Spring Security OAuth2實現
[英]Spring security OAuth2 implementation
問題描述
使用Spring Boot 1.5.2.RELEASE和Java 8
我試圖理解, WebSecurityConfigurerAdapter和ResourceServerConfigurerAdapter public void configure(HttpSecurity http)方法中有什么內容?
使用以下代碼, ResourceServerConfigurerAdapter configure(HttpSecurity http)方法優先於WebSecurityConfigurerAdapter 。 我在ResourceServerConfiguration所做的所有更改都生效,看來WebSecurityConfigurerAdapter被完全忽略了。
什么時候使用這些方法(用例)? 並且,甚至授予類型password也需要重寫WebSecurityConfigurerAdapter.configure(..)方法WebSecurityConfigurerAdapter.configure(..)
使用security.oauth2.resource.filter-order = 3如果沒有此屬性,我將不斷獲得403 Access Denied
OAuth2資源過濾器的默認順序已從3更改為SecurityProperties.ACCESS_OVERRIDE_ORDER-1
WebSecurityConfiguration
@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/unsecured").permitAll()
.antMatchers("/users").hasRole("USER")
.antMatchers("/api/secured").hasRole("ADMIN")
.antMatchers("/api/admin").authenticated()
.antMatchers("/greeting").authenticated();
}
}
資源服務器
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends
ResourceServerConfigurerAdapter {
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.anyRequest().permitAll();
}
}
1 個解決方案
解決方案1
0 2017-03-16 07:01:05
我認為您在這里有答案,請查看給定Spring Security OAuth2的解決方案,該方案決定了安全性?
用於使用 JPA 的實現 ClientDetailsService (Spring Security OAuth2)
[英]Implementation ClientDetailsService (Spring Security OAuth2) for working with JPA
Spring Security和OAuth2之間Principal接口的兩種不同實現
[英]Two difference implementation of Principal interface between Spring Security & OAuth2
在Spring Security OAuth2實現中成功完成OAuth2身份驗證時設置Cookie
[英]Set cookies on successful OAuth2 Authentication in Spring Security OAuth2 implementation
Spring安全性OAuth2 UserRedirectRequiredException
[英]Spring security OAuth2 UserRedirectRequiredException
具有彈簧安全性的Oauth2-UserRedirectRequiredException
[英]Oauth2 with Spring Security - UserRedirectRequiredException
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
Oauth2 Spring實施
用於使用 JPA 的實現 ClientDetailsService (Spring Security OAuth2)
Spring Security和OAuth2之間Principal接口的兩種不同實現
在Spring Security OAuth2實現中成功完成OAuth2身份驗證時設置Cookie
升級Spring Security OAuth2
Spring安全中的Oauth2客戶端
Spring安全性OAuth2 UserRedirectRequiredException
Spring Security OAuth2 cookie
具有彈簧安全性的Oauth2-UserRedirectRequiredException
Spring Security OAuth2 InvalidGrantException
相關標簽