在 Spring Boot 中使用 InMemoryUserDetails 获取错误凭据

【问题标题】:Getting Bad credentials with InMemoryUserDetails in spring boot在 Spring Boot 中使用 InMemoryUserDetails 获取错误凭据
【发布时间】:2020-04-10 01:44:34
【问题描述】:

我正在使用 spring boot oauth,在进行授权时,即使我使用了 inMemory,我也无法验证我的凭据。

我的授权服务器:

@Configuration
@EnableAuthorizationServer
@Import(ServerWebSecurityConfig.class)
public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private AuthenticationManager authenticationManager;

    static final String CLIEN_ID = "ipro-client";
    static final String CLIENT_SECRET = "ipro-secret";
    static final String GRANT_TYPE = "password";
    static final String AUTHORIZATION_CODE = "authorization_code";
    static final String REFRESH_TOKEN = "refresh_token";
    static final String IMPLICIT = "implicit";
    static final String SCOPE_READ = "read";
    static final String SCOPE_WRITE = "write";
    static final String TRUST = "trust";
    static final int ACCESS_TOKEN_VALIDITY_SECONDS = 1 * 60 * 60;
    static final int FREFRESH_TOKEN_VALIDITY_SECONDS = 6 * 60 * 60;
    static final String REDIRECT_URI = "http://localhost:8888/login";

    /*@Autowired
    @Qualifier("ibrdatasource")
    private DataSource dataSource;*/

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
    endpoints.tokenStore(tokenStore()).accessTokenConverter(accessTokenConverter())
        .authenticationManager(authenticationManager).userDetailsService(userDetailsService);
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
    oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("permitAll()");
    }

    @Bean
    public TokenStore tokenStore() {
    return new JwtTokenStore(accessTokenConverter());
    }

    /*
     * @Override public void configure(ClientDetailsServiceConfigurer clients)
     * throws Exception { JdbcClientDetailsService jdbcClientDetailsService = new
     * JdbcClientDetailsService(dataSource);
     * clients.withClientDetails(jdbcClientDetailsService); }
     */

    @Override
    public void configure(ClientDetailsServiceConfigurer configurer) throws Exception {

    configurer.inMemory().withClient(CLIEN_ID).secret(CLIENT_SECRET)
        .authorizedGrantTypes(GRANT_TYPE, AUTHORIZATION_CODE, REFRESH_TOKEN, IMPLICIT)
        .scopes(SCOPE_READ, SCOPE_WRITE, TRUST).redirectUris(REDIRECT_URI)
        .accessTokenValiditySeconds(ACCESS_TOKEN_VALIDITY_SECONDS)
        .refreshTokenValiditySeconds(FREFRESH_TOKEN_VALIDITY_SECONDS);
    }

    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
    JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
    converter.setSigningKey("123");
    return converter;
    }

    @Bean
    @Primary
    public DefaultTokenServices tokenServices() {
    DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
    defaultTokenServices.setTokenStore(tokenStore());
    defaultTokenServices.setSupportRefreshToken(true);
    return defaultTokenServices;
    }

    @Bean
    public PasswordEncoder userPasswordEncoder() {
    return new BCryptPasswordEncoder(4);
    }



}

我正在使用 inMemrory 数据添加用户详细信息:

 @Bean
    public UserDetailsService userDetailsService() {

    InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
    manager.createUser(User.withUsername("user").password("user").roles("USER").build());
    manager.createUser(User.withUsername("admin").password("password").roles("USER", "ADMIN").build());
    return manager;

    }

但我无法验证这些详细信息。 它显示了错误的凭据。请帮助我,任何帮助都会很棒。

【问题讨论】:

    标签: spring-boot oauth-2.0 microservices jwt-auth spring-security-rest


    【解决方案1】:

    这可能是因为您没有对密码进行编码。

    设置密码时使用BCryptPasswordEncoder。此外,您必须告诉 AuthenticationManagerBuilder 您正在内存中进行身份验证。

    创建一个从WebSecurityConfigurerAdapter 扩展的类,注入BCryptPasswordEncoder 类型的bean,并在定义内存中身份验证时使用它。

    SecurityConfiguration.java

    @Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private BCryptPasswordEncoder passwordEncoder;

    @Autowired
    public void globalUserDetails(final AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
            .withUser("user").password(this.passwordEncoder.encode("user")).roles("USER").and()
            .withUser("admin").password(this.passwordEncoder.encode("admin")).roles("USER", "ADMIN").and()
    }
}

    【讨论】:

    • 我使用了密码编码器,现在它工作正常谢谢@Matheus cirillo。
    【解决方案2】: 
     @Bean
    public PasswordEncoder userPasswordEncoder() {
    return new BCryptPasswordEncoder(4);
    }

    @Autowired
    PasswordEncoder passwordEncoder;

    @Bean
    public UserDetailsService userDetailsService() {
    InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
    manager.createUser(
        User.withUsername("user").password(this.passwordEncoder.encode("user")).roles("USER").build());
    manager.createUser(User.withUsername("admin").password(this.passwordEncoder.encode("password"))
        .roles("USER", "ADMIN").build());
    return manager;

    }`enter code here`

    【讨论】:

      猜你喜欢
      • 2019-12-08
      • 2014-12-25
      • 1970-01-01
      • 2018-04-07
      • 2020-10-27
      • 1970-01-01
      • 2018-07-16
      • 2021-01-17
      • 2020-01-31
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode