我在下面设置弹簧配置:
@EnableAuthorizationServer
@EnableWebSecurity
@Configuration
public class Oauth2Provider extends WebSecurityConfigurerAdapter implements
AuthorizationServerConfigurer {
/*
* @Autowired private TokenStore tokenStore;
*/
@Configuration
protected static class AuthenticationConfiguration extends
GlobalAuthenticationConfigurerAdapter {
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("password")
.roles("USER").and().withUser("admin").password("password")
.roles("USER", "ADMIN");
}
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security)
throws Exception {
// TODO Auto-generated method stub
security.allowFormAuthenticationForClients();
}
@Override
public void configure(ClientDetailsServiceConfigurer clients)
throws Exception {
// TODO Auto-generated method stub
clients.inMemory()
.withClient("my-trusted-client")
.authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")
.authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT", "ROLE_ANONYMOUS")
.scopes("read", "write", "trust")
.secret("secret")
.accessTokenValiditySeconds(60);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
// TODO Auto-generated method stub
}
}
Maven设置如下:
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.0.5.RELEASE</version>
</dependency>
我访问: http://localhost:8080/oauth/token 有效载荷 grant_type =密码&安培;密码=密码&安培;用户名=用户安培;范围=读&安培; CLIENT_ID =我信任的客户端和安培; client_secret =秘密
但我收到以下错误:
{
error: "unsupported_grant_type"
error_description: "Unsupported grant type: password"
}
答案 0 :(得分:24)
要使用密码授予,您需要为授权服务器提供身份验证管理器(在示例中使用TODO的空方法中),以便它可以对用户进行身份验证。如果它是Spring Boot应用程序,则始终有AuthenticationManager可用@Autowired。