【问题标题】:Oauth 2.0 configuration conflicts with Spring SecurityOauth 2.0 配置与 Spring Security 冲突
【发布时间】:2017-03-31 22:10:27
【问题描述】:

我正在尝试使用 Spring Security 配置 Oauth2。但是我的 Oauth 配置与 Spring Security 配置冲突。

资源服务器配置似乎不限于 /api/v0/.*,而是覆盖所有安全配置。资源服务器运行良好。但是我使用 Spring Security 的基于表单的身份验证不起作用 - 它返回 HTTP 404 错误。

我的 WebSecurityConfigurerAdapter

中有以下代码
@Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/admin/**").access("hasRole('ADMINISTRATOR')")
                .antMatchers("/1/admin/**").access("hasRole('ADMINISTRATOR')")
                .antMatchers("/profile**").authenticated()
                .antMatchers("/oauth/authorize").authenticated()

                .and()
                .formLogin()
                .loginPage("/login")
                .failureUrl("/login?error=1")
                .loginProcessingUrl("/login-attempt")
                .defaultSuccessUrl("/", false)

                .and()
                .csrf();
    }

这是我来自 ResourceServerConfigurerAdapter

的配置
@Override
        public void configure(HttpSecurity http) throws Exception {
            http
                    .authorizeRequests()
                    .regexMatchers("/api/v0/.*").authenticated();

        }

日志

AntPathRequestMatcher:151 - Checking match of request : '/login-attempt'; against '/html/**'
AntPathRequestMatcher:151 - Checking match of request : '/login-attempt'; against '/webapi/**'
OrRequestMatcher:65 - Trying to match using Ant [pattern='/oauth/token']
AntPathRequestMatcher:151 - Checking match of request : '/login-attempt'; against '/oauth/token'
OrRequestMatcher:65 - Trying to match using Ant [pattern='/oauth/token_key']
AntPathRequestMatcher:151 - Checking match of request : '/login-attempt'; against '/oauth/token_key'
OrRequestMatcher:65 - Trying to match using Ant [pattern='/oauth/check_token']
AntPathRequestMatcher:151 - Checking match of request : '/login-attempt'; against '/oauth/check_token'
OrRequestMatcher:72 - No matches found
FilterChainProxy:324 - /login-attempt at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
FilterChainProxy:324 - /login-attempt at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
FilterChainProxy:324 - /login-attempt at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
HstsHeaderWriter:128 - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@2fa4c8cd
FilterChainProxy:324 - /login-attempt at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
AntPathRequestMatcher:151 - Checking match of request : '/login-attempt'; against '/logout'
FilterChainProxy:324 - /login-attempt at position 5 of 11 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'
BearerTokenExtractor:54 - Token not found in headers. Trying request parameters.
BearerTokenExtractor:57 - Token not found in request parameters.  Not an OAuth2 request.
OAuth2AuthenticationProcessingFilter:141 - No token in request, will continue chain.
FilterChainProxy:324 - /login-attempt at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
FilterChainProxy:324 - /login-attempt at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
FilterChainProxy:324 - /login-attempt at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
AnonymousAuthenticationFilter:100 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9056f12c: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 127.0.0.1;SessionId:672t27n01ruouli4a041a0xq;Granted Authorities: ROLE_ANONYMOUS'
FilterChainProxy:324 - /login-attempt at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
FilterChainProxy:324 - /login-attempt at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
FilterChainProxy:324 - /login-attempt at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
RegexRequestMatcher:106 - Checking match of request : '/login-attempt'; against '/api/v0/.*'
FilterSecurityInterceptor:209 - Public object - authentication not attempted
FilterChainProxy:309 - /login-attempt reached end of additional filter chain; proceeding with original chain

我做错了什么?提前致谢!

【问题讨论】:

    标签: spring spring-mvc spring-security oauth-2.0 spring-java-config


    【解决方案1】:

    不确定它是否能解决您的问题。让我们试一试。 添加

    @Order(1) 
    @Order(2) 
    

    到您的配置类,然后重试。

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2018-01-24
      • 2017-01-21
      • 2017-01-16
      • 1970-01-01
      • 1970-01-01
      • 2011-05-01
      • 1970-01-01
      • 2012-08-22
      相关资源
      最近更新 更多