我在哪里可以找到 org.springframework.security.oauth2.provider.DefaultOAuth2RequestFactory class？

Question

有谁知道 class org.springframework.security.oauth2.provider.DefaultOAuth2RequestFactory 包含什么 Maven 依赖项？我正在使用 Spring 3.2.11.RELEASE 和 spring-security-oauth2 (v 2.0.9.RELEASE)。我在部署 OAuth 应用程序时遇到问题。我得到以下异常…

nested exception is org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [org.springframework.security.oauth2.provider.DefaultOAuth2RequestFactory] for bean with name 'requestFactory' defined in class path resource [META-INF/spring/oauth-configuration.xml]; nested exception is java.lang.ClassNotFoundException: org.springframework.security.oauth2.provider.DefaultOAuth2RequestFactory from [Module "deployment.ebook.war:main" from Service Module Loader]

我在我的项目中包含了以下依赖项……

            <!-- oauth2 -->
            <dependency>
                    <groupId>org.springframework.security.oauth</groupId>
                    <artifactId>spring-security-oauth2</artifactId>
                    <version>${oauth.version}</version>
            </dependency>
            <dependency>
                    <groupId>org.springframework.security</groupId>
                    <artifactId>spring-security-jwt</artifactId>
                    <version>1.0.4.RELEASE</version>
            </dependency>

下面是我的 Spring-OAuth 配置

<http pattern="/oauth/token" create-session="stateless"
    authentication-manager-ref="clientAuthenticationManager"
    xmlns="http://www.springframework.org/schema/security">
    <intercept-url pattern="/**" method="GET" access="ROLE_DENY" />
    <intercept-url pattern="/**" method="PUT" access="ROLE_DENY" />
    <intercept-url pattern="/**" method="DELETE" access="ROLE_DENY" />
    <intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
    <anonymous enabled="false" />
    <http-basic entry-point-ref="clientAuthenticationEntryPoint" />
    <!-- include this only if you need to authenticate clients via request 
        parameters -->
    <custom-filter ref="clientCredentialsTokenEndpointFilter"
        after="BASIC_AUTH_FILTER" />
    <access-denied-handler ref="oauthAccessDeniedHandler" />
</http>

<!-- The OAuth2 protected resources are separated out into their own block 
    so we can deal with authorization and error handling separately. This isn't 
    mandatory, but it makes it easier to control the behaviour. -->
<http pattern="/oauth/(users|clients)/.*" request-matcher="regex"
    create-session="stateless" entry-point-ref="oauthAuthenticationEntryPoint"
    use-expressions="true" xmlns="http://www.springframework.org/schema/security">
    <anonymous enabled="false" />
    <intercept-url pattern="/oauth/users/([^/].*?)/tokens/.*"
        access="#oauth2.clientHasRole('ROLE_CLIENT') and (hasRole('ROLE_USER') or #oauth2.isClient()) and #oauth2.hasScope('write')"
        method="DELETE" />
    <intercept-url pattern="/oauth/users/.*"
        access="#oauth2.clientHasRole('ROLE_CLIENT') and (hasRole('ROLE_USER') or #oauth2.isClient()) and #oauth2.hasScope('read')"
        method="GET" />
    <intercept-url pattern="/oauth/clients/.*"
        access="#oauth2.clientHasRole('ROLE_CLIENT') and #oauth2.isClient() and #oauth2.hasScope('read')"
        method="GET" />
    <intercept-url pattern="/**" access="denyAll()" />
    <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
    <access-denied-handler ref="oauthAccessDeniedHandler" />
    <expression-handler ref="oauthWebExpressionHandler" />
</http>

<!-- The OAuth2 protected resources are separated out into their own block 
    so we can deal with authorization and error handling separately. This isn't 
    mandatory, but it makes it easier to control the behaviour. -->
<http pattern="/photos/**" create-session="never"
    entry-point-ref="oauthAuthenticationEntryPoint"
    access-decision-manager-ref="accessDecisionManager"
    xmlns="http://www.springframework.org/schema/security">
    <anonymous enabled="false" />
    <intercept-url pattern="/photos" access="ROLE_USER,SCOPE_READ" />
    <intercept-url pattern="/photos/trusted/**" access="ROLE_CLIENT,SCOPE_TRUST" />
    <intercept-url pattern="/photos/user/**" access="ROLE_USER,SCOPE_TRUST" />
    <intercept-url pattern="/photos/**" access="ROLE_USER,SCOPE_READ" />
    <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
    <access-denied-handler ref="oauthAccessDeniedHandler" />
</http>

<!-- The OAuth2 protected resources are separated out into their own block 
    so we can deal with authorization and error handling separately. This isn't 
    mandatory, but it makes it easier to control the behaviour. -->
<http pattern="/me/**" create-session="never"
    entry-point-ref="oauthAuthenticationEntryPoint"
    access-decision-manager-ref="accessDecisionManager"
    xmlns="http://www.springframework.org/schema/security">
    <anonymous enabled="false" />
    <intercept-url pattern="/me" access="ROLE_USER,SCOPE_READ" />
    <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
    <access-denied-handler ref="oauthAccessDeniedHandler" />
</http>

<http access-denied-page="/login.jsp?authorization_error=true"
    disable-url-rewriting="true" xmlns="http://www.springframework.org/schema/security">
    <intercept-url pattern="/oauth/**" access="ROLE_USER" />
    <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />

    <form-login authentication-failure-url="/login.jsp?authentication_error=true"
        default-target-url="/index.jsp" login-page="/login.jsp"
        login-processing-url="/login.do" />
    <logout logout-success-url="/index.jsp" logout-url="/logout.do" />
    <anonymous />
</http>

