@Configuration
@EnableResourceServer
@EnableOAuth2Client
@Order(2)
public class SecurityConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.cors().and().antMatcher("/**").csrf().disable();
http.authorizeRequests().anyRequest().authenticated().and().httpBasic();
}
}
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Configuration
@EnableOAuth2Sso
@EnableOAuth2Client
@Order(1)
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
}
@Configuration
@EnableOAuth2Sso
@EnableOAuth2Client
@Order(2)
public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
}
}
12:45:01.808 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request '/external_users' matched by universal pattern '/**'
12:45:01.809 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
12:45:01.810 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
12:45:01.812 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
12:45:02.093 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 4 of 13 in additional filter chain; firing Filter: 'CorsFilter'
12:45:02.093 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
12:45:02.093 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', GET]
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/external_users'; against '/logout'
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', POST]
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /external_users' doesn't match 'POST /logout
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', PUT]
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /external_users' doesn't match 'PUT /logout
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', DELETE]
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /external_users' doesn't match 'DELETE /logout
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - No matches found
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 6 of 13 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'
非工作测井
12:49:42.506 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/external_users'; against '/api/**'
12:49:42.510 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
12:49:42.511 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
12:49:42.512 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
12:49:42.514 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 4 of 12 in additional filter chain; firing Filter: 'CorsFilter'
12:49:42.515 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
12:49:42.515 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', GET]
12:49:42.517 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/external_users'; against '/logout'
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', POST]
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/external_users' doesn't match 'POST /logout
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', PUT]
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/external_users' doesn't match 'PUT /logout
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', DELETE]
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/external_users' doesn't match 'DELETE /logout
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - No matches found
12:49:42.519 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
我找到了一个对我有效的替代配置:
这是最终的工作代码:
@Configuration
@EnableResourceServer
public class SecurityConfig {
@Configuration
@EnableOAuth2Sso
@EnableOAuth2Client
@Order(1)
public static class ApiWebSecurityConfigurationAdapter extends ResourceServerConfigurerAdapter {
}
@Configuration
@EnableOAuth2Sso
@EnableOAuth2Client
public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
}
}
Angular 5应用程序需要登录用户。令牌请求发送到/oauth/Token。由于CORS,飞行前选项请求(由Chrome发送)失败。 我试图遵循Spring Security 4.2中的示例以及Stackoverflow上的各种问题和回复。 这是我的代码: 这是Chrome的请求 答复: 控制台中的错误:
我正在尝试使用Spring Security,我有一个用例,我想要保护不同的登录页面和不同的URL集。 下面是我的配置:
我只是很难让我的控制器单元测试正常工作,因为在我看来,如果使用OAuth,SpringDoc中的内容是不够的。在我的例子中,是Oauth2和JWT。 我尝试使用,,甚至使用和自定义定义我自己的注释,但在计算安全表达式时,总是在UserSecurityContext中获得匿名用户,无论我在工厂中设置测试上下文的是什么。。。 我提出了我刚刚想到的解决方案,但由于我不确定嘲笑令牌服务是最有效/干净的方法
OAuth 2.0和Auth0有什么区别?我应该使用哪一个来开发认证系统?
但当我运行它时,它会给我这个错误: E/AndroidRuntime:致命异常:主进程:com.example.webTestConnection,PID:23550 Android.os.networkonMaintHreadexception,Android.os.strictmode$AndroidBlockGuardPolicy.onNetwork(strictmode.java:1166