我正在使用令牌身份验证开发Spring Boot Rest API。但是我不知道如何使用curl获取访问令牌。我为此应用程序开发了一个客户端但我无法使用Spring客户端获取访问令牌。
这是AuthorizationServerConfig.java文件:
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private TokenStore tokenStore;
@Autowired
private JwtAccessTokenConverter accessTokenConverter;
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Autowired
private PasswordEncoder passwordEncoder;
@Override
public void configure(ClientDetailsServiceConfigurer configurer) throws Exception{
configurer
.inMemory()
.withClient(clientId)
.secret(passwordEncoder.encode(clientSecret))
.authorizedGrantTypes(grantType)
.scopes(scopeRead,scopeWrite)
.accessTokenValiditySeconds(1*60*60)
.refreshTokenValiditySeconds(6*60*60)
.resourceIds(resourceIds);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception{
TokenEnhancerChain enhancerChain=new TokenEnhancerChain();
enhancerChain.setTokenEnhancers(Arrays.asList(accessTokenConverter));
endpoints.tokenStore(tokenStore)
.accessTokenConverter(accessTokenConverter)
.tokenEnhancer(enhancerChain)
.authenticationManager(authenticationManager);
}
}
这是ResourceServerConfig.java文件:
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Autowired
private ResourceServerTokenServices tokenServices;
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception{
resources.resourceId(resourceIds).tokenServices(tokenServices);
}
@Override
public void configure(HttpSecurity http) throws Exception{
http
.requestMatchers()
.and()
.authorizeRequests()
.antMatchers("/actuator/**","/api-docs/**").permitAll()
.antMatchers("/data-service/**").authenticated();
}
}
这是WebSecurityConfig.java文件:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public BCryptPasswordEncoder passwordEncoder(){
BCryptPasswordEncoder bCryptPasswordEncoder=new BCryptPasswordEncoder(11);
return bCryptPasswordEncoder;
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception{
return super.authenticationManagerBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception{
}
@Override
protected void configure(HttpSecurity http) throws Exception{
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.httpBasic()
.realmName(securityRealm)
.and()
.csrf()
.disable();
}
@Bean
public JwtAccessTokenConverter accessTokenConverter(){
JwtAccessTokenConverter converter=new JwtAccessTokenConverter();
converter.setSigningKey(signingKey);
return converter;
}
@Bean
public TokenStore tokenStore(){
return new JwtTokenStore(accessTokenConverter());
}
@Bean
@Primary
public DefaultTokenServices tokenServices(){
DefaultTokenServices defaultTokenServices=new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
defaultTokenServices.setSupportRefreshToken(true);
return defaultTokenServices;
}
}
如何使用curl获取访问令牌?
获得令牌有不同的授权类型。我建议阅读https://tools.ietf.org/html/rfc6749以获得更好的理解。
以下curl命令是使用客户端凭据授予类型获取令牌。您需要传递基本授权标头。它的格式基本base64(Client_name:Client_secret)
curl -X POST http://localhost:8080/oauth/token -H 'authorization: Basic b2F1dGgyLWp3dC1jbGllbnQ6YWRtaW4xMjM0' -H 'content-type: multipart/form-data -F grant_type=client_credentials