当前位置: 首页 > 知识库问答 >
问题:

Spring Boot Security多Http与OAuth不工作

陈朗
2023-03-14
@Configuration
@EnableResourceServer
@EnableOAuth2Client
@Order(2)
public class SecurityConfig extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.cors().and().antMatcher("/**").csrf().disable();
        http.authorizeRequests().anyRequest().authenticated().and().httpBasic();
    }

}
@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Configuration
    @EnableOAuth2Sso
    @EnableOAuth2Client
    @Order(1)                                    
    public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {

    }

    @Configuration
    @EnableOAuth2Sso
    @EnableOAuth2Client
    @Order(2)
    public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

    }
}
12:45:01.808 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request '/external_users' matched by universal pattern '/**'
12:45:01.809 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
12:45:01.810 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
12:45:01.812 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
12:45:02.093 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 4 of 13 in additional filter chain; firing Filter: 'CorsFilter'
12:45:02.093 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
12:45:02.093 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', GET]
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/external_users'; against '/logout'
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', POST]
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /external_users' doesn't match 'POST /logout
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', PUT]
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /external_users' doesn't match 'PUT /logout
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', DELETE]
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /external_users' doesn't match 'DELETE /logout
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - No matches found
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 6 of 13 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'

非工作测井

12:49:42.506 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/external_users'; against '/api/**'
12:49:42.510 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
12:49:42.511 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
12:49:42.512 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
12:49:42.514 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 4 of 12 in additional filter chain; firing Filter: 'CorsFilter'
12:49:42.515 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
12:49:42.515 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', GET]
12:49:42.517 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/external_users'; against '/logout'
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', POST]
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/external_users' doesn't match 'POST /logout
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', PUT]
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/external_users' doesn't match 'PUT /logout
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', DELETE]
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/external_users' doesn't match 'DELETE /logout
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - No matches found
12:49:42.519 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'

共有1个答案

方子安
2023-03-14

我找到了一个对我有效的替代配置:

  1. 更改@enableResourceServer的第一个注释,而不是@enableWebSecurity
  2. 将ApiWebSecurityConfigurationAdapter的父类更改为ResourceServerConfigurerAdapter
  3. 删除FormLoginWebSecurityConfigurerAdapter的Order注释

这是最终的工作代码:

@Configuration
@EnableResourceServer
public class SecurityConfig {

    @Configuration
    @EnableOAuth2Sso
    @EnableOAuth2Client
    @Order(1)                                    
    public static class ApiWebSecurityConfigurationAdapter extends ResourceServerConfigurerAdapter {

    }

    @Configuration
    @EnableOAuth2Sso
    @EnableOAuth2Client
    public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

    }
}
 类似资料:
  • Angular 5应用程序需要登录用户。令牌请求发送到/oauth/Token。由于CORS,飞行前选项请求(由Chrome发送)失败。 我试图遵循Spring Security 4.2中的示例以及Stackoverflow上的各种问题和回复。 这是我的代码: 这是Chrome的请求 答复: 控制台中的错误:

  • 我正在尝试使用Spring Security,我有一个用例,我想要保护不同的登录页面和不同的URL集。 下面是我的配置:

  • 我只是很难让我的控制器单元测试正常工作,因为在我看来,如果使用OAuth,SpringDoc中的内容是不够的。在我的例子中,是Oauth2和JWT。 我尝试使用,,甚至使用和自定义定义我自己的注释,但在计算安全表达式时,总是在UserSecurityContext中获得匿名用户,无论我在工厂中设置测试上下文的是什么。。。 我提出了我刚刚想到的解决方案,但由于我不确定嘲笑令牌服务是最有效/干净的方法

  • OAuth 2.0和Auth0有什么区别?我应该使用哪一个来开发认证系统?

  • 但当我运行它时,它会给我这个错误: E/AndroidRuntime:致命异常:主进程:com.example.webTestConnection,PID:23550 Android.os.networkonMaintHreadexception,Android.os.strictmode$AndroidBlockGuardPolicy.onNetwork(strictmode.java:1166