mardi 24 février 2015

How do I set a resource ID for a token?

I try to implement a RESTFul webservice with OAuth.


Using this guide: http://ift.tt/17uSvJe


I can successfully retreive a token:



 curl -v -u android-bookmarks:123456 -X POST http://localhost:8080/oauth/token -H "Accept: application/json" -d "password=password&username=User1&grant_type=password&scope=write&client_secret=12345&client_id=android-bookmarks"


Response:



{"access_token":"cdafc45f-924a-4f87-8bd0-e3e2bdffa540","token_type":"bearer","refresh_token":"609efba8-edd3-4ea3-be7b-78e449cec0ef","expires_in":43199,"scope":"write"}* Connection #0 to host localhost left intact


When I try to access the yhe resource like so:



curl -G http://localhost:8080/bookmarks -H "Authorization: Bearer cdafc45f-924a-4f87-8bd0-e3e2bdffa540"


I get the following response:



{"error":"access_denied","error_description":"Invalid token does not contain resource id (oauth2-resource)"}


The Java class setting the resource id:



@Configuration
@EnableResourceServer
@EnableAuthorizationServer
public class OAuth2Configuration extends AuthorizationServerConfigurerAdapter {

    String applicationName = "bookmarks";

    @Autowired
    AuthenticationManagerBuilder authenticationManager;

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints)
        throws Exception {
    endpoints.authenticationManager(new AuthenticationManager() {
        @Override
        public Authentication authenticate(Authentication authentication)
                throws AuthenticationException {
            return authenticationManager.getOrBuild().authenticate(
                    authentication);
            }
        });
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients)
        throws Exception {

        clients.inMemory()
            .withClient("android-" + applicationName)
            .authorizedGrantTypes("password", "authorization_code",
                    "refresh_token").authorities("ROLE_USER")
            .scopes("write").resourceIds(applicationName).secret("123456");
    }

}


When I change the code to sth like:



clients.inMemory()
        .withClient("android-" + applicationName)
        .authorizedGrantTypes("password", "authorization_code",
                "refresh_token").authorities("ROLE_USER")
        .scopes("write").secret("123456");


I can access the resource with the previously mentioned commands successfully.


Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)