[英]Spring-Security OAuth2 StackOverflowError using Java config
I have a working Spring-Security OAuth2 configuration using XML, which I am trying to convert to a Java-based config. 我有一个使用XML的有效Spring-Security OAuth2配置,我正尝试将其转换为基于Java的配置。 This is a simple password grant scenario, with both the authorization and resource servers in the same app.
这是一个简单的密码授予方案,授权和资源服务器都位于同一应用中。 The XML configuration works fine.
XML配置工作正常。 However, when accessing the /oauth/token endpoint to request a token, the Java-based configuration gives a StackOverflowError, looping on
但是,当访问/ oauth / token端点以请求令牌时,基于Java的配置会给出一个StackOverflowError,循环
org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:446)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:192).
What gives? 是什么赋予了?
Java config: Java配置:
@Configuration
@EnableWebSecurity
public class MyAppSpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("admin")
.password("supersecret")
.roles("ROLE_USER", "ROLE_ADMIN");
}
@Bean
public AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManagerBean();
}
@Configuration
@EnableAuthorizationServer
protected static class OAuth2AuthConfig extends AuthorizationServerConfigurerAdapter {
@Autowired private AuthenticationManager authenticationManager;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("myclient")
.secret("password123")
.authorizedGrantTypes("password", "refresh_token")
.authorities("ROLE_APP")
.scopes("myapp")
.accessTokenValiditySeconds(60 * 60); // 1 hour
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
}
@Configuration
@EnableResourceServer
protected static class OAuth2ResourceConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.requestMatchers().antMatchers("/services/**").and()
.authorizeRequests().antMatchers("/services/**").authenticated();
}
}
}
XML config (working): XML配置(有效):
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<sec:http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager">
<sec:intercept-url pattern="/oauth/token" access="isFullyAuthenticated()"/>
<sec:http-basic entry-point-ref="clientAuthenticationEntryPoint"/>
<sec:custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER"/>
<sec:access-denied-handler ref="oauthAccessDeniedHandler"/>
<sec:anonymous enabled="false"/>
<sec:csrf disabled="true"/>
</sec:http>
<sec:http pattern="/services/**" create-session="never" entry-point-ref="oauthAuthenticationEntryPoint">
<sec:intercept-url pattern="/services/**" access="hasRole('ROLE_USER')"/>
<sec:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER"/>
<sec:access-denied-handler ref="oauthAccessDeniedHandler"/>
<sec:anonymous enabled="false"/>
<sec:csrf disabled="true"/>
</sec:http>
<bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="myapp"/>
</bean>
<bean id="clientAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="myapp/client"/>
<property name="typeName" value="Basic"/>
</bean>
<bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler"/>
<bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
<property name="authenticationManager" ref="clientAuthenticationManager"/>
</bean>
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
<constructor-arg>
<list>
<bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter"/>
<bean class="org.springframework.security.access.vote.RoleVoter"/>
<bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
</list>
</constructor-arg>
</bean>
<sec:authentication-manager id="clientAuthenticationManager">
<sec:authentication-provider user-service-ref="clientDetailsUserService"/>
</sec:authentication-manager>
<bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
<constructor-arg ref="clientDetails"/>
</bean>
<bean id="bcryptPasswordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider>
<sec:user-service>
<sec:user name="admin" password="supersecret" authorities="ROLE_USER,ROLE_ADMIN"/>
</sec:user-service>
</sec:authentication-provider>
</sec:authentication-manager>
<bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore"/>
<bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
<property name="tokenStore" ref="tokenStore"/>
<property name="supportRefreshToken" value="true"/>
<property name="accessTokenValiditySeconds" value="3600"/>
<property name="clientDetailsService" ref="clientDetails"/>
</bean>
<oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices">
<oauth:refresh-token/>
<oauth:password/>
</oauth:authorization-server>
<oauth:resource-server id="resourceServerFilter" resource-id="myapp" token-services-ref="tokenServices"/>
<oauth:client-details-service id="clientDetails">
<oauth:client client-id="myapp" secret="password123" authorized-grant-types="password,refresh_token" scope="myapp" authorities="ROLE_APP"/>
</oauth:client-details-service>
</beans>
I know a lot of the stuff specified in the XML is defaulted through @EnableAuthorizationServer and @EnableResourceServer, but apparently I'm still missing something. 我知道XML中指定的许多内容都是通过@EnableAuthorizationServer和@EnableResourceServer默认的,但是显然我仍然缺少某些内容。 I've gone back and forth over the sample apps and unit tests.
我来回研究了示例应用程序和单元测试。 But there always seems to additionally be more Spring Boot related magic going on in those configs.
但是在这些配置中似乎总是还有更多与Spring Boot相关的魔术。
This is with Spring 4.2.3, Spring Security 4.0.3, and Spring Security OAuth 2.0.8 这是与Spring 4.2.3,Spring Security 4.0.3和Spring Security OAuth 2.0.8一起提供的
If you want to expose the AuthenticationManager instance as a bean, you need to override public AuthenticationManager authenticationManagerBean()
rather than protected AuthenticationManager authenticationManager()
. 如果要将AuthenticationManager实例公开为bean,则需要重写
public AuthenticationManager authenticationManagerBean()
而不是protected AuthenticationManager authenticationManager()
。
See JavaDoc: http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.html#authenticationManagerBean-- 请参阅JavaDoc: http : //docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.html#authenticationManagerBean--
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.