EnableWebSecurity 注釋在 spring-security-oauth2 處給出錯誤

Question

我正在使用 Spring Boot，包括 Spring 2.1.2 Release Security 和 KeyCloak Oauth2.0。 但是當我重新啟動應用程序時，出現以下錯誤。

org.springframework.cloud.security.oauth2.gateway.TokenRelayAutoConfiguration 中方法 tokenRelayGatewayFilterFactory 的參數 0 需要一個無法找到的類型為“org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository”的 bean。

    The following candidates were found but could not be injected:
  - Bean method 'authorizedClientRepository' in 'ReactiveOAuth2ClientAutoConfiguration' not loaded because NoneNestedConditions 1 matched 0 did not; NestedCondition on     ReactiveOAuth2ClientAutoConfiguration.NonServletApplicationCondition.ServletApplicationCondition found 'session' scope

 Action:

Consider revisiting the entries above or defining a bean of type 'org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository' in your configuration.

您可以在之前找到 pom.xml 、application.yml 和 SecurityConfig。 當我擴展 WebSecurityConfigurerAdapter 時會出現問題。 你認為我應該對 pom.xml 或類本身做一些改變嗎？ 感謝您的幫助。

pom.xml

 <dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-actuator</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-webflux</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-gateway</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-netflix-hystrix</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-data-redis</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-consul-discovery</artifactId>
    </dependency>
    <dependency>
        <groupId>de.siegmar</groupId>
        <artifactId>logback-gelf</artifactId>
        <version>1.1.0</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-zipkin</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-oauth2-client</artifactId>
    </dependency>


    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>io.projectreactor</groupId>
        <artifactId>reactor-test</artifactId>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>au.com.dius</groupId>
        <artifactId>pact-jvm-consumer-junit_2.11</artifactId>
        <version>3.5.0</version>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>

    <!--START: OAUTH2 Client for Authorization Code-->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-oauth2-client</artifactId>
    </dependency>

    <!--Auto Configure Oauth Spring Security Stuff-->
    <dependency>
        <groupId>org.springframework.security.oauth.boot</groupId>
        <artifactId>spring-security-oauth2-autoconfigure</artifactId>
    </dependency>
    <!--END-->

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-webflux</artifactId>
    </dependency>

    <!--START: Thymeleaf configs, no need to add those if you are not using thymeleaf-->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-thymeleaf</artifactId>
    </dependency>

    <dependency>
        <groupId>org.thymeleaf.extras</groupId>
        <artifactId>thymeleaf-extras-springsecurity5</artifactId>
    </dependency>
    <!--END-->

    <!--START: Eureka Client Config-->
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
    </dependency>
    <!--END-->





</dependencies>

application.yaml 的一部分

         routes:
            - id:myApp
              uri: http://localhost:5287
              predicates:
                  - Path=/keycloak-oidc-code/**
              filters:
                  - TokenRelay=
                  - RemoveRequestHeader=Cookie

安全配置文件

@Configuration
@EnableWebSecurity
public class SecurityConfig.java extends WebSecurityConfigurerAdapter {
    
  @Override
  public void configure( HttpSecurity http ) throws Exception
    { //TODO
      http
        .authorizeRequests( )
        .anyRequest( ).authenticated( )
        .antMatchers( "/login**", "/error**" ).permitAll( ).and( )
        .oauth2Login( );
    }
}

Answer 1

您正在使用 Reactive Spring 模塊（WebFlux、Spring-Cloud-Gateway）。 因此，安全配置不能是傳統方式。 您需要像下面這樣設置您的安全配置；

@EnableWebFluxSecurity
public class MySecurityConfiguration {

    @Bean
    public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) {
        return http.authorizeExchange().pathMatchers("/login**", "/error**").permitAll()
    .anyExchange().authenticated().and().oauth2Login().and().build();;
    }

}