【发布时间】:2016-09-06 15:07:21
【问题描述】:
我在使用 Spring 实现 OAuth2 时遇到问题...
这是我与安全相关的配置:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
public final void configure(final HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests().antMatchers("/oauth/token").anonymous();
http.authorizeRequests()
.antMatchers("/**").fullyAuthenticated();
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Autowired
private IUserService customUserService;
@Bean
public UserDetailsService userDetailsService() {
return customUserService;
}
@Autowired
private IClientOAuth2DetailsService customClientDetailsService;
@Bean
public ClientDetailsService clientDetailsService() throws Exception {
return customClientDetailsService;
}
@Override
public final void configure(final AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
@Override
public final void configure(final ClientDetailsServiceConfigurer clients) throws Exception {
clients.withClientDetails(clientDetailsService());
}
}
}
如您所见,我自己实现了 ClientDetailsService:
private ClientDetailsService internalClientDetailsService;
public ClientOAuth2DetailsServiceImpl() throws Exception {
internalClientDetailsService = new InMemoryClientDetailsServiceBuilder().withClient("admin")
.secret("admin")
.authorizedGrantTypes("password")
.authorities("ROLE_CLIENT")
.and()
.build();
}
@Override
public final ClientDetails loadClientByClientId(final String client) throws ClientRegistrationException {
return internalClientDetailsService.loadClientByClientId(client);
}
我在 Chrome 中使用 Postman 扩展来测试 oauth/token 请求:
当我发送请求时,ClientDetailsService 似乎工作正常,但在返回 ClientDetails 后,我总是得到这个堆栈跟踪:
java.lang.*Error: null
at java.lang.ReflectiveOperationException.<init>(Unknown Source) ~[na:1.8.0_45]
at java.lang.reflect.InvocationTargetException.<init>(Unknown Source) ~[na:1.8.0_45]
at sun.reflect.GeneratedMethodAccessor34.invoke(Unknown Source) ~[na:na]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[na:1.8.0_45]
at java.lang.reflect.Method.invoke(Unknown Source) ~[na:1.8.0_45]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:302) ~[spring-aop-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:201) ~[spring-aop-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at com.sun.proxy.$Proxy67.authenticate(Unknown Source) ~[na:na]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:192) ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:436) ~[spring-security-config-3.2.8.RELEASE.jar:3.2.8.RELEASE]
at sun.reflect.GeneratedMethodAccessor34.invoke(Unknown Source) ~[na:na]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[na:1.8.0_45]
at java.lang.reflect.Method.invoke(Unknown Source) ~[na:1.8.0_45]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:302) ~[spring-aop-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:201) ~[spring-aop-4.2.2.RELEASE.jar:4.2.2.RELEASE]
at com.sun.proxy.$Proxy67.authenticate(Unknown Source) ~[na:na]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:192) ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE]
我不明白为什么......我错过了什么?
谢谢!
【问题讨论】:
标签: java spring spring-security oauth spring-security-oauth2