org.springframework.web.client.HttpClientErrorException$Unauthorized: 401 null

来源:4-6 搭建OAuth2资源服务器

慕仔6078626

2020-03-12

集成资源服务调用认证服务出现异常信息如下:org.springframework.web.client.HttpClientErrorException$Unauthorized: 401 null

图片描述

图片描述

后台打印异常信息:

org.springframework.web.client.HttpClientErrorException$Unauthorized: 401 null
at org.springframework.web.client.HttpClientErrorException.create(HttpClientErrorException.java:81) ~[spring-web-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:122) ~[spring-web-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:102) ~[spring-web-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at org.springframework.security.oauth2.provider.token.RemoteTokenServices$1.handleError(RemoteTokenServices.jav

请问有人知道我哪里写错了吗?贴代码如下

认证服务代码:
/**
*
*/
package com.imooc.security.server.auth;

import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;

/**

  • @author jojo

*/

@Configuration
@EnableAuthorizationServer
public class OAuth2AuthServerConfig extends AuthorizationServerConfigurerAdapter {

@Autowired
private AuthenticationManager authenticationManager;

@Autowired
private DataSource dataSource;

@Autowired
private PasswordEncoder passwordEncoder;

@Autowired
private UserDetailsService userDetailsService;

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
	
	endpoints.authenticationManager(authenticationManager);
	
}

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

	 clients.inMemory() 
	  .withClient("orderApp")
	  .secret(passwordEncoder.encode("123456")) 
	  .scopes("read","write")
	  .accessTokenValiditySeconds(3600)
	  .resourceIds("order-server")
	  .authorizedGrantTypes("password")
	  .and() 
	  .withClient("orderService")
	  .secret(passwordEncoder.encode("123456")) 
	  .scopes("read","write")
	  .accessTokenValiditySeconds(3600) 
	  .resourceIds("order-server")
	  .authorizedGrantTypes("password", "authorization_code", "refresh_token") ;
	  
}

@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
	security  .tokenKeyAccess("isAuthenticated()").checkTokenAccess("permitAll()") ;
}

}

资源服务代码:

package com.mice.server.resource;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

@Configuration
@EnableResourceServer
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {

@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception { // 生命自己的id
																						
	resources.resourceId("order-server");

}

/*
 * @Override public void configure(HttpSecurity http) throws Exception {
 * //那些不需要授权,在这里配置
 * http.authorizeRequests().antMatchers("/haha").permitAll().anyRequest().
 * authenticated(); }
 */

}

package com.mice.server.resource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationManager;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;

@Configuration

@EnableWebSecurity
public class Ouath2WebSecurityConfig extends WebSecurityConfigurerAdapter {
/*
* @Autowired private PasswordEncoder passwordEncoder;
*/

@Bean
public ResourceServerTokenServices tokenServices() {
	RemoteTokenServices tokenServices = new RemoteTokenServices();
	tokenServices.setClientId("orderService");
	tokenServices.setClientSecret("123456");
	tokenServices.setCheckTokenEndpointUrl("http://localhost:9090/ouath/check_token");
	return tokenServices;
}

@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
	OAuth2AuthenticationManager auth2AuthenticationManager = new OAuth2AuthenticationManager();
	auth2AuthenticationManager.setTokenServices(tokenServices());
	return auth2AuthenticationManager;

}

}

写回答

3回答

慕粉3333946

2021-03-30

一样的问题,解决了吗

0
0

慕用7359371

2020-08-02

一样的问题,解决了吗?

0
0

我是可愛蛋蛋

2020-07-17

把方法改成这个试试

@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
   security.checkTokenAccess("permitAll()


");
}

0
0

Spring Cloud微服务安全实战 可落地的安全方案

从API到复杂微服务场景,实战部署可落地的安全方案。

1029 学习 · 370 问题

查看课程