带有OAuth的Spring Boot Security Multi Http不起作用
[英]Spring Boot Security Multi Http with OAuth not working
问题描述
我有一个可用的Rest API,它是用Spring Boot开发的,并受Sprint Security和OAuth保护:
@Configuration
@EnableResourceServer
@EnableOAuth2Client
@Order(2)
public class SecurityConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.cors().and().antMatcher("/**").csrf().disable();
http.authorizeRequests().anyRequest().authenticated().and().httpBasic();
}
}
然后,我在应用程序中添加了一些Web表单,因此我按照以下说明扩展了安全配置,以处理多个HttpSecurity: https ://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#multiple- httpsecurity ,它不再起作用了。
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Configuration
@EnableOAuth2Sso
@EnableOAuth2Client
@Order(1)
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
}
@Configuration
@EnableOAuth2Sso
@EnableOAuth2Client
@Order(2)
public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
}
}
将日志文件与工作版本进行比较时,我发现在Multy HTTP配置上未触发OAuth2AuthenticationProcessingFilter:
工作日志
12:45:01.808 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request '/external_users' matched by universal pattern '/**'
12:45:01.809 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
12:45:01.810 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
12:45:01.812 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
12:45:02.093 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 4 of 13 in additional filter chain; firing Filter: 'CorsFilter'
12:45:02.093 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
12:45:02.093 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', GET]
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/external_users'; against '/logout'
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', POST]
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /external_users' doesn't match 'POST /logout
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', PUT]
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /external_users' doesn't match 'PUT /logout
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', DELETE]
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /external_users' doesn't match 'DELETE /logout
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - No matches found
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 6 of 13 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'
非工作日志
12:49:42.506 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/external_users'; against '/api/**'
12:49:42.510 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
12:49:42.511 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
12:49:42.512 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
12:49:42.514 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 4 of 12 in additional filter chain; firing Filter: 'CorsFilter'
12:49:42.515 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
12:49:42.515 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', GET]
12:49:42.517 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/external_users'; against '/logout'
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', POST]
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/external_users' doesn't match 'POST /logout
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', PUT]
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/external_users' doesn't match 'PUT /logout
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', DELETE]
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/external_users' doesn't match 'DELETE /logout
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - No matches found
12:49:42.519 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
1 个解决方案
解决方案1
0 2018-09-12 18:04:06
我找到了一个对我有用的替代配置:
- 更改@EnableResourceServer的第一个注释,而不是@ EnableWebSecurity
- 将ApiWebSecurityConfigurationAdapter的父类更改为ResourceServerConfigurerAdapter
- 删除FormLoginWebSecurityConfigurerAdapter的订单注释
这是最终的工作代码:
@Configuration
@EnableResourceServer
public class SecurityConfig {
@Configuration
@EnableOAuth2Sso
@EnableOAuth2Client
@Order(1)
public static class ApiWebSecurityConfigurationAdapter extends ResourceServerConfigurerAdapter {
}
@Configuration
@EnableOAuth2Sso
@EnableOAuth2Client
public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
}
}
Spring启动安全性不会在configure(HttpSecurity http)方法上重定向oauth / authorize调用
[英]Spring boot security doesn't redirect oauth/authorize calls on configure(HttpSecurity http) method
为Oauth和Http Basic身份验证配置Spring Security
[英]Configuring Spring Security for Oauth and Http Basic authentication
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
具有http端口80的Spring Boot安全性不起作用
Spring启动安全性不会在configure(HttpSecurity http)方法上重定向oauth / authorize调用
Spring Boot 1.5禁用OAuth2安全性
Spring Boot Security oauth2预检问题
Spring boot 2.0.3 + 安全 + Oauth2 自动配置
Spring Boot OAuth2带有自定义安全过滤器
Spring Boot Security 中 OAuth2Client 中的 SSO
Spring Boot + OAuth2安全和请求过滤器
为Oauth和Http Basic身份验证配置Spring Security
使用AspectJ的Spring启动+ Spring安全性无法正常工作
相关标签