登录
当前位置: 首页 > 知识库问答 >
问题:

Spring Boot Security多Http与OAuth不工作

陈朗
2023-03-14 
@Configuration
@EnableResourceServer
@EnableOAuth2Client
@Order(2)
public class SecurityConfig extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.cors().and().antMatcher("/**").csrf().disable();
        http.authorizeRequests().anyRequest().authenticated().and().httpBasic();
    }

}

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Configuration
    @EnableOAuth2Sso
    @EnableOAuth2Client
    @Order(1)                                    
    public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {

    }

    @Configuration
    @EnableOAuth2Sso
    @EnableOAuth2Client
    @Order(2)
    public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

    }
}

12:45:01.808 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request '/external_users' matched by universal pattern '/**'
12:45:01.809 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
12:45:01.810 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
12:45:01.812 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
12:45:02.093 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 4 of 13 in additional filter chain; firing Filter: 'CorsFilter'
12:45:02.093 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
12:45:02.093 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', GET]
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/external_users'; against '/logout'
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', POST]
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /external_users' doesn't match 'POST /logout
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', PUT]
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /external_users' doesn't match 'PUT /logout
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', DELETE]
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /external_users' doesn't match 'DELETE /logout
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - No matches found
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 6 of 13 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'

非工作测井

12:49:42.506 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/external_users'; against '/api/**'
12:49:42.510 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
12:49:42.511 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
12:49:42.512 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
12:49:42.514 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 4 of 12 in additional filter chain; firing Filter: 'CorsFilter'
12:49:42.515 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
12:49:42.515 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', GET]
12:49:42.517 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/external_users'; against '/logout'
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', POST]
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/external_users' doesn't match 'POST /logout
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', PUT]
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/external_users' doesn't match 'PUT /logout
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', DELETE]
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/external_users' doesn't match 'DELETE /logout
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - No matches found
12:49:42.519 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'

共有1个答案

方子安
2023-03-14

我找到了一个对我有效的替代配置:

  1. 更改@enableResourceServer的第一个注释,而不是@enableWebSecurity
  2. 将ApiWebSecurityConfigurationAdapter的父类更改为ResourceServerConfigurerAdapter
  3. 删除FormLoginWebSecurityConfigurerAdapter的Order注释

这是最终的工作代码:

@Configuration
@EnableResourceServer
public class SecurityConfig {

    @Configuration
    @EnableOAuth2Sso
    @EnableOAuth2Client
    @Order(1)                                    
    public static class ApiWebSecurityConfigurationAdapter extends ResourceServerConfigurerAdapter {

    }

    @Configuration
    @EnableOAuth2Sso
    @EnableOAuth2Client
    public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

    }
}
 类似资料:
  • Spring security 4.2.3,OAUTH 2,/OAUTH/tokenendpoint,CORS不工作

    Angular 5应用程序需要登录用户。令牌请求发送到/oauth/Token。由于CORS,飞行前选项请求(由Chrome发送)失败。 我试图遵循Spring Security 4.2中的示例以及Stackoverflow上的各种问题和回复。 这是我的代码: 这是Chrome的请求 答复: 控制台中的错误:

  • Spring Security:多个HTTP配置不工作

    我正在尝试使用Spring Security,我有一个用例,我想要保护不同的登录页面和不同的URL集。 下面是我的配置:

  • 如何让@WebMvcTest与OAuth一起工作?

    我只是很难让我的控制器单元测试正常工作,因为在我看来,如果使用OAuth,SpringDoc中的内容是不够的。在我的例子中,是Oauth2和JWT。 我尝试使用,,甚至使用和自定义定义我自己的注释,但在计算安全表达式时,总是在UserSecurityContext中获得匿名用户,无论我在工厂中设置测试上下文的是什么。。。 我提出了我刚刚想到的解决方案,但由于我不确定嘲笑令牌服务是最有效/干净的方法

  • OAuth 2.0与Auth0

    OAuth 2.0和Auth0有什么区别?我应该使用哪一个来开发认证系统?

  • Android Http POST请求不工作

    但当我运行它时,它会给我这个错误: E/AndroidRuntime:致命异常:主进程:com.example.webTestConnection,PID:23550 Android.os.networkonMaintHreadexception,Android.os.strictmode$AndroidBlockGuardPolicy.onNetwork(strictmode.java:1166

  • Akka HTTP与Akka类型一起工作吗?

相关问答

Android Http POST请求不工作Akka HTTP与Akka类型一起工作吗?Mocha Chai HTTP post请求不工作Apache HTTP Client loadTrust材质不工作Camunda Modeler HTTP连接器不工作

相关文章

使GNU Octave与多核处理器一起工作。(多线程)Flask HTTP Basicauth-如何工作?Nginx与Node-http-proxy非常大的HTTP请求与许多小的请求AngularJS:工厂$ http服务

相关阅读

拼多多算法工程师一面拼多多_安全工程师_一面0908 拼多多 算法工程师 一面2025拼多多算法工程师笔试 0811拼多多笔试拼多多算法工程师一面凉经

相关工具

OAuthOAuth MiddlewareOAuth PHPoauth-cligithub-oauth

相关文档

OAuth 2.0 中文教程百度 OAuth 接入指南你不懂JS:ES6与未来图解 HTTP你不懂JS: 异步与性能
快捷导航: 新手教程 算法原理 架构设计 Java进阶 数据库进阶 大厂专栏 面试经验 编程笔记 编程问答 所有专题 文档资料 工具软件 电子书籍 小牛导航
在线工具: 房贷计算器 个税计算器 Linux命令查询 Json格式化 正则表达式 颜色转换 AES加解密 SHA1加密 MD5加密 毒鸡汤 字数统计 随机密码生成 进制转换 Base64编解码 励志句子
Copyright © 2019-2024 小牛知识库@xnip.cn. All Rights Reserved.