字面上能夠擊中端點:http://localhost:8080/oauth2-password/helloworld仍然獲得字符串「Hello World!」..請查看我的配置下面,請告訴我爲什麼。這是非常令人沮喪的。Spring Security OAuth2受保護資源實際上未受保護...篩選器無法正常工作?
授權服務器
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
AuthenticationManager authenticationManager;
@Primary
@Bean
InMemoryTokenStore tokenStore() {
return new InMemoryTokenStore();
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(this.authenticationManager).tokenStore(this.tokenStore());
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("client")
.resourceIds("app")
.authorizedGrantTypes("password")
.scopes("read", "write", "trust")
.refreshTokenValiditySeconds(20000)
.accessTokenValiditySeconds(600);
}
}
資源服務器
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Autowired
AuthenticationManager authManager;
@Autowired
TokenStore tokenStore;
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/").permitAll().antMatchers("/helloworld/**").authenticated();
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId("app").tokenStore(this.tokenStore).authenticationManager(this.authManager);
}
}
WEB SECURITY CONFIG
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
在Spring Security Reference中已經證明了這一點,請參閱我的[回覆](https://stackoverflow.com/a/39591417/5277820)以獲取類似的問題。 – dur
@dur哈哈很驚訝,你沒有趕上那一個!我知道你必須在XML中註冊DelegatingFilterProxy。簡單。我認爲整個過程當你實現EnableResourceServer時它會被自動註冊。但是,只有當您這樣做時啓用的過濾器是OAuth2AuthenticationProcessingFilter,而不是整個父級DelegatingFilterProxy - > FilterChainProxy委託方案。 –