![](/img/trans.png)
[英]Spring Boot Security OAuth2 Authentication server and business server splitting
[英]How to add users to OAuth2 Auth server in spring boot/spring security
我正在使用 Spring Boot 和 AngularJS 構建一個 reddit 克隆。目前我有一個 rest 的帖子和評論存儲庫,用戶登錄時可以訪問這些存儲庫。
安全配置文件
package com.example.MundaneHeroes.Configuration;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception
{
http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/account/**").permitAll().anyRequest().authenticated().and().oauth2Login();
}
}
application.yml文件
server:
port: 8082
servlet:
session:
cookie:
name: UISESSION
spring:
h2:
console:
enabled: true
settings:
web-allow-others: true
datasource:
url: jdbc:h2:mem:testdb
driver-class-name: org.h2.Driver
password:
username: sa
security:
oauth2:
client:
registration:
custom-client:
client-id: R2dpxQ3vPrtfgF72
client-secret: fDw7Mpkk5czHNuSRtmhGmAGL42CaxQB9
client-name: Auth Server
scope: user_info
provider: custom-provider
redirect-uri-template: http://localhost:8082/login/oauth2/code/
client-authentication-method: basic
authorization-grant-type: authorization_code
provider:
custom-provider:
token-uri: http://localhost:8081/auth/oauth/token
authorization-uri: http://localhost:8081/auth/oauth/authorize
user-info-uri: http://localhost:8081/auth/user/me
user-name-attribute: name
我主要是按照這里的教程創建授權服務器
我的問題是我無法將用戶添加到此授權服務器
我添加了一個用戶實體和一個 JPA 用戶存儲庫,並添加了代碼來配置額外的接受教程中 1 之外的其他用戶。 我已經覆蓋了用戶詳細信息,所以我相信這是一個好的開始。
@Value("${user.oauth.user.username}")
private String username;
@Value("${user.oauth.user.password}")
private String password;
@Autowired
private UserService userDetailsService;
@Override
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception
{
auth.inMemoryAuthentication().withUser(username).password(passwordEncoder().encode(password)).roles("ADMIN");
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
//auth to userService and password encoder
}
但是我不知道如何從客戶創建新帳戶的 /account/ 頁面接受數據。
這是帳戶的 html 代碼。html
<!DOCTYPE html>
<html lang="en" ng-app="userApp">
<head>
<meta charset="UTF-8">
<title>Title</title>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.8.0/angular.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.8.0/angular-route.js"></script>
<script src="account.js"></script>
<script src="bower_components/angular/angular.js"></script>
<link rel="stylesheet" href="../app.css" />
</head>
<body ng-controller="UserController">
Username <input ng-model="username"/><br>
Password <input ng-model="password"/><br>
Email <input ng-model="email"/><br>
<input type="button" value="Send" ng-click="postuser(username, password, email)" />
<p>StatusCode: {{statusval}}</p>
<p>Status: {{status}}</p>
<p>Response {{headers}}</p>
</body>
</html>
和 account.js
'use strict';
var userApp = angular.module('userApp', []);
userApp.controller('UserController', function UserController($scope, $http) {
$scope.username = null;
$scope.password = null;
$scope.email = null;
$scope.postuser = function(username, password, email){
var data = {
username: username,
password: password,
email: email
};
$http.post("http://localhost:8081/auth/users", JSON.stringify(data)).then (function (response){
if (response.data)
$scope.msg = "Post Data Submitted Successfully!";
}, function (response) {
$scope.msg = JSON.stringify(data)
$scope.statusval = response.status;
$scope.statustext = response.statusText;
$scope.headers = response.xhrStatus;
})
};
})
我一直在嘗試修改原始代碼中的 http 安全表達式
@Override
protected void configure(HttpSecurity http) throws Exception
{
//http.authorizeRequests().antMatchers("/h2-console/**").permitAll();
http.requestMatchers().antMatchers("/login", "/oauth/authorize").and().authorizeRequests().anyRequest().authenticated().and().formLogin().permitAll();
// http.requestMatchers().antMatchers("/login", "/oauth/authorize").and().authorizeRequests().antMatchers("/login").authenticated().and().formLogin().permitAll().and().authorizeRequests().antMatchers("/h2-console/**").anonymous();
//http.authorizeRequests().antMatchers("/h2-console/**").anonymous();
// http.requestMatchers().antMatchers("/login", "/oauth/authorize").and().authorizeRequests().anyRequest().
// http.requestMatchers().antMatchers("/login", "/oauth/authorize");
//http.authorizeRequests().anyRequest().authenticated().and().formLogin().permitAll();
//http.antMatcher("/**").requestMatchers("/h2-console/**")
// http.requestMatchers().antMatchers("/login", "/oauth/authorize");
// http.authorizeRequests().antMatchers("/h2-console/**").permitAll();
// .requestMatchers().antMatchers("/login", "/oauth/authorize");
// http.authorizeRequests().antMatchers("/").permitAll().antMatchers("/h2-console/**").permitAll();
//to run h2 might use profiles later
http.csrf().disable();
http.headers().frameOptions().disable();
}
注釋掉的都是我試過的
我在接受 POST 請求的 Auth 服務器中有一個 controller。 當我注釋掉正常的 httpSecurity 表達式並添加代碼以禁用 csrf 保護和禁用標頭時,我可以創建帳戶。 (顯然這不是一個好的解決方案)
在這一點上我有點卡住了,我還懷疑這根本不是將數據發送到安全服務器的正確方法。 但是,我一直無法在網上找到任何指南
那么,任何人都可以幫助或指出我正確的方向嗎?
我想出了這行代碼來讓一切正常
http
.csrf().disable()
.headers().frameOptions().disable()
.and()
.requestMatchers()
.antMatchers("/login")
.and()
.authorizeRequests()
.antMatchers("/login").authenticated()
.and().formLogin().permitAll()
.and()
.requestMatchers()
.antMatchers("/oauth/authorize")
.and()
.authorizeRequests()
.antMatchers("/oauth/authorize").authenticated()
.and().formLogin().permitAll()
.and().requestMatchers()
.antMatchers("/h2-console/**")
.and().authorizeRequests()
.antMatchers("/h2-console/**").permitAll()
.and().requestMatchers()
.antMatchers("/users")
.and()
.authorizeRequests().antMatchers("/users").permitAll()
.and()
.requestMatchers().antMatchers("/user/currentUser")
.and()
.authorizeRequests().antMatchers("/user/currentUser").permitAll();
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.