问题
I am trying to create Authorization server and resource server. When tried to get access token from Authorization server its working and getting access token with following details.
{
"access_token": "5ffbc2d7-2a27-4f08-921f-f7de2410b5f5",
"token_type": "bearer",
"refresh_token": "d0fb85b3-52e0-45e0-84dc-ed38d55176a6",
"expires_in": 599,
"scope": "READ",
"authorities": [
{
"authority": "delete_profile"
},
{
"authority": "update_profile"
},
{
"authority": "read_profile"
},
{
"authority": "create_profile"
},
{
"authority": "ROLE_admin"
}
],
"resource_ids": [
"RESOURCE_ID1"
]
}
with the access_token when trying to hit one service(resource server configured) getting response. But In DB oauth_client_details table resource_ids column the resource id =RESOURCE_ID1 and in Resource Server I provided resource id =RESOURCE_ID11 intensionally to verify. Though its returnng data,it should give authority exception.
My sample code snippet as follows:
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private ClientDetailsService clientDetailsService;
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Bean
TokenStore jdbcTokenStore() {
return new JdbcTokenStore(dataSource);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.jdbc(dataSource).passwordEncoder(passwordEncoder);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(jdbcTokenStore())
.tokenEnhancer(tokenEnhancer())
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService)
;
}
@Bean
public TokenEnhancer tokenEnhancer() {
return new CustomTokenEnhancer();
}
}
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
private static final String RESOURCE_ID = "RESOURCE_ID11"; // resource id is defferent to DB oauth_client_details resource id
@Autowired
private DataSource dataSource;
@Bean
public JdbcTokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/").permitAll().antMatchers("/api/**").authenticated();
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId(RESOURCE_ID).tokenStore(tokenStore());
}
}
DB data understanding:
INSERT INTO `OAuthTest`.`oauth_client_details` (`client_id`, `client_secret`, `scope`, `access_token_validity`, `refresh_token_validity`, `resource_ids`, `authorized_grant_types`, `additional_information`) VALUES ('APP1', 'password', 'READ', '600', '10000', 'RESOURCE_ID1', 'authorization_code,password,refresh_token,implicit', '{}');
INSERT INTO `OAuthTest`.`user` (`id`, `username`, `password`, `email`, `enabled`, `accountNonExpired`, `credentialsNonExpired`, `accountNonLocked`, `account_non_expired`, `account_non_locked`, `credentials_non_expired`, `account_expired`, `account_locked`, `credentials_expired`) VALUES ('1', 'admin', 'password', 'admin@app.com', '1', '1', '1', '1', 0, 0, 0, 0, 0, 0);
来源:https://stackoverflow.com/questions/57672643/how-to-configure-resource-id-in-resource-server-using-oauth2-security