gpt4 book ai didi

error with WebSecurityConfigurerAdapter when migrating springboot application 2.7 to 3.1.1(将SprringBoot应用程序2.7迁移到3.1.1时,WebSecurityConfigurerAdapter出错)

转载 作者:bug小助手 更新时间:2023-10-25 21:40:07 30 4
gpt4 key购买 nike



Good afternoon, I have a problem with an application in springboot 2.7.1 that I updated to version 3.1.1
my application uses CustomOpaqueTokenIntrospector to validate a token, the problem is that in version 3.1.1 "WebSecurityConfigurerAdapter", "cors","antMatchers", "oauth2ResourceServer().opaqueToken()" are deprecated, and honestly I'm new to this authentication and authorization.
Could you help me with an answer on how I could correct my problem, I have attached the code of my configuration classes.

下午好,我在SpringBoot 2.7.1中更新到3.1.1版的一个应用程序有问题我的应用程序使用CustomOpaqueTokenIntrospector来验证令牌,问题是在3.1.1版中“WebSecurityConfigurerAdapter”、“CORS”、“antMatcher”、“oauth2ResourceServer().opaqueToken()”是不受欢迎的,老实说,我对这种身份验证和授权还不熟悉。你能帮我解决我的问题吗?我已经附上了我的配置类的代码。


Class OpaqueSecurityConfig:

类OpaqueSecurityConfig:


package ec.edu.espe.generalapi.Config.security;

import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;

@Configuration
public class OpaqueSecurityConfig extends WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception {

http.cors();
http
.authorizeRequests(authz -> authz
.antMatchers(HttpMethod.GET, "/public/**", "/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html", "/apiGeneral-docs/**", "swagger-ui-GeneralApi/**", "/swagger-ui-GeneralApi.html/**").permitAll()
.antMatchers(HttpMethod.POST, "/public/**").permitAll()
.anyRequest().authenticated())
.oauth2ResourceServer().opaqueToken();
}

@Bean
OpaqueTokenIntrospector tokenIntrospector(RestTemplateBuilder builder, OAuth2ResourceServerProperties resourceServerProps) {
return new CustomOpaqueTokenIntrospector(builder, resourceServerProps);
}

}

Class CustomOpaqueTokenIntrospector:

类CustomOpaqueTokenIntrospector:


package ec.edu.espe.generalapi.Config.security;

import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
import org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector;
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
import org.springframework.web.client.RestOperations;

import java.time.Duration;


public class CustomOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
private OAuth2ResourceServerProperties.Opaquetoken opaqueTokenProps;
private RestTemplateBuilder builder;
CustomOpaqueTokenIntrospector(RestTemplateBuilder builder, OAuth2ResourceServerProperties resourceServerProps) {
this.opaqueTokenProps = resourceServerProps.getOpaquetoken();
this.builder = builder;
}

@Override
public OAuth2AuthenticatedPrincipal introspect(String token) {
// System.out.println(token);
RestOperations restOperations = builder
.defaultHeader("Authorization", "Bearer " + token)
.setConnectTimeout(Duration.ofSeconds(60))
.setReadTimeout(Duration.ofSeconds(60))
.build();
return new NimbusOpaqueTokenIntrospector(opaqueTokenProps.getIntrospectionUri(), restOperations).introspect(token);
}
}

and finally:

最后是:


build.gradle

Build.gradle


plugins {
id 'java'
id 'org.springframework.boot' version '3.1.3'
id 'io.spring.dependency-management' version '1.1.3'
}

group = 'example'
version = '0.0.1-SNAPSHOT'

java {
sourceCompatibility = '17'
}


repositories {
mavenCentral()
}

dependencies {
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.springframework.boot:spring-boot-starter-oauth2-resource-server:3.0.0'
implementation 'org.springframework.boot:spring-boot-gradle-plugin:2.7.0'
compileOnly 'org.projectlombok:lombok'
implementation 'org.springdoc:springdoc-openapi-ui:1.6.12'
implementation 'org.springdoc:springdoc-openapi-security:1.6.12'
implementation group: 'org.postgresql', name: 'postgresql', version: '42.3.1'
runtimeOnly 'com.nimbusds:oauth2-oidc-sdk:9.2.4'
implementation 'org.springframework.boot:spring-boot-starter-actuator:2.6.1'
runtimeOnly 'com.oracle.database.jdbc:ojdbc8'
annotationProcessor 'org.projectlombok:lombok'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
}

tasks.named('test') {
useJUnitPlatform()
}

更多回答
优秀答案推荐

If the problem is in migration and nothing else, i mean to replace old configuration.

如果问题出在迁移上,而不是其他方面,我的意思是更换旧配置。


You should remove extends WebSecurityConfigurerAdapter.

您应该删除扩展WebSecurityConfigurerAdapter。


The configuration class will look so:

配置类将如下所示:


@Configuration
@EnableWebSecurity
public class OpaqueSecurityConfig {

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {

http.cors(AbstractHttpConfigurer::disable);
http.authorizeHttpRequests(request -> {
request.requestMatchers(HttpMethod.GET,
"/public/**", "/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html", "/apiGeneral-docs/**", "swagger-ui-GeneralApi/**", "/swagger-ui-GeneralApi.html/**").permitAll()
.requestMatchers(HttpMethod.POST, "/public/**").permitAll()
.anyRequest().authenticated();
});
http.oauth2ResourceServer(c -> c.opaqueToken(Customizer.withDefaults()));

return http.build();
}

@Bean
OpaqueTokenIntrospector tokenIntrospector(RestTemplateBuilder builder, OAuth2ResourceServerProperties resourceServerProps) {
return new CustomOpaqueTokenIntrospector(builder, resourceServerProps);
}

}

But i really suggest you to check next resources:

但我真的建议你去看看下一步的资源:


spring-security-without-the-websecurityconfigureradapter

Spring-security-without-the-websecurityconfigureradapter


Migration Guide

迁移指南


About gradle build file also update the version for

关于Gradle构建文件还更新了


implementation 'org.springframework.boot:spring-boot-gradle-plugin:**2.7.0**' to one that you use in project.

Implementation‘org.springframework.boot:spring-boot-gradle-plugin:**2.7.0**’到您在项目中使用的。



In Spring Security 5.7.0-M2 WebSecurityConfigurerAdapter was deprecated.
Here is how you do it now:
https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter

在Spring Security 5.7.0-M2中,WebSecurityConfigurerAdapter已弃用。下面是你现在的做法:https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter


更多回答

30 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com