当前位置: 首页 > 知识库问答 >
问题:

Spring Boot 2和OAuth2/JWT

苏涛
2023-03-14
@SpringBootApplication
@EnableResourceServer
public class Application {

    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }

}
spring.profiles.active=dev

server.port=8888
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;

import lombok.extern.slf4j.Slf4j;

@Slf4j
@Configuration
@EnableWebSecurity
@Order(-20)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter  {


  @Override
  protected void configure(final HttpSecurity http) throws Exception {
      http.authorizeRequests().antMatchers("/login").permitAll().anyRequest().authenticated()
          .and().formLogin().permitAll();
  }


  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
    .parentAuthenticationManager(authenticationManagerBean())
    .inMemoryAuthentication()
    .passwordEncoder(NoOpPasswordEncoder.getInstance())
    .withUser("demo").password("demo").roles("USER");

  }

  @Bean
  @Override
  public AuthenticationManager authenticationManagerBean() throws Exception {
      return super.authenticationManagerBean();
  }

}

AuthorizationServerConfigurerAdapter

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;

@Configuration
@EnableAuthorizationServer
public class OAuth2AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

  public static final Logger LOGGER = LoggerFactory.getLogger(AuthorizationServerConfigurerAdapter.class);

  @Autowired
  private AuthenticationManager authenticationManager;

  @Bean
  public TokenStore tokenStore() {
      return new JwtTokenStore(accessTokenConverter());
  }

  @Bean
  public JwtAccessTokenConverter accessTokenConverter() {
      JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
      converter.setSigningKey("abcd");
      return converter;
  }

  @Bean
  @Primary
  public DefaultTokenServices tokenServices() {
      DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
      defaultTokenServices.setTokenStore(tokenStore());
      defaultTokenServices.setSupportRefreshToken(true);
      defaultTokenServices.setTokenEnhancer(accessTokenConverter());
      return defaultTokenServices;
  }

  @Override
  public void configure(ClientDetailsServiceConfigurer clientDetailsServiceConfigurer) throws Exception {
    clientDetailsServiceConfigurer
    .inMemory()
        .withClient("coating-app")
        .secret("coating-pass")
        .authorizedGrantTypes("authorization_code")
        .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
        .scopes("read", "write", "trust")
        .resourceIds("test-api")
        .autoApprove(true);
  }

@Override
  public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {

    oauthServer.tokenKeyAccess("permitAll()")
    .checkTokenAccess("isAuthenticated()");
  }

  @Override
  public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
      endpoints
        .authenticationManager(authenticationManager)
        .tokenServices(tokenServices())
        .tokenStore(tokenStore())
        .accessTokenConverter(accessTokenConverter());
  }

}

客户端应用程序

应用程序.属性

spring.profiles.active=dev

server.port=8080

server.servlet.context-path=/coating/webapp
server.servlet.session.cookie.name=UI2SESSION


spring.security.oauth2.client.registration.my-client.client-id=coating-app
spring.security.oauth2.client.registration.my-client.client-secret=coating-pass
spring.security.oauth2.client.registration.my-client.client-authentication-method=basic
spring.security.oauth2.client.registration.my-client.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.my-client.redirect-uri-template={baseUrl}/login/oauth2/code/{registrationId}
spring.security.oauth2.client.registration.my-client.scope=scope
spring.security.oauth2.client.registration.my-client.client-name=coating-app
spring.security.oauth2.client.registration.my-client.provider=my-oauth-provider
spring.security.oauth2.client.provider.my-oauth-provider.token-uri=http://localhost:8888/oauth/token
spring.security.oauth2.client.provider.my-oauth-provider.authorization-uri=http://localhost:8888/oauth/authorize
spring.security.oauth2.client.provider.my-oauth-provider.user-info-uri=http://localhost:8888/user/me
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.config.annotation.web.builders.WebSecurity;

@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

  @Override
  public void configure(WebSecurity web) throws Exception {
      web.ignoring()
          .antMatchers("/resources/**", "/VAADIN/**", "/vaadinServlet/**");
  }

