Я пытаюсь понять Oauth 2.0, и я пытался следовать простому руководству, но я не понимаю, что не так с моим кодом. В основном сервер авторизации не возвращает никакого токена клиенту, и я непонять почему :( Вот код: ResourceServer App: AuthorizationServerConfig:
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient("javainuse").secret("secret").authorizedGrantTypes("authorization_code")
.scopes("read").authorities("CLIENT").redirectUris("http://localhost:8090/showEmployees");
}
}
EmployeeSecurityConfiguration:
@Configuration
@EnableWebSecurity
public class EmployeeSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/").permitAll().antMatchers("/user/getEmployeesList").hasAnyRole("ADMIN")
.anyRequest().authenticated().and().formLogin().permitAll().and().logout().permitAll();
http.csrf().disable();
}
@Override
public void configure(AuthenticationManagerBuilder authenticationMgr) throws Exception {
authenticationMgr.inMemoryAuthentication().passwordEncoder(NoOpPasswordEncoder.getInstance()).withUser("admin").password("admin").authorities("ROLE_ADMIN");
}
}
ResourceServer:
@Configuration
@EnableResourceServer
public class ResourceServer extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.requestMatchers().antMatchers("/user/getEmployeesList/**").and().authorizeRequests().anyRequest()
.access("#oauth2.hasScope('read')");
}
}
EmployeeController:
@Controller
public class EmployeeController {
@RequestMapping(value = "/user/getEmployeesList", produces ="application/json")
@ResponseBody
public List<Employee> getEmployeeList(){
List<Employee> employees = new ArrayList<>();
Employee emp = new Employee();
emp.setEmpId("emp1");
emp.setEmpName("emp1");
employees.add(emp);
return employees;
}
}
И клиентское приложение:
@Controller
public class EmployeeController {
@RequestMapping(value = "/getEmployees", method = RequestMethod.GET)
public ModelAndView getEmployeeInfo() {
return new ModelAndView("getEmployees");
}
@RequestMapping(value = "/showEmployees", method = RequestMethod.GET)
public ModelAndView showEmployees(@RequestParam("code") String code) throws JsonProcessingException, IOException {
ResponseEntity<String> response = null;
System.out.println("Authorization Code------" + code);
RestTemplate restTemplate = new RestTemplate();
// According OAuth documentation we need to send the client id and secret key in the header for authentication
String credentials = "javainuse:secret";
String encodedCredentials = new String(Base64.encodeBase64(credentials.getBytes()));
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
headers.add("Authorization", "Basic " + encodedCredentials);
HttpEntity<String> request = new HttpEntity<String>(headers);
String access_token_url = "http://localhost:8080/oauth/token";
access_token_url += "?code=" + code;
access_token_url += "&grant_type=authorization_code";
access_token_url += "&redirect_uri=http://localhost:8090/showEmployees";
response = restTemplate.exchange(access_token_url, HttpMethod.POST, request, String.class);
System.out.println("Access Token Response ---------" + response.getBody());
return null;
}
}
Sysout, который показывает response.getBody () всегда нулевой, и я понятия не имею, почему это происходит