问题
I am doing example of Spring Boot Security with wso2is server from this post https://github.com/angel-git/wso2is-springoauth, when I am trying to access resource with access token I am getting
{"error":"unauthorized","error_description":"Full authentication is required to access this resource"}
I am generating access token by:
curl -u CLIENT_ID:CLIENT_SECRET-k -d "grant_type=password&username=admin&password=admin" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2/token
and accessing resources by:
curl -H GET "Authorization: ACCESS_TOKEN" http://localhost:8080/greeting
I found many solution on stackoverflow but unfortunately could not solve my issue
please help, thank you
回答1:
I was getting the same error message for
"curl http://localhost:8080/spring4/beans" :
{"timestamp":1493591079040,"status":401,"error":"Unauthorized","message":"Full authentication is required to access this resource.","path":"/spring4/beans"}
Setting the below property in application.properties bypassed the security check & I could use all the acuator endpoints:
management.security.enabled=false
回答2:
Many thanx to Angel Gavalda who helped me to solved problem. I used following commands to generate access token and access resource
For Generating Access token:-
curl -k -d 'grant_type=client_credentials&client_id=yourClientId&client_secret=yourClientSecret' https://localhost:9443/oauth2/token
For Accessing Resource:-
curl -k -H "Authorization: Bearer $ACCESS_TOKEN" http://localhost:8080/greeting
回答3:
When the answer above does not solve this issue change OAuthConfigurations/RemoveOAuthHeadersFromOutMessage to false in the file api-manager.xml.
来源:https://stackoverflow.com/questions/37612648/spring-boot-full-authentication-is-required-to-access-this-resource