Change the content-type
on the REST client to be application/x-www-form-urlencoded
Browser REST Client ask for credential and it fails for RESTEasy Service
-
19-10-2022 - |
题
I have created one RESTEasy service in java using Spring security Oauth2 for the authentication and token generate. Every thing is working fine for me but when I trying to access my service to generate the token from the browser REST Client it ask for credential and it fails but at the same time if I access the same service by HTTPClient in Java it work for me,
HttpClient client = new DefaultHttpClient();
HttpPost post = new HttpPost("http://localhost:80/my-rest-application/oauth/token");
List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(1);
nameValuePairs.add(new BasicNameValuePair("client_id","myclientid"));
nameValuePairs.add(new BasicNameValuePair("client_secret","myclientsecret"));
nameValuePairs.add(new BasicNameValuePair("username","someuser"));
nameValuePairs.add(new BasicNameValuePair("password","somepassword"));
nameValuePairs.add(new BasicNameValuePair("grant_type","password"));
post.setEntity(new UrlEncodedFormEntity(nameValuePairs));
HttpResponse response = client.execute(post);
Http client in java work for me but in browser rest client it ask for credential and returns bad request
Any idea why it happens?
my configuration,
<http pattern="/oauth/token" create-session="stateless"
authentication-manager-ref="clientAuthenticationManager"
xmlns="http://www.springframework.org/schema/security" >
<intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
<anonymous enabled="false" />
<http-basic entry-point-ref="clientAuthenticationEntryPoint" />
<!-- include this only if you need to authenticate clients via request parameters -->
<custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
<authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
<authentication-provider user-service-ref="clientDetailsUserService" />
</authentication-manager>
<bean id="clientDetailsUserService"
class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
<constructor-arg ref="clientDetails" />
</bean>
<bean id="clientDetails" class="my own client details implementation"/>
<bean id="clientAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<!-- <property name="realmName" value="springsec/client" /> -->
<property name="realmName" value="test/client" />
<property name="typeName" value="Basic" />
</bean>
<bean id="clientCredentialsTokenEndpointFilter"
class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
<property name="authenticationManager" ref="clientAuthenticationManager" />
</bean>
<authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
<authentication-provider user-service-ref="clientDetailsUserService" />
</authentication-manager>
解决方案
不隶属于 StackOverflow