<bean id="oauthAuthenticationEntryPoint"
    class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
    <property name="realmName" value="sparklr2" />
</bean>

<bean id="clientAuthenticationEntryPoint"
    class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
    <property name="realmName" value="sparklr2/client" />
    <property name="typeName" value="Basic" />
</bean>

<bean id="oauthAccessDeniedHandler"
    class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />

<bean id="clientCredentialsTokenEndpointFilter"
    class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
    <property name="authenticationManager" ref="clientAuthenticationManager" />
</bean>

<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased"
    xmlns="http://www.springframework.org/schema/beans">
    <constructor-arg>
        <list>
            <bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
            <bean class="org.springframework.security.access.vote.RoleVoter" />
            <bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
        </list>
    </constructor-arg>
</bean>

<authentication-manager id="clientAuthenticationManager"
    xmlns="http://www.springframework.org/schema/security">
    <authentication-provider user-service-ref="clientDetailsUserService" />
</authentication-manager>

<authentication-manager alias="authenticationManager"
    xmlns="http://www.springframework.org/schema/security">
    <authentication-provider>
        <user-service id="userDetailsService">
            <user name="marissa" password="koala" authorities="ROLE_USER" />
            <user name="paul" password="emu" authorities="ROLE_USER" />
        </user-service>
    </authentication-provider>
</authentication-manager>

<bean id="clientDetailsUserService"
    class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
    <constructor-arg ref="clientDetails" />
</bean>

<bean id="tokenStore"
    class="org.springframework.security.oauth2.provider.token.store.JdbcTokenStore">
    <constructor-arg ref="dataSource" />
</bean>

<bean id="tokenServices"
    class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
    <property name="tokenStore" ref="tokenStore" />
    <property name="tokenEnhancer" ref="tokenEnhancer" />
    <property name="supportRefreshToken" value="true" />
    <property name="clientDetailsService" ref="clientDetails" />
</bean>

<bean id="tokenEnhancer"
    class="org.springframework.security.oauth2.provider.token.TokenEnhancer" />

<bean id="requestFactory"
    class="org.springframework.security.oauth2.provider.DefaultOAuth2RequestFactory">
    <constructor-arg name="clientDetailsService" ref="clientDetails" />
</bean>

<bean id="userApprovalHandler"
    class="org.springframework.security.oauth.examples.sparklr.oauth.SparklrUserApprovalHandler">
    <property name="approvalStore" ref="approvalStore" />
    <property name="clientDetailsService" ref="clientDetails" />
    <property name="requestFactory" ref="requestFactory" />
</bean>

<bean id="approvalStore"
    class="org.springframework.security.oauth2.provider.approval.TokenApprovalStore">
    <property name="tokenStore" ref="tokenStore" />
</bean>

<oauth:authorization-server
    client-details-service-ref="clientDetails" token-services-ref="tokenServices"
    user-approval-handler-ref="userApprovalHandler">
    <oauth:authorization-code />
    <oauth:implicit />
    <oauth:refresh-token />
    <oauth:client-credentials />
    <oauth:password />
</oauth:authorization-server>

<oauth:resource-server id="resourceServerFilter"
    resource-id="sparklr" token-services-ref="tokenServices" />

<oauth:client-details-service id="clientDetails">
    <oauth:client client-id="my-trusted-client"
        authorized-grant-types="password,authorization_code,refresh_token,implicit"
        authorities="ROLE_CLIENT, ROLE_TRUSTED_CLIENT" scope="read,write,trust"
        access-token-validity="60" />
    <oauth:client client-id="my-trusted-client-with-secret"
        authorized-grant-types="password,authorization_code,refresh_token,implicit"
        secret="somesecret" authorities="ROLE_CLIENT, ROLE_TRUSTED_CLIENT" />
    <oauth:client client-id="my-client-with-secret"
        authorized-grant-types="client_credentials" authorities="ROLE_CLIENT"
        scope="read" secret="secret" />
    <oauth:client client-id="my-less-trusted-client"
        authorized-grant-types="authorization_code,implicit" authorities="ROLE_CLIENT" />
    <oauth:client client-id="my-less-trusted-autoapprove-client"
        authorized-grant-types="implicit" authorities="ROLE_CLIENT" scope="read,write,trust"
        autoapprove="true" />
    <oauth:client client-id="my-client-with-registered-redirect"
        authorized-grant-types="authorization_code,client_credentials"
        authorities="ROLE_CLIENT" redirect-uri="http://anywhere?key=value"
        scope="read,trust" />
    <oauth:client client-id="my-untrusted-client-with-registered-redirect"
        authorized-grant-types="authorization_code" authorities="ROLE_CLIENT"
        redirect-uri="http://anywhere" scope="read" />
    <oauth:client client-id="tonr" resource-ids="sparklr"
        authorized-grant-types="authorization_code,implicit" authorities="ROLE_CLIENT"
        scope="read,write" secret="secret" />
    <oauth:client client-id="tonr-with-redirect"
        resource-ids="sparklr" authorized-grant-types="authorization_code,implicit"
        authorities="ROLE_CLIENT" scope="read,write" secret="secret"
        redirect-uri="${tonr.redirect:http://localhost:8080/tonr2/sparklr/redirect}" />
</oauth:client-details-service>

Answer 1

这不是正确的 class，它是：

org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory

o.s.s.o.p.request.DefaultOAuth2RequestFactory Javadocs

我在哪里可以找到 org.springframework.security.oauth2.provider.DefaultOAuth2RequestFactory class？

Where do I find the org.springframework.security.oauth2.provider.DefaultOAuth2RequestFactory class?

spring

spring-security

oauth2