个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
49
4
我正在尝试使用 spring boot oauth2 来完成无状态身份验证和授权。但是,我正在努力使其工作。
这是我的代码:
@EnableAutoConfiguration
@ComponentScan
//@EnableEurekaClient
//@EnableZuulProxy
@Configuration
public class AuthServiceApp {
public static void main(String[] args) {
SpringApplication.run(AuthServiceApp.class, args);
}
}
@Configuration
@EnableAuthorizationServer
public class Oauth2ServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager auth;
@Autowired
private DataSource dataSource;
@Autowired
private CustomUserDetailsService userDetailService;
@Autowired
private ClientDetailsService clientDetailsService;
@Bean
public JdbcTokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Bean
protected AuthorizationCodeServices authorizationCodeServices() {
return new JdbcAuthorizationCodeServices(dataSource);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
// @OFF
endpoints
.authorizationCodeServices(authorizationCodeServices())
.authenticationManager(auth)
.userDetailsService(userDetailService)
.tokenStore(tokenStore());
// @ON
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// @OFF
clients.jdbc(dataSource)
.withClient("client")
.secret("secret")
.authorizedGrantTypes("password","refresh_token", "client_credentials")
.authorities("USER")
.scopes("read", "write")
.autoApprove(true)
.accessTokenValiditySeconds(60)
.refreshTokenValiditySeconds(300);
// @ON
}
}
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Autowired
private CustomAuthenticationEntryPoint customAuthenticationEntryPoint;
@Autowired
private CustomLogoutSuccessHandler customLogoutSuccessHandler;
@Override
public void configure(HttpSecurity http) throws Exception {
// @OFF
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.exceptionHandling()
.authenticationEntryPoint(customAuthenticationEntryPoint)
.and()
.logout()
.logoutUrl("/oauth/logout")
.logoutSuccessHandler(customLogoutSuccessHandler)
.and()
.csrf()
// .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize"))
.disable()
.headers()
.frameOptions().disable()
.and()
.authorizeRequests()
.antMatchers("/identity/**").authenticated();
// @ON
}
}
@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// @OFF
http
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().permitAll();
// @ON
}
}
@RestController
@RequestMapping("/")
public class AuthController {
@PreAuthorize("#oauth2.hasScope('read')")
@GetMapping("/user")
public Principal getUser(Principal user) {
return user;
}
}
http://localhost:8082/identity/user在它过期之前。但是,我在控制台上获得了以下登录页面的 html 响应:
2017-05-24 22:55:16.070 DEBUG 16899 --- [nio-8082-exec-9] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 301C6EDD36372CF9C553FCFCD4AA47E3; Granted Authorities: ROLE_ANONYMOUS'
2017-05-24 22:55:16.070 DEBUG 16899 --- [nio-8082-exec-9] o.s.security.web.FilterChainProxy : /user at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2017-05-24 22:55:16.070 DEBUG 16899 --- [nio-8082-exec-9] o.s.security.web.FilterChainProxy : /user at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2017-05-24 22:55:16.070 DEBUG 16899 --- [nio-8082-exec-9] o.s.security.web.FilterChainProxy : /user at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2017-05-24 22:55:16.070 DEBUG 16899 --- [nio-8082-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user'; against '/login'
2017-05-24 22:55:16.070 DEBUG 16899 --- [nio-8082-exec-9] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /user; Attributes: [authenticated]
2017-05-24 22:55:16.071 DEBUG 16899 --- [nio-8082-exec-9] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 301C6EDD36372CF9C553FCFCD4AA47E3; Granted Authorities: ROLE_ANONYMOUS
2017-05-24 22:55:16.071 DEBUG 16899 --- [nio-8082-exec-9] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@55b4f25d, returned: -1
2017-05-24 22:55:16.071 DEBUG 16899 --- [nio-8082-exec-9] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-4.2.2.RELEASE.jar:4.2.2.RELEASE]
oauth/token 时,我似乎已经通过了身份验证。 :
2017-05-24 22:54:35.966 DEBUG 16899 --- [nio-8082-exec-6] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /oauth/token; Attributes: [fullyAuthenticated]
2017-05-24 22:54:35.966 DEBUG 16899 --- [nio-8082-exec-6] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@50c8f5e8: Principal: org.springframework.security.core.userdetails.User@af12f3cb: Username: client; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@21a2c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 2F070B741A55BD1E47933621D9127780; Granted Authorities: USER
2017-05-24 22:54:35.966 DEBUG 16899 --- [nio-8082-exec-6] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@61f8721f, returned: 1
2017-05-24 22:54:35.966 DEBUG 16899 --- [nio-8082-exec-6] o.s.s.w.a.i.FilterSecurityInterceptor : Authorization successful
2017-05-24 22:54:35.966 DEBUG 16899 --- [nio-8082-exec-6] o.s.s.w.a.i.FilterSecurityInterceptor : RunAsManager did not change Authentication object
2017-05-24 22:54:35.966 DEBUG 16899 --- [nio-8082-exec-6] o.s.security.web.FilterChainProxy : /oauth/token reached end of additional filter chain; proceeding with original chain
2017-05-24 22:54:35.967 DEBUG 16899 --- [nio-8082-exec-6] .s.o.p.e.FrameworkEndpointHandlerMapping : Looking up handler method for path /oauth/token
2017-05-24 22:54:35.968 DEBUG 16899 --- [nio-8082-exec-6] .s.o.p.e.FrameworkEndpointHandlerMapping : Returning handler method [public org.springframework.http.ResponseEntity<org.springframework.security.oauth2.common.OAuth2AccessToken> org.springframework.security.oauth2.provider.endpoint.TokenEndpoint.postAccessToken(java.security.Principal,java.util.Map<java.lang.String, java.lang.String>) throws org.springframework.web.HttpRequestMethodNotSupportedException]
2017-05-24 22:54:35.975 DEBUG 16899 --- [nio-8082-exec-6] .o.p.p.ResourceOwnerPasswordTokenGranter : Getting access token for: client
2017-05-24 22:54:35.975 DEBUG 16899 --- [nio-8082-exec-6] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
Hibernate: select user0_.id as id1_1_, user0_.enabled as enabled2_1_, user0_.name as name3_1_, user0_.password as password4_1_, user0_.username as username5_1_ from user user0_ where user0_.username=?
