401 full authentication is required to access this resource
Salut,
je n'arrive pas à me connecter à mon application. je reçois un message 401 full authentication is required to access this resource à chaque essaie.
Voici mes ressources :
Application Properties :
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
| security.oauth2.resource.id: ed
server:
ssl:
key-store-type: PKCS12
key-store: classpath:server.p12
key-store-password: ed19
key-alias: edpi
port: 8443
key-password: edasta19
security:
require-ssl=true:
spring:
datasource:
platform: mysql
url: jdbc:mysql://localhost:3306/edas19?serverTimezone=UTC&useLegacyDatetimeCode=false
username: root
password: '#L8#'
tomcat:
test-while-idle: true
validation-query: SELECT 1
initialization-mode: never
sql-script-encoding: UTF-8
jpa:
show-sql: true
generate-ddl: true
open-in-view: false
hibernate.ddl-auto: update
properties:
hibernate:
dialect: org.hibernate.dialect.MySQL5Dialect
jackson:
mapper:
default_view_inclusion: true
serialization:
indent_output: true
write_dates_as_timestamps: false
deserialization:
fail_on_ignored_properties: false
fail_on_unknown_properties: false
accept_single_value_as_array: true
default-property-inclusion: non_empty
date-format: com.fasterxml.jackson.databind.util.ISO8601DateFormat #joda-date-time-format: yyyy-MM-dd HH:mm:ss
mail:
host: smtp.gmail.com
port: 587
username: edd@gmail.com
password: '#l5#'
properties:
mail:
transport.protocol: smtp
smtp:
auth: true
starttls.enable: true
timeout: 5000
writetimeout: 5000
connectiontimeout: 5000
#debug: true
#test-connection: true
keystore:
jwt:
key-store: classpath:server.jks
key-store-password: ed19
key-pair-alias: edpi
key-pair-password: ed19
public-key: classpath:public.txt
uuidd: ${random.uuid}
password: edasta19
value: ${random.value}
upload-dir: /var/www/uploads
purge:
cron.expression: 0 0 5 * * ? |
AuthorizationServerConfig
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
@Configuration
@EnableOAuth2Client
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Value("${resource.id:edastapi}")
private String RESSOURCE_ID;
@Value("${keystore.jwt.key-pair-alias}")
private String KEY_PAIR_ALIAS;
@Value("${keystore.jwt.key-store-password}")
private String KEY_STORE_PASS;
@Value("${jwt.authorizedGrantTypes:password" +
",authorization_code" +
",refresh_token}")
private String[] AUTHORIZED_GRANTYPES;
private final static Integer RESOURCE_VALIDITY = 60*60;
private final PasswordEncoder encoder;
private final PersonneService service;
private final AuthenticationManager manager;
public AuthorizationServerConfig(
PasswordEncoder encoder,
PersonneService service,
AuthenticationManager manager) {
this.encoder = encoder;
this.service = service;
this.manager = manager;
}
@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(
tokenEnhancer()
);
}
@Bean
public JwtAccessTokenConverter tokenEnhancer() {
JwtAccessTokenConverter tokenConverter = new JwtAccessTokenConverter();
KeyStoreKeyFactory factory = new KeyStoreKeyFactory(
new ClassPathResource("server.jks"), KEY_STORE_PASS.toCharArray()
);
tokenConverter.setKeyPair(factory.getKeyPair(KEY_PAIR_ALIAS));
DefaultAccessTokenConverter converter = new DefaultAccessTokenConverter();
DefaultUserAuthenticationConverter authConverter = new DefaultUserAuthenticationConverter();
authConverter.setUserDetailsService(service);
converter.setUserTokenConverter(authConverter);
tokenConverter.setAccessTokenConverter(converter);
return tokenConverter;
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()");//security.allowFormAuthenticationForClients();
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("ed").resourceIds(RESSOURCE_ID)
.authorizedGrantTypes(AUTHORIZED_GRANTYPES)
.scopes("openid", "profile", "email", "read", "write")
.secret(encoder.encode("1234")).autoApprove(true)
// .secret("secret").autoApprove(true)
.accessTokenValiditySeconds(RESOURCE_VALIDITY).refreshTokenValiditySeconds(2*RESOURCE_VALIDITY);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
endpoints
.accessTokenConverter(tokenEnhancer())
.authenticationManager(manager).userDetailsService(service)
.tokenStore(tokenStore()).tokenServices(tokenServices());
}
@Bean @Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices services = new DefaultTokenServices();
services.setTokenEnhancer(tokenEnhancer());
services.setAuthenticationManager(manager);
services.setSupportRefreshToken(true);
services.setTokenStore(tokenStore());
return services;
}
} |
SERVEUR DE RESSOURCES :
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Autowired
private ResourceServerTokenServices tokenServices;
@Value("${security.oauth2.resource.id}")
private String RESSOURCE_ID;
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.resourceId(RESSOURCE_ID).tokenServices(tokenServices);;
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
/* .cors().and().csrf().disable().httpBasic().disable().headers().frameOptions().disable().and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.antMatchers("/me").permitAll()
.anyRequest().authenticated().and()
.exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
*/
.cors().and().csrf().disable().httpBasic().disable().headers().frameOptions().disable().and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests().anyRequest().authenticated().and() //.antMatchers("/oauth/register", "/oauth/enable", "/operations/bondast", "/about").permitAll().antMatchers("/ross/**").access("hasRole('ADMIN') and hasRole('USER')").antMatchers("/admin/**").hasRole("ADMIN")
.exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
}
} |
WebSecurity
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private PersonneService service;
@Bean
public static PasswordEncoder encoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
@Bean @Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(service).passwordEncoder(encoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.requiresChannel().anyRequest().requiresSecure();
}
} |
Je vous prie de m'aider SVP
