权限 Blade-Auth 加入请求头,仍然报请求未授权

Blade 未结 1 854
lesiming
lesiming 2021-03-10 18:12

一、该问题的重现步骤是什么?

  1.   用postman 请求http://localhost/blade-auth/oauth/token?username=admin&grant_type=password&password=111111&tenant_id=000000  返回了

{

    "access_token""eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZW5hbnRfaWQiOiIwMDAwMDAiLCJ1c2VyX25hbWUiOiJhZG1pbiIsInJlYWxfbmFtZSI6IueuoeeQhuWRmCIsImF2YXRhciI6Imh0dHBzOi8vZ3cuYWxpcGF5b2JqZWN0cy5jb20vem9zL3Jtc3BvcnRhbC9CaWF6ZmFueG1hbU5Sb3h4VnhrYS5wbmciLCJhdXRob3JpdGllcyI6WyJhZG1pbmlzdHJhdG9yIl0sImNsaWVudF9pZCI6InN3b3JkIiwicm9sZV9uYW1lIjoiYWRtaW5pc3RyYXRvciIsImxpY2Vuc2UiOiJwb3dlcmVkIGJ5IGJsYWRleCIsInBvc3RfaWQiOiIxMTIzNTk4ODE3NzM4Njc1MjAxIiwidXNlcl9pZCI6IjExMjM1OTg4MjE3Mzg2NzUyMDEiLCJyb2xlX2lkIjoiMTEyMzU5ODgxNjczODY3NTIwMSIsInNjb3BlIjpbImFsbCJdLCJuaWNrX25hbWUiOiLnrqHnkIblkZgiLCJvYXV0aF9pZCI6IiIsImRldGFpbCI6eyJ0eXBlIjoid2ViIn0sImV4cCI6MTYxNTM3MzQ0NSwiZGVwdF9pZCI6IjExMjM1OTg4MTM3Mzg2NzUyMDEiLCJqdGkiOiJmMjljZGJlNi1hMzRlLTQwY2UtYWYyZS01ZTQ1N2M0MTM3MzYiLCJhY2NvdW50IjoiYWRtaW4ifQ.U6EuW9lI37vlIUcMZTYWq6bXFhvJAcAITaps7j7axaU",

    "token_type""bearer",

    "refresh_token""eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZW5hbnRfaWQiOiIwMDAwMDAiLCJ1c2VyX25hbWUiOiJhZG1pbiIsInJlYWxfbmFtZSI6IueuoeeQhuWRmCIsImF2YXRhciI6Imh0dHBzOi8vZ3cuYWxpcGF5b2JqZWN0cy5jb20vem9zL3Jtc3BvcnRhbC9CaWF6ZmFueG1hbU5Sb3h4VnhrYS5wbmciLCJhdXRob3JpdGllcyI6WyJhZG1pbmlzdHJhdG9yIl0sImNsaWVudF9pZCI6InN3b3JkIiwicm9sZV9uYW1lIjoiYWRtaW5pc3RyYXRvciIsImxpY2Vuc2UiOiJwb3dlcmVkIGJ5IGJsYWRleCIsInBvc3RfaWQiOiIxMTIzNTk4ODE3NzM4Njc1MjAxIiwidXNlcl9pZCI6IjExMjM1OTg4MjE3Mzg2NzUyMDEiLCJyb2xlX2lkIjoiMTEyMzU5ODgxNjczODY3NTIwMSIsInNjb3BlIjpbImFsbCJdLCJuaWNrX25hbWUiOiLnrqHnkIblkZgiLCJhdGkiOiJmMjljZGJlNi1hMzRlLTQwY2UtYWYyZS01ZTQ1N2M0MTM3MzYiLCJvYXV0aF9pZCI6IiIsImRldGFpbCI6eyJ0eXBlIjoid2ViIn0sImV4cCI6MTYxNTk3NDY0NSwiZGVwdF9pZCI6IjExMjM1OTg4MTM3Mzg2NzUyMDEiLCJqdGkiOiJkZTE2MmVmNy1kNzEyLTQ1NWEtOGUxYS1jNmRlMTc2OTE3ZGUiLCJhY2NvdW50IjoiYWRtaW4ifQ.-2RMPFw1ImVmAck_fhtBxWuO5cJP06UKbMtgUtI18SA",

    "expires_in"3599,

    "scope""all",

    "tenant_id""000000",

    "user_name""admin",

    "real_name""管理员",

    "avatar""https://gw.alipayobjects.com/zos/rmsportal/BiazfanxmamNRoxxVxka.png",

    "client_id""sword",

    "role_name""administrator",

    "license""powered by bladex",

    "post_id""1123598817738675201",

    "user_id""1123598821738675201",

    "role_id""1123598816738675201",

    "nick_name""管理员",

    "oauth_id""",

    "detail": {

        "type""web"

    },

    "dept_id""1123598813738675201",

    "account""admin",

    "jti""f29cdbe6-a34e-40ce-af2e-5e457c413736"

}


2.  请求 http://localhost/blade-desk/dashboard/activities

参数设置 Headers

image.png


3.  返回 

image.png


二、你期待的结果是什么?实际看到的又是什么?

     按照文档操作,发现权限认证这块过不了。


三、你正在使用的是什么产品,什么版本?在什么操作系统上?


四、请提供详细的错误堆栈信息,这很重要。


五、若有更多详细信息,请在下面提供。

1条回答
  •  admin
    admin (楼主)
    2021-03-11 16:50

    我看你postman传递的password是明文,目前密码传参的时候需要加密,加密后获取的token有3600秒的期限。

    你可以到blade-core-secure的SecureUtil.getUser方法打断点,看看具体是哪个地方报错的,报错原因是什么。

    还有需要查看配置文件,是否对这个接口有其他的secure配置限制了而非token的问题。

    另外商业版答疑规则见:https://sns.bladex.cn/article-14990.html

    请将账号邮箱修改为下单购买授权的qq邮箱便可咨询商业版疑问

    0 讨论(0)
提交回复