Spring 引导 - 无效访问令牌错误
Spring Boot- Invalid access token error
我目前正在开发一个简单的 Spring 引导应用程序,我在其中传递 client_id 和秘密以获取访问令牌,这让我刷新和访问令牌。
但是当我尝试使用该令牌访问资源(我的 REST API)时(使用此 URL:curl -H "Authorization: Bearer ead8ba5d-88ad-4531-a821-db08bf25e888" localhost:8081/my-end-point ), 它对我不起作用并给我以下错误-
{"error":"invalid_token","error_description":"Invalid access token: ead8ba5d-4531-db08bf2fe888"}
这是我的端点的样子-
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import java.security.Principal;
@RestController
@RequestMapping(path = "/my-end-point")
public class PrincipalResource {
@RequestMapping(method = RequestMethod.POST)
public Principal oauth(Principal principal) {
/*
* Translate the incoming request, which has an access token
* Spring security takes the incoming request and injects the Java Security Principal
* The converter inside Spring Security will handle the to json method which the Spring Security
* Oauth client will know how to read
*
* The @EnableResourceServer on the application entry point is what makes all this magic happen.
* If there is an incoming request token it will check the token validity and handle it accordingly
*
*
*/
return principal;
}
} `
确保在您的 AuthServerOAuth2Config
security.allowFormAuthenticationForClients().checkTokenAccess("permitAll()");
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.allowFormAuthenticationForClients().checkTokenAccess("permitAll()");
}
并通过向您的服务器发出 POST 请求来开始生成一些令牌 URL:localhost:yourport/oauth/token
例如:
http://localhost:8085/oauth/token?client_secret=secret&client_id=web&grant_type=password&username=kalaiselvan&password=kalaiselvan
它将return令牌
{
"access_token": "8b816685-b7da-4996-a3e2-ff18b4538a2b",
"token_type": "bearer",
"refresh_token": "f458c09b-f739-4488-be0f-2b0e3c5a62d1",
"expires_in": 637,
"scope": "read"
}
从响应数据中复制access_token并创建新的POST请求
http://localhost:8085/account
希望对您有所帮助
我目前正在开发一个简单的 Spring 引导应用程序,我在其中传递 client_id 和秘密以获取访问令牌,这让我刷新和访问令牌。
但是当我尝试使用该令牌访问资源(我的 REST API)时(使用此 URL:curl -H "Authorization: Bearer ead8ba5d-88ad-4531-a821-db08bf25e888" localhost:8081/my-end-point ), 它对我不起作用并给我以下错误-
{"error":"invalid_token","error_description":"Invalid access token: ead8ba5d-4531-db08bf2fe888"}
这是我的端点的样子-
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import java.security.Principal;
@RestController
@RequestMapping(path = "/my-end-point")
public class PrincipalResource {
@RequestMapping(method = RequestMethod.POST)
public Principal oauth(Principal principal) {
/*
* Translate the incoming request, which has an access token
* Spring security takes the incoming request and injects the Java Security Principal
* The converter inside Spring Security will handle the to json method which the Spring Security
* Oauth client will know how to read
*
* The @EnableResourceServer on the application entry point is what makes all this magic happen.
* If there is an incoming request token it will check the token validity and handle it accordingly
*
*
*/
return principal;
}
} `
确保在您的 AuthServerOAuth2Config
security.allowFormAuthenticationForClients().checkTokenAccess("permitAll()");
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.allowFormAuthenticationForClients().checkTokenAccess("permitAll()");
}
并通过向您的服务器发出 POST 请求来开始生成一些令牌 URL:localhost:yourport/oauth/token
例如:
http://localhost:8085/oauth/token?client_secret=secret&client_id=web&grant_type=password&username=kalaiselvan&password=kalaiselvan
它将return令牌
{
"access_token": "8b816685-b7da-4996-a3e2-ff18b4538a2b",
"token_type": "bearer",
"refresh_token": "f458c09b-f739-4488-be0f-2b0e3c5a62d1",
"expires_in": 637,
"scope": "read"
}
从响应数据中复制access_token并创建新的POST请求
http://localhost:8085/account
希望对您有所帮助