分布式认证授权(四)

• ​​客户端请求资源服务器​​

# 配置类添加注解@EnableOAuth2Sso

# 注入
@Bean
public OAuth2RestTemplate oAuth2RestTemplate(UserInfoRestTemplateFactory factory) {
    return factory.getUserInfoRestTemplate();
}

# 控制层注入
@Autowired
private OAuth2RestTemplate oAuth2RestTemplate;

# 方式1
@GetMapping("/member")
public String member() {
    // 方式1，直接访问资源服务器
    //MengxueguResult entity = oAuth2RestTemplate.getForObject("http://localhost:8080/product/list", MengxueguResult.class);
    System.out.println("body: " + entity);
    return "member";
}

• 测试：启动服务注册模块、网关、认证服务器、资源服务器、客户端1

# 浏览器打开
http://localhost:9001/

# 访问/member接口，报错如下
Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.

Fri Jul 01 15:03:45 GMT+08:00 2022
There was an unexpected error (type=Internal Server Error, status=500).
Insufficient scope for this resource
error="insufficient_scope", error_description="Insufficient scope for this resource", scope="all"

# 错误原因：在资源服务器的配置类中指定了访问接口需要all的权限标识
.antMatchers("/**").access("#oauth2.hasScope('all')")

# 解决方案：在数据库中为客户端1添加all的权限标识

• 再次测试，测试成功

# 控制台打印
15:06:23.029  INFO 11292 --- [)-192.168.137.1] o.s.web.servlet.DispatcherServlet        : Completed initialization in 3 ms
body: MengxueguResult(code=200, message=OK, data=[眼镜, 格子衬衣, 双肩包])

• 方式2：通过网关访问资源服务器

@GetMapping("/member")
public String member() {
    // 方式2，通过网关
    ResponseEntity<MengxueguResult> entity = oAuth2RestTemplate.getForEntity("http://localhost:7001/product/list", MengxueguResult.class);
    System.out.println("body: " + entity);
    return "member";
}

# 控制台报错如下
org.springframework.security.oauth2.common.exceptions.InsufficientScopeException: Insufficient scope for this resource
    at org.springframework.security.oauth2.common.exceptions.OAuth2ExceptionJackson2Deserializer.deserialize(OAuth2ExceptionJackson2Deserializer.java:112)
    at org.springframework.security.oauth2.common.exceptions.OAuth2ExceptionJackson2Deserializer.deserialize(OAuth2ExceptionJackson2Deserializer.java:33)
    at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4202)
    at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3258)

# 错误原因：在网关的ResourceServerConfig配置类中配置了，访问资源服务器需要有服务器id标识
public static final String RESOURCE_ID = "product-server";
public static final String AUTH_ID = "auth-server";

# 解决方案：在数据库中为客户端1添加服务器id标识

• 再次测试，测试成功

# 控制台打印
5:18:19.801  INFO 5064 --- [)-192.168.137.1] o.s.web.servlet.DispatcherServlet        : Completed initialization in 3 ms
body: <200,MengxueguResult(code=200, message=OK, data=[眼镜, 格子衬衣, 双肩包]),[Vary:"Origin", "Access-Control-Request-Method", "Access-Control-Request-Headers", Date:"Fri, 01 Jul 2022 07:18:34 GMT", Keep-Alive:"timeout=60", X-Content-Type-Options:"nosniff", X-XSS-Protection:"1; mode=block", Cache-Control:"no-cache, no-store, max-age=0, must-revalidate", Pragma:"no-cache", Expires:"0", X-Frame-Options:"DENY", Content-Type:"application/json", Transfer-Encoding:"chunked", Connection:"keep-alive"]>