Hibernate: select roles0_.user_id as user_id1_2_0_, roles0_.role_id as role_id2_2_0_, role1_.id as id1_0_1_, role1_.role as role2_0_1_ from user_role roles0_ inner join role role1_ on roles0_.role_id=role1_.id where roles0_.user_id=?
2017-05-24 22:54:36.125 INFO 16899 --- [nio-8082-exec-6] o.s.s.o.p.token.store.JdbcTokenStore : Failed to find access token for token 180c2528-b712-4088-9cce-71e9cc7ccb94
2017-05-24 22:54:36.232 DEBUG 16899 --- [nio-8082-exec-6] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
2017-05-24 22:54:36.232 DEBUG 16899 --- [nio-8082-exec-6] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
最佳答案
我有一个类似的问题,发现 OAuth2AuthenticationProcessingFilter没有被过滤器链调用,因此,用户没有得到身份验证,因此被视为匿名。
我使用的是 Spring-boot 1.5.3 版本,我在 application.yml 中添加了以下行来修复排序。
security.oauth2.resource.filter-order=3
DEBUG 34386 --- [nio-8082-exec-1] o.s.security.web.FilterChainProxy : /foo at position 5 of 11 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'
关于 Spring Boot : Oauth2: Access is denied (user is anonymous); redirecting to authentication entry point,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44171633/
49
4
0
export class UserListComponent implements OnInit{ users; constructor(private userService: UserS
我最近在我的系统中遇到了 Java 语言环境的问题,我试图用这个配置运行一个项目: -Duser.language=pt_BR -Duser.country=BR 谷歌搜索后,我找到了this sit
1 当我希望出现注册错误时,我的代码出现问题:管理器不可用; 'auth.User' 已替换为 'users.User' ,我尝试解决其他问题,与 Manager 不可用相同; 'auth.User'
Loopback 非常酷,但这是我迄今为止遇到的一个缺点,我真的不确定如何解决它。内置用户模型在我的 MongoDB 数据库中生成一个名为“User”的集合,当我尝试根据 Loopback.js 自己
我在 aws cognito 中有以下用户组。行政成员付费成员(member) 我想在所有用户注册我的应用程序时将所有用户默认分配到 Member 用户组,这样我就可以为该用户组分配不同的 IAM A
blogsIndex.blade.php @extends('layouts.default') @section('details')
我正在尝试在Rails 3开发环境中使用sqlite3而不是MySQL,但是遇到了问题。尝试执行rake db:migrate时,我得到: SQLite3::SQLException: no such
尝试使用 构建 API Phoenix v1.3 按照本教程: https://dreamconception.com/tech/phoenix-full-fledged-api-in-five-mi
我正在使用通过模板 cookie-cutter 创建的 Django。当我尝试在本地使用 docker 运行项目时,出现以下错误。 FATAL: password authentication fai
我正在尝试使用 node.js/adonis 创建新用户 我创建了这两个函数: const User = use("App/Models/User") async store ({ request,
我想安排一些事情,例如 GET 请求 http://example.com/user/foo@bar.com 内部调用脚本 /var/www/example.com/rest/user/GET.php
我是一名具有可用性工程背景的软件开发人员。当我在研究生院学习可用性工程时,其中一位教授有一句口头禅:“你不是用户”。我们的想法是,我们需要将 UI 设计基于实际的用户研究,而不是我们自己关于 UI 应
您好,我正在制作一个使用互联网发送消息的消息传递应用程序。我需要从用户 a 向用户 b 发出通知。 我使用这段代码: if (toUser!= nil){ parseMessage[@
在 ruby/ror 中你可以这样做: user = User.new(params[:user]) 它使用发布表单中的值填充新对象。 使用 django/python 可以完成类似的事情吗? 最
每当我编辑用户的角色时,用户都需要注销并重新登录以查看更改。提升用户时没有问题,因为他们在再次登录之前不会看到额外的权限。但是,当降级发生时,用户仍将保留其现有角色,这会带来安全风险。想象一下,撤销一
我的核心数据有线问题。使用 iOS 10 中的 Swift3,每次使用 获取或存储数据时,我都会获得托管对象上下文 func getContext () -> NSManagedObjectCont
我发现当我使用 users_path(user) 时它返回 /users.id 其中 id 是用户的 ID 但我希望它返回 /用户/ID。我的配置 routes.rb 如下所示。 # config/r
我的应用程序在我的测试设备上正常运行(当我通过 ADT 安装它时,当我通过导出的 APK 文件安装它时)但它在 Play Store 测试设备上失败并出现以下错误: Permission Denial
创建模型的第一个条目会抛出错误 我执行了以下命令进行迁移 manage.py makemigrations manage.py migrate 在我执行这些命令以在数据库中创建第一个“数据”之后,一切
我正在尝试实现一个 getter,但它在下面代码 fragment 的最后一行向我显示了这个错误。 代码是—— class AuthRepository extends BaseAuthReposit
我是一名优秀的程序员,十分优秀!