OAuth2客户端身份验证弹出

Question

我试图在Spring中实现Oauth2.0授权服务器。

我已经能够通过检索的authorization_code为用户：
/oauth/authorize

，但是当我把这些代码，并尝试在赎回OAuth凭证吧：
/oauth/token
我得到一个错误401： “坏凭据”

的网址，我使用检索authorization_code是：

http://localhost:8084/Oauth/oauth/authorize?response_type=code&client_id=tonr&redirect_uri=www 

和curl命令我用它来试图抢令牌是：

我不知道如果我有一些错误配置，或者如果我只是误解的oauth2是如何工作的。有任何想法吗？

这里是我的security.xml文件：

<beans:beans xmlns="http://www.springframework.org/schema/security" 
      xmlns:beans="http://www.springframework.org/schema/beans" 
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
      xmlns:oauth="http://www.springframework.org/schema/security/oauth2" 
      xmlns:mvc="http://www.springframework.org/schema/mvc" 
      xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.3.xsd 
        http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd 
         http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd"> 

    <http auto-config='true'> 
     <intercept-url pattern="/**" access="ROLE_USER" /> 
    </http> 

    <authentication-manager> 
     <authentication-provider> 
      <user-service> 
       <user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" /> 
       <user name="bob" password="bobspassword" authorities="ROLE_USER" /> 
      </user-service> 
     </authentication-provider> 
    </authentication-manager> 

    <oauth:client-details-service id="clientDetails"> 
     <oauth:client client-id="tonr" resource-ids="sparklr" authorized-grant-types="authorization_code,implicit" 
         authorities="ROLE_CLIENT" scope="read,write" secret="secret" /> 
    </oauth:client-details-service> 

    <beans:bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore" /> 

    <beans:bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices"> 
     <beans:property name="tokenStore" ref="tokenStore" /> 
     <beans:property name="supportRefreshToken" value="true" /> 
     <beans:property name="clientDetailsService" ref="clientDetails" /> 
    </beans:bean> 

    <beans:bean id="userApprovalHandler" class="org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler"> 
     <beans:property name="tokenServices" ref="tokenServices"/> 
    </beans:bean> 

    <oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices" 
           user-approval-handler-ref="userApprovalHandler"> 
     <oauth:authorization-code /> 
     <oauth:implicit /> 
     <oauth:refresh-token /> 
     <oauth:client-credentials /> 
     <oauth:password /> 
    </oauth:authorization-server> 

    <mvc:annotation-driven /> 
</beans:beans> 

，这里是我的的web.xml：

<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> 
    <display-name>Oauth</display-name> 
    <session-config> 
     <session-timeout> 
      30 
     </session-timeout> 
    </session-config> 
    <welcome-file-list> 
     <welcome-file>index.jsp</welcome-file> 
    </welcome-file-list> 

    <servlet> 
     <servlet-name>spring</servlet-name> 
     <servlet-class> 
      org.springframework.web.servlet.DispatcherServlet 
     </servlet-class> 
     <load-on-startup>1</load-on-startup> 
    </servlet> 
    <servlet-mapping> 
     <servlet-name>spring</servlet-name> 
     <url-pattern>/*</url-pattern> 
    </servlet-mapping> 

    <!-- this mapping is added so that view requests are not defaulted to the app-servlet declared above /\ --> 
    <servlet-mapping> 
     <servlet-name>jsp</servlet-name> 
     <url-pattern>/WEB-INF/views/*</url-pattern> 
    </servlet-mapping> 

    <!-- security stuff--> 
    <filter> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
    </filter> 
    <filter-mapping> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping> 

    <context-param> 
     <param-name>contextConfigLocation</param-name> 
     <param-value>/WEB-INF/security.xml</param-value> 
    </context-param> 
    <listener> 
     <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
    </listener> 

</web-app> 

任何帮助，不胜感激！

Answer 1

回答我的问题：

原来，春天应用只有2个可行的用户：

<user-service> 
    <user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" /> 
    <user name="bob" password="bobspassword" authorities="ROLE_USER" /> 
</user-service> 

我TONR客户是不是在这个用户服务，所以春季保持拒绝它。 我只需要在客户端列表添加到ClientDetailsUserDetailsService：是的UserDetailsS​​ervice实现

<beans:bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService"> 
     <beans:constructor-arg ref="clientDetails" /> 
</beans:bean> 

，然后添加到<authentication-manager/>豆：

<authentication-manager> 
    <authentication-provider> 
     <user-service> 
      <user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" /> 
      <user name="bob" password="bobspassword" authorities="ROLE_USER" /> 
     </user-service> 
    </authentication-provider> 
    <authentication-provider user-service-ref="clientDetailsUserService" /> 
</authentication-manager>