[英]How do I set up PreAuthenticationAuthenticationProvider?
我一直在嘗試讓OAuth 2為我的應用程序工作,但我繼續遇到與配置相關的錯誤,特別是涉及身份驗證令牌。 應用程序設置為充當授權和資源服務器。 我已成功將其配置為使用密碼授予類型和內存中的令牌存儲來發出令牌。 但是,每次我嘗試發送受限資源請求時,都會收到錯誤消息:
org.springframework.security.authentication.ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
所以,我嘗試在我的配置中設置PreAuthenticationAuthenticationProvider
:
@Autowired
private UserDetailsManager userManager;
@Bean
public AuthenticationProvider preAuthenticationAuthenticationProvider() {
PreAuthenticatedAuthenticationProvider authenticationProvider =
new PreAuthenticatedAuthenticationProvider();
UserDetailsByNameServiceWrapper userDetailsWrapper = new UserDetailsByNameServiceWrapper(userManager);
authenticationProvider.setPreAuthenticatedUserDetailsService(userDetailsWrapper);
return authenticationProvider;
}
但是,我在奇怪的地方得到NullPointerException
,例如:
java.lang.NullPointerException: null
at org.springframework.security.authentication.AccountStatusUserDetailsChecker.check(AccountStatusUserDetailsChecker.java:17) ~[spring-security-core-4.0.3.RELEASE.jar!/:4.0.3.RELEASE]
我想知道最簡單的配置是什么,以及為什么我首先需要它? 是因為我有@PreAuthorize
注釋嗎?
以下是我設置資源服務器的方法:
@Configuration
protected static class ResourceServer extends ResourceServerConfigurerAdapter {
@Autowired
private TokenStore tokenStore;
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.tokenStore(tokenStore).authenticationManager(authenticationManager);
}
@Override
public void configure(HttpSecurity http) throws Exception {
//http configuration
}
}
TokenStore
只是InMemoryTokenStore
一個實例, AuthenticationManager
以這種方式設置:
@Configuration
protected static class WebSecurity extends WebSecurityConfigurerAdapter {
@Autowired
protected UserDetailsManager userManager;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(preAuthenticationAuthenticationProvider())
.userDetailsService(userManager).passwordEncoder(PASSWORD_ENCODER);
}
@Bean
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
@Bean
protected AuthenticationProvider preAuthenticationAuthenticationProvider() {
PreAuthenticatedAuthenticationProvider authenticationProvider =
new PreAuthenticatedAuthenticationProvider();
UserDetailsByNameServiceWrapper userDetailsWrapper = new UserDetailsByNameServiceWrapper(userManager);
authenticationProvider.setPreAuthenticatedUserDetailsService(userDetailsWrapper);
return authenticationProvider;
}
}
我缺少的是AuthorizationServiceTokenServices
和ResourceServerTokenServices
。 這兩個接口都是由Spring的DefaultTokenServices
。
@Bean
public DefaultTokenServices tokenServices() {
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setTokenStore(tokenStore());
tokenServices.setAuthenticationManager(authenticationManager);
return tokenServices;
}
在授權服務器配置( AuthorizationServiceConfigurerAdapter
)中,我有以下設置:
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenServices(tokenServices()).authenticationManager(authenticationManager);
}
在資源服務器配置( ResourceServerConfigurerAdapter
)中:
@Autowired
private DefaultTokenServices tokenServices;
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.tokenServices(tokenServices);
}
使用所有這些組件,我的應用程序無需定義任何PreAuthenticationAuthenticationProvider
bean。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.