堆栈内存溢出
  简体   繁体   English

Spring Security OAuth2实现

[英]Spring security OAuth2 implementation

 原文  2017-03-15 10:42:43       java/ spring/ spring-security/ oauth/ oauth-2.0

问题描述

Using Spring Boot 1.5.2.RELEASE and Java 8 使用Spring Boot 1.5.2.RELEASE和Java 8

I'm trying to understand, what goes in public void configure(HttpSecurity http) method of WebSecurityConfigurerAdapter and of ResourceServerConfigurerAdapter ? 我试图理解, WebSecurityConfigurerAdapterResourceServerConfigurerAdapter public void configure(HttpSecurity http)方法中有什么内容?

With the following code, configure(HttpSecurity http) method of ResourceServerConfigurerAdapter is taking precedence over WebSecurityConfigurerAdapter . 使用以下代码, ResourceServerConfigurerAdapter configure(HttpSecurity http)方法优先于WebSecurityConfigurerAdapter All the changes I'm doing in ResourceServerConfiguration is taking effect, it appears that WebSecurityConfigurerAdapter is ignored completely. 我在ResourceServerConfiguration所做的所有更改都生效,看来WebSecurityConfigurerAdapter被完全忽略了。

When we use these methods (use case)? 什么时候使用这些方法(用例)? And, is override of WebSecurityConfigurerAdapter.configure(..) method even required for grant type password 并且,甚至授予类型password也需要重写WebSecurityConfigurerAdapter.configure(..)方法WebSecurityConfigurerAdapter.configure(..)

Using security.oauth2.resource.filter-order = 3 Without this property I keep getting 403 Access Denied 使用security.oauth2.resource.filter-order = 3如果没有此属性,我将不断获得403 Access Denied

The default order of the OAuth2 resource filter has changed from 3 to SecurityProperties.ACCESS_OVERRIDE_ORDER - 1 OAuth2资源过滤器的默认顺序已从3更改为SecurityProperties.ACCESS_OVERRIDE_ORDER-1

WebSecurityConfiguration WebSecurityConfiguration 

@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

@Override
public void configure(HttpSecurity http) throws Exception {
    http.csrf().disable()
    .authorizeRequests()
    .antMatchers("/unsecured").permitAll()
    .antMatchers("/users").hasRole("USER")
    .antMatchers("/api/secured").hasRole("ADMIN")
    .antMatchers("/api/admin").authenticated()
    .antMatchers("/greeting").authenticated();
  }
}

Resource Server 资源服务器 

@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends
        ResourceServerConfigurerAdapter {

    public void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
            .authorizeRequests()
                .anyRequest().permitAll();          
    }
}

1 个解决方案

解决方案1
 0  2017-03-16 07:01:05

我认为您在这里有答案,请查看给定Spring Security OAuth2的解决方案,该方案决定了安全性?

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Oauth2 Spring实施 - Oauth2 Spring implementation 用于使用 JPA 的实现 ClientDetailsS​​ervice (Spring Security OAuth2) - Implementation ClientDetailsService (Spring Security OAuth2) for working with JPA Spring Security和OAuth2之间Principal接口的两种不同实现 - Two difference implementation of Principal interface between Spring Security & OAuth2 在Spring Security OAuth2实现中成功完成OAuth2身份验证时设置Cookie - Set cookies on successful OAuth2 Authentication in Spring Security OAuth2 implementation 升级Spring Security OAuth2 - Upgrading Spring Security OAuth2 Spring安全中的Oauth2客户端 - Oauth2 Client in Spring security Spring安全性OAuth2 UserRedirectRequiredException - Spring security OAuth2 UserRedirectRequiredException Spring Security OAuth2 cookie - Spring Security OAuth2 cookies 具有弹簧安全性的Oauth2-UserRedirectRequiredException - Oauth2 with Spring Security - UserRedirectRequiredException Spring Security OAuth2 InvalidGrantException - Spring Security OAuth2 InvalidGrantException
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM