1. 首頁
  2. 問答
  3. 春季安全的OAuth2總是重定向到具有有效承載頭

春季安全的OAuth2總是重定向到具有有效承載頭

2017-04-09 32 views
2

我有一個很難得到的Spring Security的OAuth2工作/登錄頁面。我能得到/ OAuth的/標記點,但訪問與在標頭標記一個受保護的資源的access_token「授權:承載$令牌」總是重定向我/登錄。這是一個完整的REST API。春季安全的OAuth2總是重定向到具有有效承載頭

OAuth2Config

@Configuration 
public class OAuth2Configuration { 

    private static final String SERVER_RESOURCE_ID = "oauth2-server"; 

    private static InMemoryTokenStore tokenStore = new InMemoryTokenStore(); 


    @Configuration 
    @EnableResourceServer 
    protected static class ResourceServer extends ResourceServerConfigurerAdapter { 

     @Override 
     public void configure(ResourceServerSecurityConfigurer resources) throws Exception { 
      resources.tokenStore(tokenStore).resourceId(SERVER_RESOURCE_ID); 
     } 

     @Override 
     public void configure(HttpSecurity http) throws Exception { 
      http.requestMatchers().antMatchers("/admin**").and().authorizeRequests().antMatchers("/admin**").access("#oauth2.hasScope('read')"); 
     } 
    } 

    @Configuration 
    @EnableAuthorizationServer 
    protected static class AuthConfig extends AuthorizationServerConfigurerAdapter { 

     @Autowired 
     private AuthenticationManager authenticationManager; 


     @Override 
     public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { 
      endpoints.authenticationManager(authenticationManager).tokenStore(tokenStore).approvalStoreDisabled(); 
     } 

     @Override 
     public void configure(ClientDetailsServiceConfigurer clients) throws Exception { 
      clients.inMemory() 
       .withClient("my-client") 
        .authorizedGrantTypes("authorization_code","refresh_token", "password") 
        .authorities("ROLE_CLIENT") 
        .scopes("read") 
        .resourceIds(SERVER_RESOURCE_ID) 
        .secret("secret") 
      ; 
     } 
    } 
}

SecurityConfig類

@Configuration 
@EnableWebSecurity 
public class SecurityConfiguration extends WebSecurityConfigurerAdapter { 

    @Autowired 
    private UserDetailsService userDetailsService; 

    @Bean 
    public BCryptPasswordEncoder bCryptPasswordEncoder() { 
     return new BCryptPasswordEncoder(); 
    } 

    @Autowired 
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 

     auth 
       .userDetailsService(userDetailsService) 
       .passwordEncoder(bCryptPasswordEncoder()); 

    } 

    @Override 
    @Bean 
    public AuthenticationManager authenticationManagerBean() throws Exception { 
     return super.authenticationManagerBean(); 
    } 
}

