OAuth2Client 每次都返回相同的令牌

【问题标题】:OAuth2Client return the same token every timeOAuth2Client 每次都返回相同的令牌
【发布时间】:2018-06-22 06:48:05
【问题描述】:

我有 AuthorizationServer。除了标准功能外,我还有可以创建用户的控制器。成功的用户创建该方法后,必须为该用户返回令牌。问题是该方法仅在第一次调用时返回有效令牌。在下一次调用时 - 后续用户将获得第一个用户的令牌。我试图为 restTemplate 设置范围(请求) - 但得到错误:“范围'请求'对于当前线程不活动”

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {  

    @Override
    public void configure(ClientDetailsServiceConfigurer configurer) throws Exception {
      ...
    }
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
     ...
    }

    protected ResourceOwnerPasswordResourceDetails getOwnerPasswordResource(){
        ResourceOwnerPasswordResourceDetails resource = new ResourceOwnerPasswordResourceDetails();
        List scopes = new ArrayList<String>(3);
        scopes.add(SCOPE_READ);
        scopes.add(SCOPE_WRITE);
        scopes.add(SCOPE_TRUST);
        resource.setAccessTokenUri(tokenUrl);
        resource.setClientId(CLIENT_ID);
        resource.setClientSecret(CLIENT_SECRET_UNCODED);
        resource.setGrantType(GRANT_TYPE_PASSWORD);
        resource.setScope(scopes);
        return resource;
    }
}

这里是 OAuth2Client:

@EnableOAuth2Client
@Configuration
public class ClientConfig {
    @Autowired
    AuthorizationServerConfig authorizationServerConfig;

    @Bean
    //@Scope("request")
    public OAuth2RestOperations restTemplate() {
        AccessTokenRequest atr = new DefaultAccessTokenRequest();

        return new OAuth2RestTemplate(authorizationServerConfig.getOwnerPasswordResource(), new DefaultOAuth2ClientContext(atr));
    }

}

还有我的控制器:

@RestController
public class UserRestController {
    @Autowired
    private OAuth2RestOperations restTemplate;

    @PostMapping("/user")
    public OAuth2AccessToken createUserCredential(@RequestBody UserCredential user) {
        user.validate();
        userCredentialService.checkAndSaveUser(user, getClientIp(request));

        restTemplate.getOAuth2ClientContext().getAccessTokenRequest().set("username", user.getLogin());
        restTemplate.getOAuth2ClientContext().getAccessTokenRequest().set("password", user.getPassword);
        return restTemplate.getAccessToken();
    }
}

可能存在更正确的方法来获取 AuthorizationServer 内部的令牌?

【问题讨论】:

    标签: java spring oauth-2.0 token spring-security-oauth2


    【解决方案1】:

    我以为有一些特殊的方法..但没有找到。并通过以下方式解决了问题

     @EnableOAuth2Client
@Configuration
public class OAuthClientConfig {

    @Autowired
    AuthorizationServerConfig authorizationServerConfig;

    public OAuth2RestOperations restTemplate() {
        AccessTokenRequest atr = new DefaultAccessTokenRequest();

        return new OAuth2RestTemplate(authorizationServerConfig.getOwnerPasswordResource(), new DefaultOAuth2ClientContext(atr));
    }
}

    还有我的控制器:

    @RestController
public class UserRestController {

    @Autowired
    private OAuthClientConfig oAuthClientConfig;

    @PostMapping("/user")
    public OAuth2AccessToken createUserCredential(@RequestBody UserCredential user) {
        user.validate();
        userCredentialService.checkAndSaveUser(user, getClientIp(request));

        OAuth2RestOperations restTemplate = oAuthClientConfig.restTemplate();
        restTemplate.getOAuth2ClientContext().getAccessTokenRequest().set("username", user.getLogin());
        restTemplate.getOAuth2ClientContext().getAccessTokenRequest().set("password", user.getPassword);
        return restTemplate.getAccessToken();
    }
}

    可能会对某人有所帮助

    【讨论】:

      【解决方案2】:

      我遇到了同样的问题,我找到了另一种方法来让它工作

      @Bean
@Primary
@Scope(value = WebApplicationContext.SCOPE_REQUEST, proxyMode = ScopedProxyMode.TARGET_CLASS)
public OAuth2RestTemplate oauth2RestTemplate(OAuth2ClientContext context,
            OAuth2ProtectedResourceDetails details) {

        AccessTokenRequest atr = new DefaultAccessTokenRequest();
        OAuth2RestTemplate template = new OAuth2RestTemplate(resource(), new DefaultOAuth2ClientContext(atr));
        AccessTokenProvider accessTokenProvider = new AccessTokenProviderChain(Arrays.<AccessTokenProvider>asList(
                new AuthorizationCodeAccessTokenProvider(), new ImplicitAccessTokenProvider(),
                new ResourceOwnerPasswordAccessTokenProvider(), new ClientCredentialsAccessTokenProvider()));
        template.setAccessTokenProvider(accessTokenProvider);
        return template;

    }

      然后我只是做了注射

      private final OAuth2RestTemplate oauth2RestTemplate;
    @GetMapping(path = "/token")
    public String token(Credentials  credentials) {
    oauth2RestTemplate.getOAuth2ClientContext()
             .getAccessTokenRequest().add("username", credentials.getEmail());
    oauth2RestTemplate.getOAuth2ClientContext()
             .getAccessTokenRequest().add("password", credentials.getPass());
    final OAuth2AccessToken accessToken = oauth2RestTemplate.getAccessToken();
    final String accessTokenAsString = accessToken.getValue();
    return accessTokenAsString ;
    }

      【讨论】:

        猜你喜欢
        • 2019-11-08
        • 1970-01-01
        • 2015-11-09
        • 2020-01-28
        • 1970-01-01
        • 2020-09-30
        • 2016-01-24
        • 2012-05-28
        • 2015-10-28
        相关资源
        最近更新 更多
        热门标签
        Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode