问题: Spring Security – There is no PasswordEncoder mapped for the id “null”
解决方法一: 问题解决:blog.csdn.net/Hello_World…
解决方法二: 因为5.x版本新增了多种密码加密方式,必须指定一种,比如这样解决
@Bean
public static NoOpPasswordEncoder passwordEncoder() {
return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();
}
问题2:调用接口/com-oauth/oauth/check_token失败
返回错误码:
{
"timestamp": "2019-07-10T02:57:43.818+0000",
"status": 403,
"error": "Forbidden",
"message": "Forbidden",
"path": "/com-oauth/oauth/check_token"
}
解决方法一: 设置 security.tokenKeyAccess("permitAll()").checkTokenAccess("permitAll()");
@Configuration
@EnableAuthorizationServer
public class OAuth2AuthorizationServer extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
super.configure(security);
security.tokenKeyAccess("permitAll()").checkTokenAccess("permitAll()");
}
}
问题3: 在使用密码模式时,抛出异常:o.s.s.o.provider.endpoint.TokenEndpoint : Handling error: UnsupportedGrantTypeException, Unsupported grant type: password
解决方法:配置AuthenticationManager
@Configuration
@EnableAuthorizationServer
public class OAuth2AuthorizationServer extends AuthorizationServerConfigurerAdapter {
// 用户认证
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
super.configure(endpoints);
// 密码模式必须有这个参数
endpoints.authenticationManager(authenticationManager);
}
}
问题4:Field authenticationManager in cn.springcloud.book.OAuthConfiguration required a bean of type 'org.springframework.security.authentication.AuthenticationManager' that could not be found
解决方法: 集成WebSecurityConfigurerAdapter 类,并重写方法authenticationManager(),使用 @Bean注解标记
@ComponentScan
@Configuration
public class MyWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
}
问题5: 在passwod模式下,执行刷新token时,抛出异常Handling error: IllegalStateException, UserDetailsService is required.
执行以下命令,抛出异常Handling error: IllegalStateException, UserDetailsService is required
curl -i -X POST -u 'clientapp2:112233' http://10.216.33.211:10808/com-oauth/oauth/token -H "accept: application/json" -d 'grant_type=refresh_token&refresh_token=b610dfa9-2ee4-4214-bc57-f6b2937d4b27'
解决方法: 在AuthorizationServerConfigurerAdapter 中配置UserDetailsService对象
@Configuration
@EnableAuthorizationServer
public class OAuth2AuthorizationServer extends AuthorizationServerConfigurerAdapter {
@Autowired
private MyUserDetailsService myUserDetailsService;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
// 执行token刷新需要带上此参数
endpoints.userDetailsService(myUserDetailsService);
}
}
问题6:不支持form表单提交
执行命令:
curl -X POST "http://10.216.33.211:10808/com-oauth/oauth/token" -d "grant_type=client_credentials&scope=read_contacts&client_id=clientapp&client_secret=112233"
返回错误:
{"timestamp":"2019-07-11T02:27:29.962+0000","status":401,"error":"Unauthorized","message":"Unauthorized","path":"/com-oauth/oauth/token"}
解决方法: 支持Form表达提交: security.allowFormAuthenticationForClients();
@Configuration
@EnableAuthorizationServer
public class OAuth2AuthorizationServer extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
super.configure(security);
security.tokenKeyAccess("permitAll()").checkTokenAccess("permitAll()");
//允许表单认证
security.allowFormAuthenticationForClients();
}
}
执行命令:
curl -X POST "http://10.216.33.211:10808/com-oauth/oauth/token" -d "grant_type=client_credentials&scope=read_contacts&client_id=clientapp&client_secret=112233"
返回正常结果:
{"access_token":"35ae4576-f7b3-480e-aeff-eee7ea2ce803","token_type":"bearer","refresh_token":"0493963a-22f5-4cff-8b50-3cc5da3577a6","expires_in":197,"scope":"read_contacts"}
