[英]OAuth2 JWT Authorization - Issue With Spring Security XML Configuration #oauth2.hasScope
I need to use XML Configuration for some parts of my Spring Security Implementation. 我需要在Spring Security实施的某些部分中使用XML配置。 All that I am concerned with at the moment is JWT Authorization, the JWT is passed to me.
目前我所关心的只是JWT授权,JWT已传递给我。 Using Spring Security I determine if the user is authorized access to a REST API endpoint.
使用Spring Security,我确定用户是否被授权访问REST API端点。 I can't use Java configuration or the @PreAuthorize annotation.
我不能使用Java配置或@PreAuthorize批注。
As an FYI when I was originally using @PreAuthorize or an approach like: .antMatchers("/students/**").access("#oauth2.hasScope('Scope:Admin')"); 作为FYI,当我最初使用@PreAuthorize或类似方法:.antMatchers(“ / students / **”)。access(“#oauth2.hasScope('Scope:Admin')”);
Everything worked fine. 一切正常。 When I was forced to move to XML config and use the security:intercept-url approach, this issue came about.
当我被迫转移到XML配置并使用security:intercept-url方法时,就出现了这个问题。
The error I am getting is: 我得到的错误是:
"message": "Failed to evaluate expression '#oauth2.hasScope('Scope:Admin')'"
“ message”:“无法评估表达式'#oauth2.hasScope('Scope:Admin')'”
The exception is: 例外是:
java.lang.IllegalArgumentException: Failed to evaluate expression '#oauth2.hasScope('Scope:Admin')'
java.lang.IllegalArgumentException:无法评估表达式'#oauth2.hasScope('Scope:Admin')'
at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:30) ~[spring-security-core-5.0.3.RELEASE.jar:5.0.3.RELEASE]在org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:30)〜[spring-security-core-5.0.3.RELEASE.jar:5.0.3.RELEASE]
... removing exception spew for brevity ...为简便起见,删除异常喷出
Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1011E: Method call: Attempted to call method hasScope(java.lang.String) on null context object由以下原因引起:org.springframework.expression.spel.SpelEvaluationException:EL1011E:方法调用:尝试在空上下文对象上调用方法hasScope(java.lang.String)
XML Config: XML配置:
<!-- only enable this when deving -->
<!-- <security:debug /> -->
<bean id="securityConfig"
class="com.wmay.config.SecurityConfig">
</bean>
<bean id="resourceServerConfig"
class="com.wmay.config.ResourceServerConfig">
</bean>
<bean id="methodSecurityConfig"
class="com.wmay.config.MethodSecurityConfig">
</bean>
<security:http pattern="/**" use-expressions="true" auto-config="true">
<security:intercept-url pattern="/students/**"
access="#oauth2.hasScope('Scope:Admin')"/>
</security:http>
Code Snippets: 代码段:
@Override
public void configure(HttpSecurity httpSecurity) throws Exception { log.info("Configuring HttpSecurity");
httpSecurity.csrf().disable(); httpSecurity.cors().configurationSource(corsConfigurationSource());
//@// @formatter:off
httpSecurity
.requestMatchers()
.and().authorizeRequests()
.antMatchers("/actuator/**").permitAll()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll();
// @formatter:on
}
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
log.info(
"Enabling OAuth2 Method Expression Handler.");
return new OAuth2MethodSecurityExpressionHandler();
}
I figured it out. 我想到了。 I needed to add some more entries into the XML configuration file.
我需要在XML配置文件中添加更多条目。
<bean id="oauth2AuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint" />
<oauth2:resource-server id="resourceServerFilter"
resource-id="${security.jwt.resource-ids}" token-services-ref="tokenServices"/>
<oauth2:web-expression-handler id="oauth2WebExpressionHandler" />
<security:http
pattern="/**"
entry-point-ref="oauth2AuthenticationEntryPoint"
authentication-manager-ref="authenticationManager"
use-expressions="true"
create-session="stateless">
<security:intercept-url pattern="/students/**"
access="#oauth2.hasScope('Scope:Admin')" />
<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<security:expression-handler ref="oauth2WebExpressionHandler" />
</security:http>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.