuth2Properies oAuthDetails=securityProperties.getOauth2();

        ResourceOwnerPasswordResourceDetails resourceDetails = new ResourceOwnerPasswordResourceDetails();
        resourceDetails.setAccessTokenUri(oAuthDetails.getAccessTokenUri());
        resourceDetails.setClientId(oAuthDetails.getClientId());
        resourceDetails.setClientSecret(oAuthDetails.getClientSecret());
        resourceDetails.setGrantType(oAuthDetails.getGrantType());
        resourceDetails.setUsername(username);
        resourceDetails.setPassword(password);
        DefaultAccessTokenRequest defaultAccessTokenRequest = new DefaultAccessTokenRequest();

        OAuth2AccessToken token;

        try {
            token = new ResourceOwnerPasswordAccessTokenProvider().obtainAccessToken(resourceDetails, defaultAccessTokenRequest);
        } catch (OAuth2AccessDeniedException accessDeniedException) {
            throw new BadCredentialsException("Invalid credentials", accessDeniedException);
        }

        return token;

    }

}

服务等级

@Service
public class UserServiceImpl{

private String getAccessToken(String userName,String password)
{
authenticationProvider.obtainToken(username,password).toString();

}

}

赞(0）回复(0）举报 2021-07-03

我来回答

java—通过web门户获取访问令牌作为响应(oauth2)

1条答案

相关问题

热门标签

最新问答