以下是調試日誌

2017-04-10 10:58:31.634[0;39m [32mDEBUG[0;39m [35m6456[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet  [0;39m [2m:[0;39m Initializing servlet 'dispatcherServlet' 
[2m2017-04-10 10:58:31.635[0;39m [32m INFO[0;39m [35m6456[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.a.c.c.C.[Tomcat].[localhost].[/]  [0;39m [2m:[0;39m Initializing Spring FrameworkServlet 'dispatcherServlet' 
[2m2017-04-10 10:58:31.635[0;39m [32m INFO[0;39m [35m6456[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet  [0;39m [2m:[0;39m FrameworkServlet 'dispatcherServlet': initialization started 
[2m2017-04-10 10:58:31.635[0;39m [32mDEBUG[0;39m [35m6456[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet  [0;39m [2m:[0;39m Using MultipartResolver [org.springf[email protected]40aad17d] 
[2m2017-04-10 10:58:31.639[0;39m [32mDEBUG[0;39m [35m6456[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet  [0;39m [2m:[0;39m Unable to locate LocaleResolver with name 'localeResolver': using default [[email protected]70f4e8c6] 
[2m2017-04-10 10:58:31.643[0;39m [32mDEBUG[0;39m [35m6456[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet  [0;39m [2m:[0;39m Unable to locate ThemeResolver with name 'themeResolver': using default [[email protected]6] 
[2m2017-04-10 10:58:31.649[0;39m [32mDEBUG[0;39m [35m6456[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet  [0;39m [2m:[0;39m Unable to locate RequestToViewNameTranslator with name 'viewNameTranslator': using default [org.spri[email protected]5f14eeee] 
[2m2017-04-10 10:58:31.656[0;39m [32mDEBUG[0;39m [35m6456[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet  [0;39m [2m:[0;39m Unable to locate FlashMapManager with name 'flashMapManager': using default [[email protected]688575] 
[2m2017-04-10 10:58:31.656[0;39m [32mDEBUG[0;39m [35m6456[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet  [0;39m [2m:[0;39m Published WebApplicationContext of servlet 'dispatcherServlet' as ServletContext attribute with name [org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcherServlet] 
[2m2017-04-10 10:58:31.656[0;39m [32m INFO[0;39m [35m6456[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet  [0;39m [2m:[0;39m FrameworkServlet 'dispatcherServlet': initialization completed in 21 ms 
[2m2017-04-10 10:58:31.656[0;39m [32mDEBUG[0;39m [35m6456[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet  [0;39m [2m:[0;39m Servlet 'dispatcherServlet' configured successfully 
[2m2017-04-10 10:58:31.692[0;39m [32mDEBUG[0;39m [35m6456[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet  [0;39m [2m:[0;39m DispatcherServlet with name 'dispatcherServlet' processing POST request for [/oauth/token] 
[2m2017-04-10 10:58:31.695[0;39m [32mDEBUG[0;39m [35m6456[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36ms.w.s.m.m.a.RequestMappingHandlerMapping[0;39m [2m:[0;39m Looking up handler method for path /oauth/token 
[2m2017-04-10 10:58:31.699[0;39m [32mDEBUG[0;39m [35m6456[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36ms.w.s.m.m.a.RequestMappingHandlerMapping[0;39m [2m:[0;39m Did not find handler method for [/oauth/token] 
[2m2017-04-10 10:58:32.012[0;39m [32m INFO[0;39m [35m6456[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.s.o.p.token.store.JdbcTokenStore [0;39m [2m:[0;39m Failed to find access token for token 7c74f287-e187-4228-b0c2-b79972f9b89b 
[2m2017-04-10 10:58:32.226[0;39m [32mDEBUG[0;39m [35m6456[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.w.s.m.m.a.HttpEntityMethodProcessor [0;39m [2m:[0;39m Written [7c74f287-e187-4228-b0c2-b79972f9b89b] as "application/json" using [org.springfr[email protected]2fd4312a] 
[2m2017-04-10 10:58:32.226[0;39m [32mDEBUG[0;39m [35m6456[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet  [0;39m [2m:[0;39m Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling 
[2m2017-04-10 10:58:32.226[0;39m [32mDEBUG[0;39m [35m6456[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet  [0;39m [2m:[0;39m Successfully completed request

它是什麼,我的思念?我幾乎已經通過網絡將每個示例都嘗試到現有項目中,但是當我嘗試使用有效令牌請求受保護資源時,我總是重定向到/ login端點。

謝謝。

來源

2017-04-09 Adil Khalil

+0

哪些認證流程您使用恢復=?另外,您是否有任何用戶登錄?密碼和驗證碼需要用戶憑證和我假設你使用那些自client_credentials流不會在你的代碼 –

+0

我使用的密碼上市流通。我有用戶登錄,我成功可以從oauth/token獲取access_token,但在訪問受保護的資源時,我總是通過位置/登錄獲得HTTP 302響應。 –

回答

12

因此,原來,因爲我是從春天啓動的早期版本升級到1.5.2,在發行說明這是說,資源濾波器的階數已經改變。 See here。只需將這個神奇屬性放置在application.properties文件中,它就修復了一切。

security.oauth2.resource.filter-order = 3

他默認的OAuth2資源過濾器的順序從3改爲SecurityProperties.ACCESS_OVERRIDE_ORDER - 1,這地方就在執行端點後,但在基本認證過濾器鏈之前。默認可以通過設置security.oauth2.resource.filter階3.

來源

2017-04-10 14:49:21

+0

謝謝,我也遇到了同樣的問題(Spring 1.5.4),增加了這一點幫助達到了終點。 – jayanth

+0

Thanks.This工作像魅力。 :d – rahul

相關問題

 相關問題