时间戳

首页 > 解决方案 > 使用 Postman 访问受 Spring Boot 2 和 OAuth 2 保护的 REST API

spring-boot - 使用 Postman 访问受 Spring Boot 2 和 OAuth 2 保护的 REST API

问题描述

我正在使用 Spring Boot 2 和 Spring Security 5 构建一个 REST API 服务器。我正在使用在远程服务器上运行的基于 OAuth2 的 IDP 我能够配置 OAuth2 客户端以使用 IDP,并且当我尝试点击任何 url从 Web 浏览器中,它会显示 Spring 生成的 UI。 https://imgur.com/3x98x5A.png

我能够完成身份验证流程并能够从 Web 浏览器访问受保护的资源。

现在我尝试使用 Postman 执行相同的操作,在其中生成访问令牌,并要求邮递员使用 Request Headers 将令牌传递给我的 API 服务器(资源服务器),如下所示: https ://imgur.com/z4OvUu4 .png

但是,当我向我的 API 发出 GET 请求时,它会返回 Spring 生成的登录页面的 HTML :(

我的spring boot application.properties文件如下:

spring.security.oauth2.client.registration.wso2.client-id=<removed>
spring.security.oauth2.client.registration.wso2.client-secret=<removed>
spring.security.oauth2.client.registration.wso2.client-authentication-method=basic
spring.security.oauth2.client.registration.wso2.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.wso2.redirect-uri-template={baseUrl}/login/oauth2/code/{registrationId}
spring.security.oauth2.client.registration.wso2.scope = openid, profile
spring.security.oauth2.client.registration.wso2.client-name=WSO2 ID Provider

spring.security.oauth2.client.provider.wso2.authorization-uri=https://localidpserver:9443/oauth2/authorize
spring.security.oauth2.client.provider.wso2.token-uri=https://localidpserver:9443/oauth2/token
spring.security.oauth2.client.provider.wso2.user-info-uri=https://localidpserver:9443/oauth2/userinfo
spring.security.oauth2.client.provider.wso2.jwk-set-uri=https://localidpserver:9443/oauth2/jwks

我的POM文件如下:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.okta.developer</groupId>
    <artifactId>oidc</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <packaging>jar</packaging>

    <name>oidc</name>
    <description>Demo project for Spring Boot</description>

    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.0.2.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <java.version>1.8</java.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-webflux</artifactId>
        </dependency>
        <dependency>
           <groupId>org.springframework.security</groupId>
           <artifactId>spring-security-config</artifactId>
        </dependency>
        <dependency>
           <groupId>org.springframework.security</groupId>
           <artifactId>spring-security-oauth2-client</artifactId>
        </dependency>
        <dependency>
           <groupId>org.springframework.security</groupId>
           <artifactId>spring-security-oauth2-jose</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>io.projectreactor</groupId>
            <artifactId>reactor-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>


</project>

我非常感谢您的回复:)

标签: spring-bootspring-securityspring-security-oauth2

解决方案

有待确认,但 Spring Security Oauth 与 Spring Boot 2.0 的 Webflux 实现不兼容,因为 Spring Security 实现基于 Servlet framwework。

您需要移动到 2.1.0.M1 和 Spring security 5.1.0.M1,检查

推荐阅读