个人中心
gpt4 book ai didi

java - 在 Spring 实现授权码授予时出现的问题

转载 作者:太空宇宙 更新时间:2023-11-04 10:39:59 24 4
gpt4 key购买 nike

到目前为止,我已经有了密码授予类型并且工作得很好。最近我开始在我的项目中实现OAuth的授权码授予。我可以从服务器获取授权码。使用代码我再次能够获取访问 token 。

问题是我无法使用我的访问 token 访问资源服务器。每次我尝试访问任何资源时,我都会被重定向到 Spring 的默认 /login 页面。

下面是资源服务器:

@Configuration
@PropertySource("classpath:webservices-application.properties")
@EnableResourceServer
public class ResourceServer extends ResourceServerConfigurerAdapter{

    @Value("${security.oauth2.resource.id}")
    private String resourceId;

    @Bean
    public JdbcTokenStore getTokenStore() {
        return new JdbcTokenStore(dataSource);
    }

    @Autowired
    private DataSource dataSource;

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/oauth/**","/login","/").permitAll()
                .anyRequest().authenticated();
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.tokenStore(getTokenStore())
                .resourceId(resourceId).stateless(false);
    } 
}
<小时/>

网络安全:

@Configuration
@EnableWebSecurity
@EnableOAuth2Sso
public class CustomWebsecurity extends WebSecurityConfigurerAdapter {
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .authorizeRequests()
                .antMatchers("/oauth/**","/login","/").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin();
    }
}
<小时/>

授权服务器:

@Configuration
@EnableAuthorizationServer
@EnableOAuth2Sso
protected class AuthorizationApplication extends AuthorizationServerConfigurerAdapter {

    @Autowired
    public AuthorizationApplication (ApplicationContext applicationContext, AuthenticationManager authenticationManager) {
        this.passwordEncoder = applicationContext.getBean(PasswordEncoderImpl.class);
        this.authenticationManager = authenticationManager;
    }

    private PasswordEncoder passwordEncoder;

    private AuthenticationManager authenticationManager;

    @Bean
    protected AuthorizationCodeServices getAuthorizationCodeServices() {
        return new JdbcAuthorizationCodeServices(dataSource);
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.jdbc(dataSource);
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        AuthorizationCodeServices services = getAuthorizationCodeServices();
        JdbcTokenStore tokenStore = getTokenStore();
        endpoints
                .userDetailsService(userDetailsService)
                .authorizationCodeServices(services)
                .authenticationManager(authenticationManager)
                .tokenStore(tokenStore)
                .approvalStoreDisabled();
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security.allowFormAuthenticationForClients();
        security.passwordEncoder(passwordEncoder);
    }
}
<小时/>

该问题可能是由于 WebSecurity 类的某些配置不正确造成的。但是,我尝试了多种配置,但没有成功。

最佳答案

在 @dur 的一些指导下,我找到了解决方案。 Here's one of the culprits :

The default order of the OAuth2 resource filter has changed from 3 to SecurityProperties.ACCESS_OVERRIDE_ORDER - 1. This places it after the actuator endpoints but before the basic authentication filter chain. The default can be restored by setting security.oauth2.resource.filter-order = 3

总而言之,我做了以下更改:

  1. ResourceServer 以及 AuthorizationServer 上使用 @EnableOauth2Client 而不是 @EnableOAuth2Sso,因为后者给了我以下错误:

    java.lang.IllegalArgumentException: URI must not be null

  2. 删除了 CustomWebSecurity 并在 ResourceServer 本身中进行了所有安全配置。

  3. 通过将以下内容放入属性文件中来更改资源过滤器的过滤顺序:

    security.oauth2.resource.filter-order = 3

  4. 安全配置中的一些基本更改。

<小时/>

这是我的 ResourceServer 类:

@Configuration
@PropertySource("classpath:webservices-application.properties")
@EnableResourceServer
@EnableOAuth2Sso
public class ResourceServer extends ResourceServerConfigurerAdapter{

    @Value("${security.oauth2.resource.id}")
    private String resourceId;

    @Bean
    public JdbcTokenStore getTokenStore() {
        return new JdbcTokenStore(dataSource);
    }

    @Autowired
    private DataSource dataSource;

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .requestMatchers().antMatchers(
                "/protected_uri_1",
                "/protected_uri_2",
                "/protected_uri_3")
                .and()
                .authorizeRequests()
                .anyRequest()
                .authenticated()
        .and().formLogin();
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.tokenStore(getTokenStore())
                .resourceId(resourceId);
    }

}

关于java - 在 Spring 实现授权码授予时出现的问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49094966/

24 4 0
文章推荐: java - 防止设备改变ip
文章推荐: python - 字典似乎没问题,但函数返回 "List index out of range"
文章推荐: linux - NginX 作为多个子域的 HTTPS 反向代理?
文章推荐: 通过 Cron 作业备份目录的 Python 脚本
太空宇宙
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com