大佬教程收集整理的这篇文章主要介绍了Spring Boot:Oauth2:访问被拒绝(用户是匿名的);重定向到身份验证入口点,大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
我正在尝试使用spring boot oauth2来完成无状态身份验证和授权.但是,我正在努力工作.
这是我的代码:
@EnableAutoConfiguration
@ComponentScan
//@EnableEurekaClient
//@EnableZuulProxy
@Configuration
public class AuthserviceApp {
public static void main(String[] args) {
SpringApplication.run(AuthserviceApp.class,args);
}
}
授权配置:
@Configuration
@EnableAuthorizationServer
public class Oauth2ServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager auth;
@Autowired
private Datasource datasource;
@Autowired
private CustomUserDetailsservice userDetailservice;
@Autowired
private ClientDetailsservice clientDetailsservice;
@Bean
public JdbcTokenStore tokenStore() {
return new JdbcTokenStore(datasourcE);
}
@Bean
protected AuthorizationCodeservices authorizationCodeservices() {
return new JdbcAuthorizationCodeservices(datasourcE);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
// @OFF
endpoints
.authorizationCodeservices(authorizationCodeservices())
.authenticationManager(auth)
.userDetailsservice(userDetailservicE)
.tokenStore(tokenStore());
// @ON
}
@Override
public void configure(ClientDetailsserviceConfigurer clients) throws Exception {
// @OFF
clients.jdbc(datasourcE)
.withClient("client")
.secret("secret")
.authorizedGrantTypes("password","refresh_token","client_credentials")
.authorities("USER")
.scopes("read","write")
.autoApprove(true)
.accessTokenValiditySeconds(60)
.refreshTokenValiditySeconds(300);
// @ON
}
}
资源服务器配置:
@Configuration
@EnableresourceServer
@EnableGlobalMethodSecurity(prePostEnabled = truE)
class resourceServerConfig extends resourceServerConfigurerAdapter {
@Autowired
private CustomAuthenticationEntryPoint customAuthenticationEntryPoint;
@Autowired
private CustomlogoutsuccessHandler customlogoutsuccessHandler;
@Override
public void configure(httpSecurity http) throws Exception {
// @OFF
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.exceptionHandling()
.authenticationEntryPoint(customAuthenticationEntryPoint)
.and()
.logout()
.logoutUrl("/oauth/logout")
.logoutsuccessHandler(customlogoutsuccessHandler)
.and()
.csrf()
// .requireCsrfProtectionMatcher(new AntPathrequestMatcher("/oauth/authorize"))
.disable()
.headers()
.frameOptions().disable()
.and()
.authorizerequests()
.antMatchers("/identity/**").authenticated();
// @ON
}
}
@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsservice userDetailsservice;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsservice(userDetailsservicE);
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(httpSecurity http) throws Exception {
// @OFF
http
.csrf()
.disable()
.authorizerequests()
.antMatchers("/login").permitAll()
.anyrequest().authenticated()
.and()
.formLogin().permitAll();
// @ON
}
}
控制器:
@RestController
@requestMapping("/")
public class AuthController {
@PreAuthorize("#oauth2.hasScope('read')")
@GetMapping("/user")
public Principal getUser(Principal user) {
return user;
}
}
我可以使用POSTMAN获取访问令牌.我在标头中使用相同的访问令牌,以便在用户到期之前将其作为http:// localhost:8082 / identity / user获取.但是,我通过以下登录控制台获得登录页面html响应:
2017-05-24 22:55:16.070 DEBUG 16899 --- [nio-8082-exec-9] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpaddress: 0:0:0:0:0:0:0:1; SessionId: 301C6EDD36372CF9C553FCFCD4AA47E3; Granted Authorities: ROLE_ANONymOUS'
2017-05-24 22:55:16.070 DEBUG 16899 --- [nio-8082-exec-9] o.s.security.web.FilterChainProxy : /user at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2017-05-24 22:55:16.070 DEBUG 16899 --- [nio-8082-exec-9] o.s.security.web.FilterChainProxy : /user at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2017-05-24 22:55:16.070 DEBUG 16899 --- [nio-8082-exec-9] o.s.security.web.FilterChainProxy : /user at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2017-05-24 22:55:16.070 DEBUG 16899 --- [nio-8082-exec-9] o.s.s.w.u.matcher.AntPathrequestMatcher : checking match of request : '/user'; against '/login'
2017-05-24 22:55:16.070 DEBUG 16899 --- [nio-8082-exec-9] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /user; Attributes: [authenticated]
