oauth2 spring boot error. Invalid token does not contain resource id (oauth2-resource). How to decide?

L

legioner42019-06-18 16:01:15

Java

legioner4, 2019-06-18 16:01:15

Good afternoon.
Configured the Spring Boot service to work with the OAuth2 authorization server SecurityConfig
project settings

@Configuration
class SecurityConfig : WebSecurityConfigurerAdapter() {

    @Autowired
    internal var dataSource: DataSource? = null

    @Bean
    override fun authenticationManager(): AuthenticationManager {
        return super.authenticationManager()
    }

    @Throws(Exception::class)
    override fun configure(auth: AuthenticationManagerBuilder) {
        auth.jdbcAuthentication()
                .dataSource(dataSource)
                .passwordEncoder(passwordEncoder())
    }

    @Bean
    fun passwordEncoder(): PasswordEncoder {
        return BCryptPasswordEncoder()
    }
}

ResourceServerConfig

@Configuration
@EnableResourceServer
class ResourceServerConfig : ResourceServerConfigurerAdapter() {

    @Autowired
    internal var tokenServices: DefaultTokenServices? = null

    override fun configure(resources: ResourceServerSecurityConfigurer) {
        resources.tokenServices(tokenServices)
    }

    @Throws(Exception::class)
    override fun configure(http: HttpSecurity) {
        http
            .authorizeRequests()
            .antMatchers("/", "/help/**").permitAll()
            .anyRequest().authenticated()
    }
}

DataSourceConfig

@Configuration
class DataSourceConfig {

    @Value("\${spring.datasource.url}")
    private val datasourceUrl: String? = null

    @Value("\${spring.datasource.username}")
    private val dbUsername: String? = null

    @Value("\${spring.datasource.password}")
    private val dbPassword: String? = null

    @Bean
    fun dataSource(): DataSource {
        val dataSource = DriverManagerDataSource()
        dataSource.url = datasourceUrl
        dataSource.username = dbUsername
        dataSource.password = dbPassword
        return dataSource
    }

    @Bean
    fun approvalStore(): ApprovalStore {
        return JdbcApprovalStore(dataSource())
    }

    @Bean
    fun tokenStore(): TokenStore {
        return JdbcTokenStore(dataSource())
    }

    @Bean
    @Primary
    fun tokenServices(): DefaultTokenServices {
        val defaultTokenServices = DefaultTokenServices()
        defaultTokenServices.setTokenStore(tokenStore())
        return defaultTokenServices
    }
}

AuthorizationServerConfig

@Configuration
@EnableAuthorizationServer
class AuthorizationServerConfig : AuthorizationServerConfigurerAdapter() {

    @Autowired
    private val authenticationManager: AuthenticationManager? = null

    @Autowired
    internal var tokenStore: TokenStore? = null

    @Autowired
    internal var approvalStore: ApprovalStore? = null

    @Autowired
    internal var dataSource: DataSource? = null

    @Autowired
    internal var passwordEncoder: PasswordEncoder? = null

    @Throws(Exception::class)
    override fun configure(clients: ClientDetailsServiceConfigurer) {
        clients.jdbc(dataSource).passwordEncoder(passwordEncoder);
    }

    @Throws(Exception::class)
    override fun configure(security: AuthorizationServerSecurityConfigurer) {
        security.passwordEncoder(passwordEncoder)
    }

    @Throws(Exception::class)
    override fun configure(endpoints: AuthorizationServerEndpointsConfigurer) {
        endpoints.tokenStore(tokenStore)
        endpoints.authenticationManager(authenticationManager)
        endpoints.approvalStore(approvalStore)
    }
}

Added oauth_access_token, oauth_client_details, oauth_client_token, oauth_code, oauth_refresh_token tables to the database
Added data

INSERT INTO users (password, username, enabled) VALUES ('$2a$10$LOqePml/koRGsk2YAIOFI.1YNKZg7EsQ5BAIuYP1nWOyYRl21dlne', 'admin', TRUE);
INSERT INTO users (password, username, enabled) VALUES ('$2a$10$LOqePml/koRGsk2YAIOFI.1YNKZg7EsQ5BAIuYP1nWOyYRl21dlne', 'user', TRUE);

INSERT INTO authorities (id, username, authority) VALUES (1, 'admin', 'ROLE_USER');
INSERT INTO authorities (id, username, authority) VALUES (2, 'admin', 'ROLE_ADMIN');
INSERT INTO authorities (id, username, authority) VALUES (3, 'user', 'ROLE_USER');

INSERT INTO oauth_client_details (client_id, client_secret, resource_ids, scope, authorized_grant_types, authorities,
access_token_validity, refresh_token_validity, additional_information, autoapprove, web_server_redirect_uri) VALUES
('admin_client', '$2a$10$LOqePml/koRGsk2YAIOFI.1YNKZg7EsQ5BAIuYP1nWOyYRl21dlne', 'petstore',
'read,write', 'authorization_code,check_token,refresh_token,password', 'ROLE_ADMIN', 5000, 500000, '{}', TRUE, '');

INSERT INTO oauth_client_details (client_id, client_secret, resource_ids, scope, authorized_grant_types, authorities,
access_token_validity, refresh_token_validity, additional_information, autoapprove, web_server_redirect_uri) VALUES
('user_client', '$2a$10$LOqePml/koRGsk2YAIOFI.1YNKZg7EsQ5BAIuYP1nWOyYRl21dlne', 'petstore',
'read', 'password', 'ROLE_USER', 6000, 600000, '{}', TRUE, '');

I get a token for the user user . I try to call the method and it gives me an error

b'{"error":"access_denied","error_description":"Invalid token does not contain resource id (oauth2-resource)"}'