0
我正在實施某種SSO系統。我在我的應用程序中使用了Spring安全性oauth 2。我有一個客戶端應用程序(localhost:8081)和一個服務器應用程序(localhost:8080)。Spring oauth2。重定向到oauth /授權AuthorizationEndpoint不會發生
用戶嘗試從客戶端應用做一個登錄。客戶端應用程序依次啓動身份驗證流程。它發送到服務器應用程序 AUTH請求http://localhost:8080/authorize?response_type=code&client_id=client&scope=openid+email+address+profile+phone&redirect_uri=localhost:8081/login&nonce=3fc29332c5377&state=18960fbd838be
有一個重定向到登錄頁面,並輸入憑據並提交表單認證成功上服務器後。
之後,我期待繼續流動授權,去到OAuth /在irder授權終點org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint 生成授權碼,併發送回客戶端應用。 但它沒有。
請幫我澄清一下爲什麼?爲什麼在成功認證後流程不會進入oauth /授權終點。
這是我登錄andpoint配置:
<security:http pattern="/mylogin"
create-session="stateless"
entry-point-ref="oauthAuthenticationEntryPoint">
<security:intercept-url pattern="/mylogin" access="permitAll"/>
<security:csrf disabled="true"/>
<security:custom-filter before="PRE_AUTH_FILTER" ref="customAuthenticationFilter"/>
<security:custom-filter ref="authRequestFilter" after="SECURITY_CONTEXT_FILTER" />
<security:logout logout-url="/logout" />
<security:anonymous />
<security:expression-handler ref="oauthWebExpressionHandler" />
<security:headers>
<security:frame-options policy="DENY" />
</security:headers>
</security:http>
這是我的自定義身份驗證過濾器:
public class CustomAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
private static Logger logger = LoggerFactory.getLogger(CustomAuthenticationFilter.class);
public CustomAuthenticationFilter() {
super("/mylogin");
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
if (!HttpMethod.POST.name().equals(request.getMethod())) {
if(logger.isDebugEnabled()) {
logger.debug("Authentication method not supported. Request method: " + request.getMethod());
}
throw new AuthenticationServiceException("Authentication method not supported");
}
String username = request.getParameter("j_username");
String password = request.getParameter("j_password");
if (StringUtils.isBlank(username) || StringUtils.isBlank(password)) {
throw new AuthenticationServiceException("Username or Password not provided");
}
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
setDetails(request, authRequest);
Authentication auth = this.getAuthenticationManager().authenticate(authRequest);
return auth;
}
protected void setDetails(HttpServletRequest request,
UsernamePasswordAuthenticationToken authRequest) {
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
}
}
沒有我的授權服務器的配置:
<oauth:authorization-server
client-details-service-ref="defaultOAuth2ClientDetailsEntityService"
authorization-request-manager-ref="connectOAuth2RequestFactory"
token-services-ref="defaultOAuth2ProviderTokenService"
user-approval-handler-ref="tofuUserApprovalHandler"
request-validator-ref="oauthRequestValidator"
redirect-resolver-ref="blacklistAwareRedirectResolver"
authorization-endpoint-url="/authorize"
token-endpoint-url="/token"
error-page="/error">
<oauth:authorization-code authorization-code-services-ref="defaultOAuth2AuthorizationCodeService"/>
<oauth:implicit />
<oauth:refresh-token/>
<oauth:client-credentials/>
<oauth:password/>
<oauth:custom-grant token-granter-ref="chainedTokenGranter" />
<oauth:custom-grant token-granter-ref="jwtAssertionTokenGranter" />
<oauth:custom-grant token-granter-ref="deviceTokenGranter" />
</oauth:authorization-server>
<bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />