堆栈内存溢出
  繁体   English   中英

Spring Security OAuth2正确的授权管理器

[英]Spring Security OAuth2 correct Authorization Manager

 原文  2015-10-09 11:06:47       java/ spring/ spring-security/ oauth-2.0/ spring-security-oauth2

问题描述

我尝试配置Spring Security OAuth2。 我必须使用authentication managerclientAuthenticationManagerauthManager 如果我正确理解clientAuthenticationManager用于客户端授权(通过客户端ID和客户端密钥),而authManager用于用户授权(通过用户登录名和密码),对吗?

但是,当我调试应用程序时,我看到当我发送http://localhost:8080/myApp/oauth/token请求时,授权是由authManager (不是clientAuthenticationManager )进行的。

我的配置: 

    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
    xmlns:sec="http://www.springframework.org/schema/security"
    xmlns:mvc="http://www.springframework.org/schema/mvc"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
    http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd" >

    <http pattern="/oauth/token" create-session="stateless"
        authentication-manager-ref="authenticationManager"
        xmlns="http://www.springframework.org/schema/security">
    <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <anonymous enabled="false" />
    <http-basic entry-point-ref="clientAuthenticationEntryPoint" />

    <custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
    <access-denied-handler ref="oauthAccessDeniedHandler" />
    </http>

    <http pattern="/API/**" create-session="never"
        entry-point-ref="oauthAuthenticationEntryPoint"
        access-decision-manager-ref="accessDecisionManager"
        xmlns="http://www.springframework.org/schema/security">
    <anonymous enabled="false" />

    <intercept-url pattern="/API/**" access="ROLE_RESTREAD" method="GET" />
    <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
    <access-denied-handler ref="oauthAccessDeniedHandler" />
</http>

<http auto-config="false" use-expressions="true"
    disable-url-rewriting="true">
    <intercept-url pattern="/isSessionValid" access="permitAll"
        requires-channel="any" />
    <intercept-url pattern="/**" access="isAuthenticated()"
        requires-channel="any" />
    <form-login login-page="/login" authentication-failure-url="/loginFailed"
        default-target-url="/loginSuccess" always-use-default-target="true" />
    <logout logout-success-url="/login" />
    <session-management>
        <concurrency-control max-sessions="1" />
    </session-management>
</http>

<oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices">  
    <oauth:client-credentials />  
</oauth:authorization-server>
<oauth:resource-server id="resourceServerFilter" token-services-ref="tokenServices" />
<oauth:expression-handler id="oauthExpressionHandler" />
<oauth:web-expression-handler id="oauthWebExpressionHandler" />

<beans:bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.JdbcTokenStore" >
    <beans:constructor-arg ref="dataSource" />
</beans:bean>
<beans:bean id="clientDetails" class="org.springframework.security.oauth2.provider.client.JdbcClientDetailsService" >
    <beans:constructor-arg ref="dataSource" />
</beans:bean>
<beans:bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
    <beans:property name="tokenStore" ref="tokenStore" />
    <beans:property name="supportRefreshToken" value="false" />
    <beans:property name="clientDetailsService" ref="clientDetails" />
    <beans:property name="accessTokenValiditySeconds" value="400000" />
    <beans:property name="refreshTokenValiditySeconds" value="0" />
</beans:bean>
<beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased" >
    <beans:constructor-arg>
        <beans:list>
            <beans:bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
            <beans:bean class="org.springframework.security.access.vote.RoleVoter" />
            <beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
        </beans:list>
    </beans:constructor-arg>
</beans:bean>
<beans:bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
    <beans:property name="realmName" value="theRealm" />
</beans:bean>
<beans:bean id="clientAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
    <beans:property name="realmName" value="theRealm/client" />
    <beans:property name="typeName" value="Basic" />
</beans:bean>
<beans:bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
    <beans:property name="authenticationManager" ref="clientAuthenticationManager" />
</beans:bean>
<beans:bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
    <beans:constructor-arg ref="clientDetails" />
</beans:bean>
<beans:bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
<global-method-security pre-post-annotations="enabled" proxy-target-class="true">
    <expression-handler ref="oauthExpressionHandler" />
</global-method-security>
<authentication-manager alias="clientAuthenticationManager">
    <authentication-provider user-service-ref="clientDetailsUserService" />
</authentication-manager>


<beans:bean id="userRepository" class="pl.execon.grm.repository.UserRepository">
    <beans:property name="sessionFactory" ref="sessionFactory" />
</beans:bean>

<beans:bean id="userDetailsService" class="pl.execon.grm.auth.GRMUserDataService">
    <beans:property name="userRepository" ref="userRepository" />
</beans:bean>

<authentication-manager alias="authManager">
    <authentication-provider user-service-ref='userDetailsService'>
        <password-encoder hash="md5" />
    </authentication-provider>
</authentication-manager>

1 个解决方案

解决方案1
 0 已采纳  2015-10-09 12:46:17

我发现是什么导致了我的问题:

在代码中: 

<authentication-manager alias="clientAuthenticationManager">
    <authentication-provider user-service-ref="clientDetailsUserService" />
</authentication-manager>

我写的alias不是id所以应该是: 

<authentication-manager id="clientAuthenticationManager">
    <authentication-provider user-service-ref="clientDetailsUserService" />
</authentication-manager>

当我有alias默认身份验证管理器来解析OAuth客户端,这是造成我问题的原因。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring安全OAuth2授权流程 具有3.0.5春季安全性的oauth2授权 使用OAuth2在Spring Security中进行用户授权 使用Spring Security和Rabbitmq进行OAuth2授权 使用 Spring 引导和 Spring 安全性的 OpenID (OAuth2) 授权失败 Spring Boot Oauth2-授权与资源服务器之间的安全性不兼容 带有oauth2的Spring Security将其他参数添加到授权URL? 授权标头的 Spring Security OAuth2 CORS 问题 具有OAuth2授权的Spring WebClient Spring oauth2 授权提供者
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM