Добрый день.
Настроил сервис Spring Boot для работы с сервером авторизации OAuth2
настройки проекта
SecurityConfig@Configuration
class SecurityConfig : WebSecurityConfigurerAdapter() {
@Autowired
internal var dataSource: DataSource? = null
@Bean
override fun authenticationManager(): AuthenticationManager {
return super.authenticationManager()
}
@Throws(Exception::class)
override fun configure(auth: AuthenticationManagerBuilder) {
auth.jdbcAuthentication()
.dataSource(dataSource)
.passwordEncoder(passwordEncoder())
}
@Bean
fun passwordEncoder(): PasswordEncoder {
return BCryptPasswordEncoder()
}
}
ResourceServerConfig@Configuration
@EnableResourceServer
class ResourceServerConfig : ResourceServerConfigurerAdapter() {
@Autowired
internal var tokenServices: DefaultTokenServices? = null
override fun configure(resources: ResourceServerSecurityConfigurer) {
resources.tokenServices(tokenServices)
}
@Throws(Exception::class)
override fun configure(http: HttpSecurity) {
http
.authorizeRequests()
.antMatchers("/", "/help/**").permitAll()
.anyRequest().authenticated()
}
}
DataSourceConfig@Configuration
class DataSourceConfig {
@Value("\${spring.datasource.url}")
private val datasourceUrl: String? = null
@Value("\${spring.datasource.username}")
private val dbUsername: String? = null
@Value("\${spring.datasource.password}")
private val dbPassword: String? = null
@Bean
fun dataSource(): DataSource {
val dataSource = DriverManagerDataSource()
dataSource.url = datasourceUrl
dataSource.username = dbUsername
dataSource.password = dbPassword
return dataSource
}
@Bean
fun approvalStore(): ApprovalStore {
return JdbcApprovalStore(dataSource())
}
@Bean
fun tokenStore(): TokenStore {
return JdbcTokenStore(dataSource())
}
@Bean
@Primary
fun tokenServices(): DefaultTokenServices {
val defaultTokenServices = DefaultTokenServices()
defaultTokenServices.setTokenStore(tokenStore())
return defaultTokenServices
}
}
AuthorizationServerConfig@Configuration
@EnableAuthorizationServer
class AuthorizationServerConfig : AuthorizationServerConfigurerAdapter() {
@Autowired
private val authenticationManager: AuthenticationManager? = null
@Autowired
internal var tokenStore: TokenStore? = null
@Autowired
internal var approvalStore: ApprovalStore? = null
@Autowired
internal var dataSource: DataSource? = null
@Autowired
internal var passwordEncoder: PasswordEncoder? = null
@Throws(Exception::class)
override fun configure(clients: ClientDetailsServiceConfigurer) {
clients.jdbc(dataSource).passwordEncoder(passwordEncoder);
}
@Throws(Exception::class)
override fun configure(security: AuthorizationServerSecurityConfigurer) {
security.passwordEncoder(passwordEncoder)
}
@Throws(Exception::class)
override fun configure(endpoints: AuthorizationServerEndpointsConfigurer) {
endpoints.tokenStore(tokenStore)
endpoints.authenticationManager(authenticationManager)
endpoints.approvalStore(approvalStore)
}
}
Добавил в базу таблицы oauth_access_token, oauth_client_details, oauth_client_token, oauth_code, oauth_refresh_token
Добавил данные
INSERT INTO users (password, username, enabled) VALUES ('$2a$10$LOqePml/koRGsk2YAIOFI.1YNKZg7EsQ5BAIuYP1nWOyYRl21dlne', 'admin', TRUE);
INSERT INTO users (password, username, enabled) VALUES ('$2a$10$LOqePml/koRGsk2YAIOFI.1YNKZg7EsQ5BAIuYP1nWOyYRl21dlne', 'user', TRUE);
INSERT INTO authorities (id, username, authority) VALUES (1, 'admin', 'ROLE_USER');
INSERT INTO authorities (id, username, authority) VALUES (2, 'admin', 'ROLE_ADMIN');
INSERT INTO authorities (id, username, authority) VALUES (3, 'user', 'ROLE_USER');
INSERT INTO oauth_client_details (client_id, client_secret, resource_ids, scope, authorized_grant_types, authorities,
access_token_validity, refresh_token_validity, additional_information, autoapprove, web_server_redirect_uri) VALUES
('admin_client', '$2a$10$LOqePml/koRGsk2YAIOFI.1YNKZg7EsQ5BAIuYP1nWOyYRl21dlne', 'petstore',
'read,write', 'authorization_code,check_token,refresh_token,password', 'ROLE_ADMIN', 5000, 500000, '{}', TRUE, '');
INSERT INTO oauth_client_details (client_id, client_secret, resource_ids, scope, authorized_grant_types, authorities,
access_token_validity, refresh_token_validity, additional_information, autoapprove, web_server_redirect_uri) VALUES
('user_client', '$2a$10$LOqePml/koRGsk2YAIOFI.1YNKZg7EsQ5BAIuYP1nWOyYRl21dlne', 'petstore',
'read', 'password', 'ROLE_USER', 6000, 600000, '{}', TRUE, '');
Получаю токен для пользователя
user . пытаюсь вызвать метод выдает ошибку
b'{"error":"access_denied","error_description":"Invalid token does not contain resource id (oauth2-resource)"}'