[英]Use Spring Security with JDBC backend
我遵循了Spring Security教程本章中的步骤:
我构建了一个完美运行的应用程序:
然后,我想要实现一个JDBC后端,如本示例中所述:
我更改了初始项目,如GitHub上的示例应用程序所示:
现在看来,资源服务器不再能够在/uaa/user端点上检查令牌 :
执行的命令:
来自OAuth2授权服务器的日志
2016-02-28 12:35:08.762 INFO 1029 --- [nio-9999-exec-3] o.s.s.o.p.token.store.JdbcTokenStore : Failed to find access token for token 41b1504d-b985-40e0-80a8-94c09992aafe
2016-02-28 12:37:58.604 INFO 1029 --- [nio-9999-exec-7] o.s.s.o.p.token.store.JdbcTokenStore : Failed to find access token for token 41b1504d-b985-40e0-80a8-94c09992aafe
2016-02-28 12:44:06.845 INFO 1029 --- [nio-9999-exec-6] o.s.s.o.p.token.store.JdbcTokenStore : Failed to find access token for token 41b1504d-b985-40e0-80a8-94c09992aafe
来自资源服务器的日志
2016-02-28 12:37:42.149 INFO 1186 --- [0.1-8181-exec-3] o.s.b.a.s.o.r.UserInfoTokenServices : Getting user info from: http://localhost:9999/uaa/user
2016-02-28 12:37:42.228 INFO 1186 --- [0.1-8181-exec-3] o.s.b.a.s.o.r.UserInfoTokenServices : Could not fetch user details: class org.springframework.security.oauth2.client.resource.UserRedirectRequiredException, A redirect is required to get the users approval
2016-02-28 12:37:58.600 INFO 1186 --- [0.1-8181-exec-5] o.s.b.a.s.o.r.UserInfoTokenServices : Getting user info from: http://localhost:9999/uaa/user
2016-02-28 12:37:58.623 INFO 1186 --- [0.1-8181-exec-5] o.s.b.a.s.o.r.UserInfoTokenServices : Could not fetch user details: class java.lang.IllegalArgumentException, URI is not absolute
2016-02-28 12:44:06.839 INFO 1186 --- [0.1-8181-exec-7] o.s.b.a.s.o.r.UserInfoTokenServices : Getting user info from: http://localhost:9999/uaa/user
2016-02-28 12:44:06.848 INFO 1186 --- [0.1-8181-exec-7] o.s.b.a.s.o.r.UserInfoTokenServices : Could not fetch user details: class org.springframework.security.oauth2.common.exceptions.InvalidRequestException, Possible CSRF detected - state parameter was present but no state could be found
以下是重要的类:
OAuth2授权服务器:SaAuthApplication.class
@SpringBootApplication
@Configuration
@RestController
@EnableDiscoveryClient
@EnableResourceServer
@EnableAutoConfiguration
@EnableAuthorizationServer
public class SaAuthApplication {
@Autowired
private DataSource dataSource;
@RequestMapping("/user")
public Principal user(Principal user) {
return user;
}
public static void main(String[] args) {
SpringApplication.run(SaAuthApplication.class, args);
}
@Configuration
@EnableResourceServer
protected static class ResourceServer extends ResourceServerConfigurerAdapter {
@Autowired
private TokenStore tokenStore;
@Override
public void configure(ResourceServerSecurityConfigurer resources)
throws Exception {
resources.tokenStore(tokenStore);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated();
}
}
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager auth;
@Autowired
private DataSource dataSource;
private BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
@Bean
public JdbcTokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Bean
protected AuthorizationCodeServices authorizationCodeServices() {
return new JdbcAuthorizationCodeServices(dataSource);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security)
throws Exception {
security.passwordEncoder(passwordEncoder);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
endpoints.authorizationCodeServices(authorizationCodeServices())
.authenticationManager(auth).tokenStore(tokenStore())
.approvalStoreDisabled();
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// @formatter:off
clients.jdbc(dataSource)
.passwordEncoder(passwordEncoder)
.withClient("my-trusted-client")
.authorizedGrantTypes("password", "authorization_code",
"refresh_token", "implicit")
.authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
.scopes("read", "write", "trust")
.resourceIds("oauth2-resource")
.accessTokenValiditySeconds(60).and()
.withClient("my-client-with-registered-redirect")
.authorizedGrantTypes("authorization_code")
.authorities("ROLE_CLIENT").scopes("read", "trust")
.resourceIds("oauth2-resource")
.redirectUris("http://anywhere?key=value").and()
.withClient("my-client-with-secret")
.authorizedGrantTypes("client_credentials", "password")
.authorities("ROLE_CLIENT").scopes("read")
.resourceIds("oauth2-resource").secret("secret");
// @formatter:on
}
}
@Autowired
public void init(AuthenticationManagerBuilder auth) throws Exception {
// @formatter:off
auth.jdbcAuthentication().dataSource(dataSource).withUser("dave")
.password("secret").roles("USER");
// @formatter:on
}
}
资源服务器:application.yml
security:
oauth2:
resource:
user-info-uri: http://localhost:9999/uaa/user
资源服务器:SaEmployeeApplication.class
@SpringBootApplication
@EnableDiscoveryClient
@EnableResourceServer
public class SaEmployeeApplication {
public static void main(String[] args) {
SpringApplication.run(SaEmployeeApplication.class, args);
}
}
OAuth2授权服务器一切正常。 我可以授权客户并取回令牌。 但是资源服务器似乎无法在/uaa/user端点上检查令牌。
我将回答我自己的问题:
令牌的expires_in值仅为59秒。 因此,根本没有足够的时间来设置请求。
.accessTokenValiditySeconds(60)设置expires_in值。
如何在Flyway中使用Spring Boot / Spring Security的JDBC身份验证
[英]How to use JDBC-Authentication of Spring Boot/Spring Security with Flyway
如何使用带有 postgresql 和 jdbc 的 Spring Cloud 配置服务器作为具有多个配置文件的后端?
[英]How to use spring cloud config server with postgresql and jdbc as backend with multiple profiles?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.