OAuth2 SSO與Spring Boot沒有授權屏幕

Question

我有資源，授權和_ui使用Spring Boot 1.5.3，OAuth2和MongoDB編寫的應用程序。

資源將從移動應用程序以及一些Web應用程序（一個用於普通用戶，另一個用於管理員）訪問。這些應用程序與Dave Syer的指南中的samples非常相似。與用戶存儲在數據庫中不同的是，客戶端存儲在位於授權服務器資源文件夾中的xml文件中。

我正在爲網絡用戶的登錄體驗苦苦掙扎。遵循基於JWT的OAuth應用程序的指南，在登錄頁面後，用戶被重定向到授權屏幕，這不是所需的行爲。即，我不希望我的授權服務器詢問用戶是否信任我的Web應用程序訪問其資源。相反，我想讓用戶在登錄後立即重定向到用戶界面，正如人們所期望的那樣。

我發現this project on GitHub（與指南中的應用程序非常相似），其行爲與我想要的完全相同，但是一旦我開始通過添加身份驗證和授權實現來對其進行自定義，它將恢復爲使用授權屏幕。顯然，我錯過了一些東西，但我無法弄清楚究竟是什麼。

授權/ SRC /主/ resourcs/application.yml

security: 
    oauth2: 
    client: 
     client-id: trusted-app 
     client-secret: secret 
     scope: read, write 
     auto-approve-scopes: .* 
    authorization: 
     check-token-access: permitAll() 
server: 
    port: 9999 
    context-path: /uaa 
mongo: 
    db: 
    name: myappname 

授權/ SRC /主/ resourcs /客戶details.xml

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:oauth="http://www.springframework.org/schema/security/oauth2" 

    xsi:schemaLocation="http://www.springframework.org/schema/beans 
        http://www.springframework.org/schema/beans/spring-beans.xsd 
        http://www.springframework.org/schema/security/oauth2 
        http://www.springframework.org/schema/security/spring-security-oauth2.xsd"> 

<oauth:client-details-service id="client-details-service"> 

    <!-- Web Application clients --> 
    <oauth:client 
      client-id="trusted-app" 
      secret="secret" 
      authorized-grant-types="authorization_code, password,refresh_token" 
      authorities="ROLE_WEB, ROLE_TRUSTED_CLIENT" 
      access-token-validity="${oauth.token.access.expiresInSeconds}" 
      refresh-token-validity="${oauth.token.refresh.expiresInSeconds}"/> 
    </oauth:client-details-service> 
</beans> 

授權/ SRC /main/java/AuthorizationApplication.java

@SpringBootApplication 
@RestController 
public class AuthorizationApplication extends AuthorizationServerConfigurerAdapter { 

    @RequestMapping("/user") 
    @ResponseBody 
    public Principal user(Principal user) { 
     return user; 
    } 

    @Configuration 
    static class MvcConfig extends WebMvcConfigurerAdapter { 
     @Override 
     public void addViewControllers(ViewControllerRegistry registry) { 
      registry.addViewController("login").setViewName("login"); 
      registry.addViewController("/").setViewName("index"); 
     } 
    } 

    @Configuration 
    @Order(-20) 
    static class LoginConfig extends WebSecurityConfigurerAdapter { 
     @Override 
     protected void configure(HttpSecurity http) throws Exception { 
      http 
       .formLogin().loginPage("/login").permitAll() 
      .and() 
       .requestMatchers() 
       .antMatchers("/", "/login", "/oauth/authorize", "/oauth/confirm_access") 
      .and() 
       .authorizeRequests() 
       .anyRequest().authenticated(); 
     } 
    } 

    @Configuration 
    @EnableAuthorizationServer 
    @ImportResource({"classpath*:client-details.xml"}) 
    protected static class OAuth2AuthorizationConfig extends AuthorizationServerConfigurerAdapter { 

     @Autowired 
     private AuthenticationManager authenticationManager; 

     @Resource(name="client-details-service") 
     private ClientDetailsService clientDetailsService; 

     @Override 
     public void configure(ClientDetailsServiceConfigurer clients) throws Exception { 
      clients.withClientDetails(clientDetailsService); 
     } 

     @Override 
     public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { 
      endpoints 
       .authenticationManager(authenticationManager) 
       .accessTokenConverter(jwtAccessTokenConverter()); 
     } 

     @Bean 
     public JwtAccessTokenConverter jwtAccessTokenConverter() { 
      JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); 
      return converter; 
     } 
    } 

    @Bean 
    PasswordEncoder passwordEncoder(){ 
     return new StandardPasswordEncoder(); 
    } 

    public static void main(String[] args) { 
     SpringApplication.run(AuthorizationApplication.class, args); 
    } 

} 

授權/ SRC /主/爪哇/ mypackage的/ UserService.java

@Service 
public class UserService implements UserDetailsService { 

    private UserAccountRepository userAccountRepository; 

    @Autowired 
    public UserService(UserAccountRepository userAccountRepository){ 
     this.userAccountRepository = userAccountRepository; 
    } 

    @Override 
    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException { 

     UserAccount userAccount = userAccountRepository.findByEmail(s); 

     if (userAccount != null) { 
      return userAccount; 
     } else { 
      throw new UsernameNotFoundException("could not find the user '" + s + "'"); 
     } 
    } 
} 

UI/SRC /主/資源/ application.yml

auth-server: http://localhost:9999/uaa 
server: 
    port: 8080 
spring: 
    aop: 
    proxy-target-class: true 
security: 
    oauth2: 
    client: 
     clientId: trusted-app 
     clientSecret: secret 
     access-token-uri: ${auth-server}/oauth/token 
     user-authorization-uri: ${auth-server}/oauth/authorize 
     scope: read, write 
    resource: 
     token-info-uri: ${auth-server}/oauth/check_token 

UI/SRC /main/java/UiApplication.java

@SpringBootApplication 
@EnableOAuth2Sso 
public class UiApplication extends WebSecurityConfigurerAdapter{ 

    public static void main(String[] args) { 
     SpringApplication.run(UiApplication.class, args); 
    } 

    @Bean 
    OAuth2RestTemplate oauth2RestTemplate(OAuth2ClientContext oauth2ClientContext, OAuth2ProtectedResourceDetails details) { 
     return new OAuth2RestTemplate(details, oauth2ClientContext); 
    } 
} 

Answer 1

從http://www.springframework.org/schema/security/spring-security-oauth2.xsd元客戶細節服務>的complexType客戶>屬性autoaprove被自動批准（逗號分隔），或只是 「真」，以自動審批所有

作用域或範圍的圖案。

只需將autoapprove="true"屬性添加到您的信任應用程序client-details.xml。這樣，authserver不會請求用戶的確認來訪問資源。

Here是如何直接在Java配置中實現此行爲的示例。