spring security 搭建资源服务器失败

来源：6-11 基于JWT实现SSO单点登录2

慕桂英0273856

2018-10-16

我是前后端分离的工程，需要搭建一个资源服务器，基于JWT的，但每次启动就会报Factory method 'jwtTokenEnhancer' threw exception; nested exception is org.springframework.web.client.RestClientException: Could not extract response: no suitable HttpMessageConverter found for response type [interface java.util.Map] and content type [text/html;charset=UTF-8]，这个是资源服务器代码

@Configuration
@EnableResourceServer
public class SsoResourceServerConfig extends ResourceServerConfigurerAdapter {
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
                .antMatchers(HttpMethod.GET, "/api/**").access("#oauth2.hasScope('read')")
                .antMatchers(HttpMethod.POST, "/api/**").access("#oauth2.hasScope('write')");
    }
    @Override
    public void configure(ResourceServerSecurityConfigurer resources){
        resources.tokenServices(tokenServices());
        resources.tokenStore(tokenStore());
    }

    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        converter.setSigningKey("imooc");
        return converter;
    }

    @Bean
    public TokenStore tokenStore() {
        return new JwtTokenStore(accessTokenConverter());
    }

    @Bean
    @Primary
    public DefaultTokenServices tokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        return defaultTokenServices;
    }

这个是资源服务器启动类

@SpringBootApplication
@EnableOAuth2Sso
@RestController
public class DemoApplication {
    @RequestMapping("/")
    public String hello() {
        return "hello";
    }
    public static void main(String[] args) {
        SpringApplication.run(DemoApplication.class, args);
    }
}

我们项目用的是springboot2.0
这个是POM的有关安全框架的配置

<dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-jwt</artifactId>
            <version>1.0.9.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security.oauth.boot</groupId>
            <artifactId>spring-security-oauth2-autoconfigure</artifactId>
            <version>2.0.5.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

写回答

1回答

慕桂英0273856

提问者

2018-10-16

security.oauth2.resource.jwt.key-value，我加了这个就可以了，看了一下源码，里面是setsignkey方法。。。是本地加密的意思吗？不本地就会出错？

security.oauth2.client.client-id=admin
security.oauth2.client.client-secret=admin
security.oauth2.client.access-token-uri=http://localhost:8081/oauth/token
security.oauth2.client.user-authorization-uri=http://localhost:8081/oauth/authorize
security.oauth2.resource.jwt.key-uri=http://localhost:8081/oauth/token_key
security.oauth2.resource.jwt.key-value=123
security.oauth2.resource.token-info-uri=http://localhost:8081/oauth/check-token