2017-05-24 22:55:16.071 DEBUG 16899 --- [nio-8082-exec-9] o.s.s.w.a.i.FilterSecurityInterceptor : PrevIoUsly Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpaddress: 0:0:0:0:0:0:0:1; SessionId: 301C6EDD36372CF9C553FCFCD4AA47E3; Granted Authorities: ROLE_ANONymOUS
2017-05-24 22:55:16.071 DEBUG 16899 --- [nio-8082-exec-9] o.s.s.access.Vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@55b4f25d,returned: -1
2017-05-24 22:55:16.071 DEBUG 16899 --- [nio-8082-exec-9] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecTing to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.Vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-4.2.2.RELEASE.jar:4.2.2.RELEASE]
但是,在第一次调用将访问令牌提供给oauth / token时,似乎我已经过身份验证:
2017-05-24 22:54:35.966 DEBUG 16899 --- [nio-8082-exec-6] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /oauth/token; Attributes: [fullyAuthenticated]
2017-05-24 22:54:35.966 DEBUG 16899 --- [nio-8082-exec-6] o.s.s.w.a.i.FilterSecurityInterceptor : PrevIoUsly Authenticated: org.springframework.security.authentication.UsernamepasswordAuthenticationToken@50c8f5e8: Principal: org.springframework.security.core.userdetailS.User@af12f3cb: Username: client; password: [PROTECTED]; Enabled: true; accountnonExpired: true; credentialsnonExpired: true; accountnonLocked: true; Granted Authorities: USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@21a2c: RemoteIpaddress: 0:0:0:0:0:0:0:1; SessionId: 2F070B741A55BD1E47933621D9127780; Granted Authorities: USER
2017-05-24 22:54:35.966 DEBUG 16899 --- [nio-8082-exec-6] o.s.s.access.Vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@61f8721f,returned: 1
2017-05-24 22:54:35.966 DEBUG 16899 --- [nio-8082-exec-6] o.s.s.w.a.i.FilterSecurityInterceptor : Authorization successful
2017-05-24 22:54:35.966 DEBUG 16899 --- [nio-8082-exec-6] o.s.s.w.a.i.FilterSecurityInterceptor : RunAsmanager did not change Authentication object
2017-05-24 22:54:35.966 DEBUG 16899 --- [nio-8082-exec-6] o.s.security.web.FilterChainProxy : /oauth/token reached end of additional filter chain; proceeding with original chain
2017-05-24 22:54:35.967 DEBUG 16899 --- [nio-8082-exec-6] .s.o.p.e.FrameworkEndpointHandlerMapping : Looking up handler method for path /oauth/token
2017-05-24 22:54:35.968 DEBUG 16899 --- [nio-8082-exec-6] .s.o.p.e.FrameworkEndpointHandlerMapping : Returning handler method [public org.springframework.http.ResponseEntity<>ecurity.oauth2.common.oAuth2AccessToken> org.springframework.security.oauth2.provider.endpoint.TokenEndpoint.postAccessToken(java.security.Principal,java.util.Map ecurity.authentication.dao.DaoAuthenticationProvider
Hibernate: SELEct user0_.id as id1_1_,user0_.enabled as enabled2_1_,user0_.name as name3_1_,user0_.password as password4_1_,user0_.username as username5_1_ from user user0_ where user0_.username=?
Hibernate: SELEct roles0_.user_id as user_id1_2_0_,roles0_.role_id as role_id2_2_0_,role1_.id as id1_0_1_,role1_.role as role2_0_1_ from user_role roles0_ inner join role role1_ on roles0_.role_id=role1_.id where roles0_.user_id=?
2017-05-24 22:54:36.125 INFO 16899 --- [nio-8082-exec-6] o.s.s.o.p.token.store.JdbcTokenStore : @L_616_84@ to find access token for token 180c2528-b712-4088-9cce-71e9cc7ccb94
2017-05-24 22:54:36.232 DEBUG 16899 --- [nio-8082-exec-6] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
2017-05-24 22:54:36.232 DEBUG 16899 --- [nio-8082-exec-6] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder Now cleared,as request processing completed
可能是我配错了.我在这里错过了什么?
我使用的是Spring-boot 1.5.3版本,我在application.yml中添加了以下行来修复排序.
security.oauth2.resource.filter-order=3
DEBUG 34386 --- [nio-8082-exec-1] o.s.security.web.FilterChainProxy : /foo at position 5 of 11 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'
参考 – https://github.com/spring-projects/spring-security-oauth/issues/993
以上是大佬教程为你收集整理的Spring Boot:Oauth2:访问被拒绝(用户是匿名的);重定向到身份验证入口点全部内容,希望文章能够帮你解决Spring Boot:Oauth2:访问被拒绝(用户是匿名的);重定向到身份验证入口点所遇到的程序开发问题。
如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。