  @Override
  public void configure(HttpSecurity http) throws Exception {

      http.oauth2Login();
  }
}
21:56:05.908 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy/doFilter /login/oauth2/code/my-client?code=pTZVp5&state=VLnH27p_kKSXAsLoeOYZaC_ZkS5QXgtzQN4M1ug6x4M%3D at position 6 of 13 in additional filter chain; firing Filter: 'OAuth2AuthorizationRequestRedirectFilter'
21:56:05.908 [http-nio-8080-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher/matches Checking match of request : '/login/oauth2/code/my-client'; against '/oauth2/authorization/{registrationId}'
21:56:05.909 [http-nio-8080-exec-4] DEBUG o.s.security.web.FilterChainProxy/doFilter /login/oauth2/code/my-client?code=pTZVp5&state=VLnH27p_kKSXAsLoeOYZaC_ZkS5QXgtzQN4M1ug6x4M%3D at position 7 of 13 in additional filter chain; firing Filter: 'OAuth2LoginAuthenticationFilter'
21:56:05.909 [http-nio-8080-exec-4] DEBUG o.s.s.w.u.m.AntPathRequestMatcher/matches Checking match of request : '/login/oauth2/code/my-client'; against '/login/oauth2/code/*'
21:56:05.909 [http-nio-8080-exec-4] DEBUG o.s.s.o.c.w.OAuth2LoginAuthenticationFilter/doFilter Request is to process authentication
21:56:05.914 [http-nio-8080-exec-4] DEBUG o.s.s.authentication.ProviderManager/authenticate Authentication attempt using org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
21:56:06.661 [http-nio-8080-exec-4] DEBUG o.s.s.authentication.ProviderManager/authenticate Authentication attempt using org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider
21:56:06.692 [http-nio-8080-exec-4] DEBUG o.s.s.o.c.w.OAuth2LoginAuthenticationFilter/unsuccessfulAuthentication Authentication request failed: org.springframework.security.oauth2.core.OAuth2AuthenticationException: [invalid_token_response] An error occurred parsing the Access Token response: The HTTP Content-Type header must be application/json; charset=UTF-8
org.springframework.security.oauth2.core.OAuth2AuthenticationException: [invalid_token_response] An error occurred parsing the Access Token response: The HTTP Content-Type header must be application/json; charset=UTF-8
        at org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenResponseClient.getTokenResponse(NimbusAuthorizationCodeTokenResponseClient.java:105)
        at org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenResponseClient.getTokenResponse(NimbusAuthorizationCodeTokenResponseClient.java:67)
        at org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider.authenticate(OAuth2LoginAuthenticationProvider.java:121)
        at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
        at org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter.attemptAuthentication(OAuth2LoginAuthenticationFilter.java:159)
        at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
        at org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.doFilterInternal(OAuth2AuthorizationRequestRedirectFilter.java:128)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
        at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:496)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)
Caused by: com.nimbusds.oauth2.sdk.ParseException: The HTTP Content-Type header must be application/json; charset=UTF-8
        at com.nimbusds.oauth2.sdk.util.ContentTypeUtils.ensureContentType(ContentTypeUtils.java:52)
        at com.nimbusds.oauth2.sdk.http.HTTPMessage.ensureContentType(HTTPMessage.java:133)
        at com.nimbusds.oauth2.sdk.http.HTTPResponse.ensureContentType(HTTPResponse.java:1)
        at com.nimbusds.oauth2.sdk.http.HTTPResponse.getContentAsJSONObject(HTTPResponse.java:369)
        at com.nimbusds.oauth2.sdk.AccessTokenResponse.parse(AccessTokenResponse.java:235)
        at com.nimbusds.oauth2.sdk.TokenResponse.parse(TokenResponse.java:95)
        at org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenResponseClient.getTokenResponse(NimbusAuthorizationCodeTokenResponseClient.java:101)
        ... 56 common frames omitted
21:56:06.693 [http-nio-8080-exec-4] DEBUG o.s.s.o.c.w.OAuth2LoginAuthenticationFilter/unsuccessfulAuthentication Updated SecurityContextHolder to contain null Authentication
21:56:06.693 [http-nio-8080-exec-4] DEBUG o.s.s.o.c.w.OAuth2LoginAuthenticationFilter/unsuccessfulAuthentication Delegating to authentication failure handler org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@fee249a

共有1个答案

通和裕
2023-03-14

Passwordencoder有一个新的实现。

@Bean
  public PasswordEncoder passwordEncoder() {
  return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}

此外,您还需要为用户和客户端使用passwordEncoder。

您可以检查此存储库https://github.com/dzinot/spring-boot-2-oauth2-authu2-authorization-jwt

 类似资料:
  • 我正在尝试使用 https://github.com/spring-projects/spring-security-oauth2-boot 使用本教程:https://docs.spring.io/spring-security-oauth2-boot/docs/current-SNAPSHOT/reference/htmlsingle/ SpringBoot应用程序 服务器初始化器 用户详细信

  • 我想使用Spring Security设置一个中央身份验证/授权服务器,从那里我可以获取JWT令牌,然后我可以使用该令牌访问另一个Spring Security备份的REST服务器上的受限资源。 以下是我的流程: 我认为JWT最适合这个场景,因为它可以包含所有相关的数据,并且REST服务器可以是完全无状态的,只需解码令牌就可以获得所有必要的数据(role、clientid、email...)在RE

  • 我试图在一个web应用程序(Java1.8/Tomcat8)中使用最新的JavaMail1.6.0 api,代表该应用程序的客户机用户发送电子邮件。一些客户使用Gmail。我不想要求他们按照javamail FAQ的建议,在他们的谷歌账户中允许访问不安全的应用程序,如果需要的话,我愿意实现oauth2。 创建了一个应用程序 为应用程序(clientid,clientsecret)创建了oauth2

  • 我试着用Springboot2做一些测试,特别是用Reactor(Flux/Mono)。我面临一个问题。 当我尝试使用一个存储库方法做检索我所有的人我使用该方法:@Tailable Flux findRetTailableCursorBy(); 但就我而言,我收到了这个错误 当我将我的收藏设置为“封顶”时,它就起作用了 但出于很多原因,我不会使用封顶系列 无法删除文档(必须删除收藏) 无法通过编程

  • 当我们使用axios客户机从节点服务器访问API时,它总是运行以下错误:

  • 我在通过oauth2-proxy/keycloak对kubernetes webapp进行身份验证时遇到问题。你不知道出了什么问题 WebApp(test-app.domain.com) oauth2-proxy(oauth2-proxy.domain.com) keycloak(keycloak-test.domain.com) Keycloak登录页面显示正确,但在用户登录后,我得到:500