Я получаю токен
$ curl -u badge:123456 http://localhost:8080/oauth/token -d grant_type=password -d username=admin -d password=admin -d client_id=badge -d client_secret=123456 -d scope=write
{"access_token":"00a872f9-6f6e-4073-af17-d07d3991c2f0","token_type":"bearer","refresh_token":"8772d67c-682a-4b56-ae51-5a4bc4dceff7","expires_in":43199,"scope":"write"}
Тогда немедленно попробуйте использовать его
$ curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 00a872f9-6f6e-4073-af17-d07d3991c2f0" -d '{"apiKey": "key", "tag": "tag"}' localhost:8080/isTagAvailable
Но там написано, что я аноним!
2018-05-26 23:43:28.390 DEBUG 54284 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /isTagAvailable at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2018-05-26 23:43:28.391 DEBUG 54284 --- [nio-8080-exec-5] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
Почему?
OAuth2Configurtion.java @Configuration
@EnableAuthorizationServer
public class OAuth2Configuration extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient(applicationName)
.authorizedGrantTypes("password", "authorization_code", "refresh_token")
.authorities("ROLE_USER")
// .scopes("read", "write")
.scopes("write")
.resourceIds(applicationName)
.secret("123456");
}
SecurityConfig.java @Configuration
@EnableWebSecurity//(debug=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/isTagAvailable").authenticated()
.and()
.authorizeRequests()
.antMatchers("/robots.txt", "/error", "/login", "/doLogout", "/home", "/pageNotFound"
).permitAll()
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.csrf().disable()
.httpBasic().disable();
}
Version <groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.13.RELEASE</version>
Я добавил
.anonymous().disable()
Но теперь это дает
2018-05-27 00:42:54.987 DEBUG 54284 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/isTagAvailable'; against '/isTagAvailable'
2018-05-27 00:42:54.987 DEBUG 54284 --- [nio-8080-exec-2] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /isTagAvailable; Attributes: [authenticated]
2018-05-27 00:42:54.988 DEBUG 54284 --- [nio-8080-exec-2] o.s.s.w.a.ExceptionTranslationFilter : Authentication exception occurred; redirecting to authentication entry point
org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
Он до сих пор не может запомнить токен!