一、更新token报错“server error”、“token server UserDetailsService is required”
AuthorizationServer增加配置UserDetailsService
@Configuration
@EnableAuthorizationServer //注解开启了验证服务器
public class OAuth2AuthServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
public UserDetailsService userDetailsService;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints..userDetailsService(userDetailsService);
}
......
}
spring security oauth2授权服务刷新令牌报错UserDetailsService is required
二、/oauth/check_token报错“401”、“Unauthorized”
@Configuration
@EnableAuthorizationServer //注解开启了验证服务器
public class OAuth2AuthServerConfig extends AuthorizationServerConfigurerAdapter {
......
/**
* @Description: 配置 token 节点的安全策略
* @Param: [security]
* @Return: void
*/
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
//默认"denyAll()",不允许访问/oauth/check_token;
//"isAuthenticated()"需要携带auth信息认证访问;
//"permitAll()"可直接访问
security.checkTokenAccess("isAuthenticated()");
}
......
}
“Invalid token does not contain resource id (oauth2-resource)”
在每个ResourceServer(资源服务器)实例上设置resourceId,该resourceId作为该服务资源的唯一标识。(假如同一个微服务资源部署多份,resourceId相同)。
ResourceId是在Resource Server资源服务器进行验证。当资源请求发送到Resource Server的时候会携带access_token,Resource Server会根据access_token找到client_id,进而找到该client可以访问的resource_ids。如果resource_ids包含Resource Server自己设置ResourceId,就可以继续进行其他的权限验证。
@Configuration
@EnableResourceServer
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId("project_api");
}
...
}