stackoom
  简体   繁体   中英

Unable to add custom config for spring security with oauth2

 原文  2017-12-19 15:14:23       java/ spring/ spring-boot/ spring-security/ spring-security-oauth2

Question

I have a spring boot app that works correctly with oauth2 (as a resource server). There is no custom configure(HttpSecurity http) method. Only 

spring-boot-starter-security
spring-security-oauth2
spring-security-jwt

are added to pom.

Now i want to add endpoints that should be unprotected. So (following many SO responses) i started with adding: 

@Configuration
public class Security extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
    }
}

and then i got:

Cannot apply org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer@6513fd22 to already built object

Full error: 

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: Cannot apply org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer@6513fd22 to already built object

So how should i configure my security to add endpoints for anonymous access?

1 answers

solution1
 1 ACCPTED  2017-12-19 15:34:35

Error comes from empty body in configure() method.

You have to specify it explicitly. For instance (from a working application of us): 

@Override
public void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .antMatchers("/unprotected/sample/find/**").permitAll()
            .antMatchers("/unprotected/another/register").permitAll()
            .anyRequest().authenticated().and()
            .csrf().disable();
}

Endpoints matching /unprotected/sample/find/** and /unprotected/sample/find/** are unprotected and everything else is protected.

Of course not protected endpoints should not have any @PreAuthorize() defined.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring Boot OAuth2 with custom security filter Spring Security OAuth2 custom success user Spring-Security OAuth2 StackOverflowError using Java config Spring security oauth2 - add filter after oauth/token call Spring OAuth2 Security - Client Credentials - Custom AuthenticationProvider Spring Security OAuth2 with custom TokenGranter in version 2.0.+ Spring Security and OAuth2 generate token with custom grant type problems injecting custom userDetailsService in Spring Security OAuth2 Spring Boot Security OAuth2 custom exception message Spring Security OAuth2 cookies
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM