Spring Cloud OAuth2中访问/oauth/token报Unsupported grant type: password问题的解决

Spring Cloud OAuth2中访问/oauth/token报Unsupported grant type: password问题的解决

问题分析

在新建的Spring Cloud OAuth2项目中使用grant_type为password方式访问时报Unsupported grant type: password。在postman中如下图:

{
    "error": "unsupported_grant_type",
    "error_description": "Unsupported grant type: password"
}

如下图:
在这里插入图片描述
java后台报错如下:

2021-01-16 17:02:53.936  WARN 9132 --- [nio-5002-exec-2] o.s.s.o.provider.endpoint.TokenEndpoint  : Handling error: UnsupportedGrantTypeException, Unsupported grant type: password

这个错误提示是说不支持grant type为password的方式获取access_token。
这里grant_type=password表示使用用户名密码的方式获取access_token。

问题解决

要允许oauth2 server支持通过grant_type=password方式获取access_token。需要代码中做以下调整
1、在WebSecurityConfigurerAdapter的实现类中增加获取AuthenticationManager的方法并进行@Bean标注,如下:

package com.wongoing.oauth2.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

	@Bean
	public PasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder();
	}
	
	@Override
	@Bean
	public AuthenticationManager authenticationManagerBean() throws Exception {
		return super.authenticationManagerBean();
	}
}

2、在AuthorizationServerConfigurerAdapter的实现类中使用AuthenticationManager,并在clients中指定授权类型authorizedGrantType(“password”),如下:

package com.wongoing.oauth2.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;

@Configuration
@EnableAuthorizationServer
public class OAuth2ServerConfig extends AuthorizationServerConfigurerAdapter {

	private TokenStore tokenStore = new InMemoryTokenStore();
	
	@Autowired
	private PasswordEncoder passwordEncoder;
	
	@Autowired
	private AuthenticationManager authenticationManager;
	
	@Override
	public void configure(ClientDetailsServiceConfigurer clients) throws Exception {		
		clients.inMemory().withClient("client_1").secret(this.passwordEncoder.encode("123456"))
			.authorizedGrantTypes("password")		//授权类型指定为password
			.scopes("all");
	}
	
	@Override
	public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
		
		endpoints.allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);
		
		// 配置Token的存储方式
		endpoints.tokenStore(tokenStore)
			// 注入WebSecurityConfig配置的bean
			.authenticationManager(authenticationManager);
	}
	
	@Override
	public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
		// 对获取Token的请求不再拦截
		oauthServer
			.tokenKeyAccess("permitAll()")
			// 验证获取Token的验证信息
			.checkTokenAccess("isAuthenticated()")
			//这个如果配置支持allowFormAuthenticationForClients的,且对/oauth/token请求的参数中有client_id和client-secret的会走ClientCredentialsTokenEndpointFilter来保护
			//如果没有支持allowFormAuthenticationForClients或者有支持但对/oauth/token请求的参数中没有client_id和client_secret的,走basic认证保护
			.allowFormAuthenticationForClients();
	}
}

已标记关键词 清除标记
©️2020 CSDN 皮肤主题: 编程工作室 设计师:CSDN官方博客 返回首页