Spring Security OAuth2实现
[英]Spring security OAuth2 implementation
问题描述
使用Spring Boot 1.5.2.RELEASE和Java 8
我试图理解, WebSecurityConfigurerAdapter和ResourceServerConfigurerAdapter public void configure(HttpSecurity http)方法中有什么内容?
使用以下代码, ResourceServerConfigurerAdapter configure(HttpSecurity http)方法优先于WebSecurityConfigurerAdapter 。 我在ResourceServerConfiguration所做的所有更改都生效,看来WebSecurityConfigurerAdapter被完全忽略了。
什么时候使用这些方法(用例)? 并且,甚至授予类型password也需要重写WebSecurityConfigurerAdapter.configure(..)方法WebSecurityConfigurerAdapter.configure(..)
使用security.oauth2.resource.filter-order = 3如果没有此属性,我将不断获得403 Access Denied
OAuth2资源过滤器的默认顺序已从3更改为SecurityProperties.ACCESS_OVERRIDE_ORDER-1
WebSecurityConfiguration
@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/unsecured").permitAll()
.antMatchers("/users").hasRole("USER")
.antMatchers("/api/secured").hasRole("ADMIN")
.antMatchers("/api/admin").authenticated()
.antMatchers("/greeting").authenticated();
}
}
资源服务器
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends
ResourceServerConfigurerAdapter {
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.anyRequest().permitAll();
}
}
1 个解决方案
解决方案1
0 2017-03-16 07:01:05
我认为您在这里有答案,请查看给定Spring Security OAuth2的解决方案,该方案决定了安全性?
用于使用 JPA 的实现 ClientDetailsService (Spring Security OAuth2)
[英]Implementation ClientDetailsService (Spring Security OAuth2) for working with JPA
Spring Security和OAuth2之间Principal接口的两种不同实现
[英]Two difference implementation of Principal interface between Spring Security & OAuth2
在Spring Security OAuth2实现中成功完成OAuth2身份验证时设置Cookie
[英]Set cookies on successful OAuth2 Authentication in Spring Security OAuth2 implementation
Spring安全性OAuth2 UserRedirectRequiredException
[英]Spring security OAuth2 UserRedirectRequiredException
具有弹簧安全性的Oauth2-UserRedirectRequiredException
[英]Oauth2 with Spring Security - UserRedirectRequiredException
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Oauth2 Spring实施
用于使用 JPA 的实现 ClientDetailsService (Spring Security OAuth2)
Spring Security和OAuth2之间Principal接口的两种不同实现
在Spring Security OAuth2实现中成功完成OAuth2身份验证时设置Cookie
升级Spring Security OAuth2
Spring安全中的Oauth2客户端
Spring安全性OAuth2 UserRedirectRequiredException
Spring Security OAuth2 cookie
具有弹簧安全性的Oauth2-UserRedirectRequiredException
Spring Security OAuth2 InvalidGrantException
相关标签