问题描述

看了spring security的视频后自己写了个authorization server和resource server，两者都是单独的spring boot app。现在可以获取到token了，但用token来获取userinfo返回401:

{

“timestamp”: “2019-12-30T06:13:46.679+0000”,

“status”: 401,

“error”: “Unauthorized”,

“message”: “Unauthorized”,

“path”: “/auth/user”

}

相关代码

Resource Server：

@SpringBootApplication

@RestController

@EnableResourceServer

public class Oauth2ClientDemoApplication {

public static void main(String[] args) {

SpringApplication.run(Oauth2ClientDemoApplication.class, args);

}

@GetMapping("/hello")

public String echo() {

Map user = (Map) SecurityContextHolder.getContext()

            .getAuthentication()

            .getPrincipal();

System.out.println("user ===== "+user.get("username"));

return "Hello Spring Security";

}

}

security.oauth2.resource.user-info-uri=http://localhost:8081/auth/user

Authorization Server：

@RestController

@SpringBootApplication

@EnableAuthorizationServer

public class Oauth2ServerDemoApplication {

public static void main(String[] args) {

SpringApplication.run(Oauth2ServerDemoApplication.class, args);

}

@GetMapping(value="/auth/user", produces = "application/json")

public Map<String, Object> authUser(OAuth2Authentication authentication){

Map<String, Object> userInfo = new HashMap<>();

    userInfo.put("user", authentication.getUserAuthentication().getPrincipal());

    userInfo.put("authorities", AuthorityUtils.authorityListToSet( authentication.getUserAuthentication().getAuthorities()));

    return userInfo;

}

}

@Configuration

@EnableWebSecurity

public class SecurityConfiguration extends WebSecurityConfigurerAdapter{

@Bean

@Override

public AuthenticationManager authenticationManagerBean() throws Exception{

return super.authenticationManagerBean();

}

@Bean

@Override

public UserDetailsService userDetailsServiceBean() throws Exception {

return super.userDetailsServiceBean();

}

@Autowired

private PasswordEncoder passwordEncoder;

@Override

protected void configure(AuthenticationManagerBuilder auth) throws Exception {

auth.inMemoryAuthentication()

.withUser("admin")

    .password(passwordEncoder.encode("nimda"))

    .roles("ADMIN")

    .and()

    .withUser("test")

    .password("111111")

    .roles("CUSTOMER");

}

@Override

protected void configure(HttpSecurity http) throws Exception {

http.csrf().disable();

    http.authorizeRequests()

            .anyRequest()

            .authenticated()

            .and()

            .httpBasic();

}

}

@Configuration

public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

@Autowired

private AuthenticationManager authenticationManager;

@Autowired

private UserDetailsService userDetailsService;

@Autowired

private PasswordEncoder passwordEncoder;

@Override

public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

clients.inMemory()

.withClient("test")

.secret(passwordEncoder.encode("111111"))

.authorizedGrantTypes("authorization_code", "refresh_token", "implicit", "password", "client_credentials")

.scopes("test")

.accessTokenValiditySeconds(9999);

}

@Override

public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

endpoints

//.tokenStore(tokenStore())

.authenticationManager(authenticationManager)

.userDetailsService(userDetailsService);

}

@Bean

public PasswordEncoder passwordEncoders() {

return new BCryptPasswordEncoder();

}

//@Bean

//public TokenStore tokenStore() {

//return new InMemoryTokenStore();

//}

}

你期待的结果是什么？实际看到的错误信息又是什么？

是哪里配置的不对吗？为什么带着token还是这样呢？

我的所有G币都拿出了