gpt4 book ai didi

spring-security - Spring Security OAuth2重定向循环

转载 作者:行者123 更新时间:2023-12-04 21:14:34 35 4
gpt4 key购买 nike

我有一个具有依赖性的oauth2客户端spring-boot应用程序:
- Spring 靴1.2.0.RC1
-spring-security-oauth2 2.0.4.RELEASE
- Spring 安全3.2.5。发布

客户端进行身份验证,在SecurityContextHolder中设置身份验证,但是当请求重定向到原始url时,过滤器链将再次开始处理。我注意到在SecurityContextPersistenceFilter中,contextBeforeChainExecution和contextAfterChainExecution都具有null身份验证。

我已经基于[1] Spring Security OAuth2 (google) web app in redirect loop编写了一些代码

关于为什么重定向循环有任何想法吗?先感谢您。

[日志片段] https://gist.github.com/yterradas/61da3f6eccc683b3a086

以下是安全性配置。

@配置
公共(public)类SecurityConfig {

@配置
@EnableWebMvcSecurity
protected 静态类WebSecurityConfig扩展了WebSecurityConfigurerAdapter {

@Autowired
私有(private)OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationProcessingFilter;

@Autowired
私有(private)LoginUrlAuthenticationEntryPoint vaultAuthenticationEntryPoint;

@SuppressWarnings({“SpringJavaAutowiringInspection”})
@Autowired
私有(private)OAuth2ClientContextFilter oAuth2ClientContextFilter;

@Override
protected void configure(HttpSecurity http)抛出异常{
//@formatter:off
http
.authorizeRequests()
.antMatchers(“/**”)。authenticated()
。和()
.exceptionHandling()。authenticationEntryPoint(vaultAuthenticationEntryPoint)
。和()
.addFilterAfter(oAuth2ClientContextFilter,ExceptionTranslationFilter.class)
.addFilterBefore(oAuth2ClientAuthenticationProcessingFilter,FilterSecurityInterceptor.class)
.anonymous()。disable();
//@formatter:on
}

@Override
公共(public)无效configure(WebSecurity web)引发异常{
//@formatter:off
网路
/* 去做:
在生产中禁用调试
*/
.debug(true);
//@formatter:on
}
}

@配置
@ EnableOAuth2Client
protected 静态类ClientSecurityConfig {

@Value(“$ {app.name}”)private String appId;
@Value(“$ {app.clientId}”)私有(private)字符串appClientId;
@Value(“$ {app.clientSecret}”)私有(private)字符串appClientSecret;
@Value(“$ {app.redirectUrl}”)私有(private)字符串appRedirectUrl;
@Value(“$ {vault.accessTokenUrl}”)私有(private)字符串vaultAccessTokenUrl;
@Value(“$ {vault.userAuthorizationUrl}”)私有(private)字符串vaultUserAuthorizationUrl;
@Value(“$ {vault.checkTokenUrl}”)私有(private)字符串vaultCheckTokenUrl;

@SuppressWarnings({“SpringJavaAutowiringInspection”})
@资源
@Qualifier(“oauth2ClientContext”)
私有(private)OAuth2ClientContext oAuth2ClientContext;

@Autowired
@Qualifier(“securityDataSource”)
私有(private)数据源securityDataSource;

@Autowired
私有(private)MappingJackson2HttpMessageConverter jackson2HttpMessageConverter;

@ bean 角,扁 bean
公共(public)OAuth2RestOperations oAuth2RestOperations(){
AccessTokenProviderChain提供程序=新的AccessTokenProviderChain(
Arrays.asList(new AuthorizationCodeAccessTokenProvider())
);
provider.setClientTokenServices(new JdbcClientTokenServices(securityDataSource));

OAuth2RestTemplate模板=新的OAuth2RestTemplate(oAuth2Resource(),oAuth2ClientContext);
template.setAccessTokenProvider(provider);
template.setMessageConverters(Arrays.asList(jackson2HttpMessageConverter));

返回模板;
}

@ bean 角,扁 bean
OAuth2ProtectedResourceDetails oAuth2Resource(){
AuthorizationCodeResourceDetails资源=新的AuthorizationCodeResourceDetails();

resource.setId(appId);
resource.setAuthenticationScheme(AuthenticationScheme.query);
resource.setAccessTokenUri(vaultAccessTokenUrl);
resource.setUserAuthorizationUri(vaultUserAuthorizationUrl);
resource.setUseCurrentUri(false);
resource.setPreEstablishedRedirectUri(appRedirectUrl);
resource.setClientId(appClientId);
resource.setClientSecret(appClientSecret);
resource.setClientAuthenticationScheme(AuthenticationScheme.form);

返回资源;
}

@ bean 角,扁 bean
ResourceServerTokenServices oAuth2RemoteTokenServices(){
VaultTokenServices tokenServices =新的VaultTokenServices();

RestTemplate restOperations =新的RestTemplate();
restOperations.setMessageConverters(Arrays.asList(jackson2HttpMessageConverter));

tokenServices.setRestTemplate(restOperations);
tokenServices.setClientId(appClientId);
tokenServices.setClientSecret(appClientSecret);
tokenServices.setCheckTokenEndpointUrl(vaultCheckTokenUrl);

返回tokenServices;
}

@ bean 角,扁 bean
LoginUrlAuthenticationEntryPoint oAuth2AuthenticationEntryPoint(){
返回新的LoginUrlAuthenticationEntryPoint(“/vaultLogin”);
}

@ bean 角,扁 bean
OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationProcessingFilter(){
OAuth2ClientAuthenticationProcessingFilter filter =
新的OAuth2ClientAuthenticationProcessingFilter(“/vaultLogin”);

filter.setRestTemplate(oAuth2RestOperations());
filter.setTokenServices(oAuth2RemoteTokenServices());

返回过滤器
}

}
}

最佳答案

我认为您有2个OAuth2ClientContextFilters(一个由@EnableOAuth2Client添加,并且您已将另一个手动添加到Spring Security过滤器链中)。您应该可以删除添加的那个。

关于spring-security - Spring Security OAuth2重定向循环,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/26938346/

35 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com