1. 首頁
  2. 問答
  3. 春天的oauth2 InsufficientAuthenticationException

春天的oauth2 InsufficientAuthenticationException

2014-12-05 167 views
2

具有以下的web.xml基於類的配置:春天的oauth2 InsufficientAuthenticationException

public class WebApp extends AbstractDispatcherServletInitializer { 

    @Override 
    protected WebApplicationContext createServletApplicationContext() { 
     AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext(); 
     context.scan(ClassUtils.getPackageName(getClass())); 
     return context; 
    } 

    @Override 
    protected String[] getServletMappings() { 
     return new String[]{"/api/*"}; 
    } 

    @Override 
    protected WebApplicationContext createRootApplicationContext() { 
     return null; 
    } 

    @Override 
    public void onStartup(ServletContext servletContext) throws ServletException { 
     super.onStartup(servletContext); 
     DelegatingFilterProxy filter = new DelegatingFilterProxy("springSecurityFilterChain"); 
     filter.setServletContext(servletContext); 
     filter.setContextAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher"); 
     servletContext.addFilter("springSecurityFilterChain", filter).addMappingForUrlPatterns(null, false, "/api/*"); 
    } 

}

當試圖訪問的OAuth端點我得到以下結果之一:

curl -u core:secret "http://localhost:8081/api/oauth/token?client_id=core&grant_type=password&username=user&password=123&response_type=token&scope=admin" 

{"error":"unauthorized","error_description":"There is no client authentication. Try adding an appropriate authentication filter."}%

奇怪這是當我將servlet的映射從/ api/*更改爲/時,它按預期工作。所以有些事情一定是錯的,但我無能爲力?

來源

2014-12-05 Jonas Geiregat

回答

4

您可以在FrameworkHandlerMapping中設置一個前綴,例如,通過AuthorizationServerEndpointsConfigurer

@Configuration 
@EnableAuthorizationServer 
public class OAuth2Config extends AuthorizationServerConfigurerAdapter { 
    @Override 
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { 
     String prefix = "/api"; 
     endpoints.prefix(prefix); 
    } 
}

來源

2014-12-05 10:15:56

0

一個解決這個問題的可能會檢查你的認證服務器的模式設置在security.xml

<http pattern="/oauth/token" 
     create-session="stateless" 
     authentication-manager-ref="clientAuthenticationManager" 
     use-expressions="true" 
     xmlns="http://www.springframework.org/schema/security">

如果是正常的,當你讓你的servlet的答案要求的/api/*,我想你需要檢查你的模式,並從你的鏈接中刪除api身份驗證服務器模式:將pattern="/api/oauth/token"更改爲pattern="/oauth/token"

來源

2017-05-02 19:44:36

相關問題

 相關問題