[英]Spring security OAuth2 implementation
Using Spring Boot 1.5.2.RELEASE
and Java 8 使用Spring Boot 1.5.2.RELEASE
和Java 8
I'm trying to understand, what goes in public void configure(HttpSecurity http)
method of WebSecurityConfigurerAdapter
and of ResourceServerConfigurerAdapter
? 我试图理解, WebSecurityConfigurerAdapter
和ResourceServerConfigurerAdapter
public void configure(HttpSecurity http)
方法中有什么内容?
With the following code, configure(HttpSecurity http)
method of ResourceServerConfigurerAdapter
is taking precedence over WebSecurityConfigurerAdapter
. 使用以下代码, ResourceServerConfigurerAdapter
configure(HttpSecurity http)
方法优先于WebSecurityConfigurerAdapter
。 All the changes I'm doing in ResourceServerConfiguration
is taking effect, it appears that WebSecurityConfigurerAdapter
is ignored completely. 我在ResourceServerConfiguration
所做的所有更改都生效,看来WebSecurityConfigurerAdapter
被完全忽略了。
When we use these methods (use case)? 什么时候使用这些方法(用例)? And, is override of WebSecurityConfigurerAdapter.configure(..)
method even required for grant type password
并且,甚至授予类型password
也需要重写WebSecurityConfigurerAdapter.configure(..)
方法WebSecurityConfigurerAdapter.configure(..)
Using security.oauth2.resource.filter-order = 3
Without this property I keep getting 403 Access Denied
使用security.oauth2.resource.filter-order = 3
如果没有此属性,我将不断获得403 Access Denied
The default order of the OAuth2 resource filter has changed from 3 to SecurityProperties.ACCESS_OVERRIDE_ORDER - 1 OAuth2资源过滤器的默认顺序已从3更改为SecurityProperties.ACCESS_OVERRIDE_ORDER-1
WebSecurityConfiguration WebSecurityConfiguration
@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/unsecured").permitAll()
.antMatchers("/users").hasRole("USER")
.antMatchers("/api/secured").hasRole("ADMIN")
.antMatchers("/api/admin").authenticated()
.antMatchers("/greeting").authenticated();
}
}
Resource Server 资源服务器
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends
ResourceServerConfigurerAdapter {
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.anyRequest().permitAll();
}
}
我认为您在这里有答案,请查看给定Spring Security OAuth2的解决方案,该方案决定了安全性?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.