1. 首頁
  2. 問答
  3. 我休息服務不承認授權:承載

我休息服務不承認授權:承載

2017-08-28 149 views
1

我只是改變java的配置,但我的休息服務無法識別「授權:承載」,我總是得到一個401次我休息服務不承認授權:承載

我嘗試:

  • 把@EnableResourceServer註釋,其餘API工作正常,但我開始有一個「全認證訪問此資源的需要」,在登錄頁面

  • 消息(XML)把@EnableResourceServer和改變@order 1在 「SecurityConfigurationFrom」,同樣的問題,認識到授權:承載

OAuth2AuthorizationServerConfig:

package com.xaxax.xa.api.config; 

    import com.xaxax.xa.core.security.CheckTokenEndpoint; 
    import com.xaxax.xa.core.security.EmptyPasswordEncoder; 
    import com.xaxax.xa.core.security.UserApprovalHandler; 
    import org.springframework.beans.factory.annotation.Autowired; 
    import org.springframework.context.annotation.Bean; 
    import org.springframework.context.annotation.Configuration; 
    import org.springframework.security.authentication.AuthenticationProvider; 
    import org.springframework.security.authentication.ProviderManager; 
    import org.springframework.security.authentication.dao.DaoAuthenticationProvider; 
    import org.springframework.security.core.userdetails.UserDetailsService; 
    import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; 
    import org.springframework.security.crypto.password.PasswordEncoder; 
    import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; 
    import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; 
    import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; 
    import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; 
    import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer; 
    import org.springframework.security.oauth2.provider.ClientDetailsService; 
    import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService; 
    import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory; 
    import org.springframework.security.oauth2.provider.token.DefaultTokenServices; 
    import org.springframework.security.oauth2.provider.token.TokenStore; 
    import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore; 

    import javax.sql.DataSource; 
    import java.util.ArrayList; 
    import java.util.List; 

    @Configuration 
    @EnableAuthorizationServer 
    public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter { 

     @Autowired 
     private UserDetailsService userDetailsServiceImpl; 

     @Autowired 
     private DataSource dataSource; 


     @Bean 
     public ClientDetailsService clientDetails(){ 
      JdbcClientDetailsService jdbcClientDetailsService = new JdbcClientDetailsService(this.dataSource); 
      return jdbcClientDetailsService; 
     } 

     @Bean 
     public TokenStore tokenStore() { 
      return new JdbcTokenStore(this.dataSource); 
     } 


     @Bean 
     public PasswordEncoder passwordEncoder() { 
      return new BCryptPasswordEncoder(); 
     } 

     @Bean 
     public AuthenticationProvider authenticationProvider() { 
      DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider(); 
      daoAuthenticationProvider.setHideUserNotFoundExceptions(false); 
      daoAuthenticationProvider.setUserDetailsService(this.userDetailsServiceImpl); 
      daoAuthenticationProvider.setPasswordEncoder(this.passwordEncoder()); 
      return daoAuthenticationProvider; 
     } 

     @Bean 
     public EmptyPasswordEncoder emptyPasswordEncoder(){ 
      return new EmptyPasswordEncoder(); 
     } 


     @Bean 
     public AuthenticationProvider noPasswordAuthenticationProvider() { 
      DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider(); 
      daoAuthenticationProvider.setHideUserNotFoundExceptions(false); 
      daoAuthenticationProvider.setUserDetailsService(this.userDetailsServiceImpl); 
      daoAuthenticationProvider.setPasswordEncoder(this.emptyPasswordEncoder()); 
      return daoAuthenticationProvider; 
     } 

     @Bean 
     public DefaultOAuth2RequestFactory oAuth2RequestFactory(){ 

      DefaultOAuth2RequestFactory oAuth2RequestFactory = new DefaultOAuth2RequestFactory(this.clientDetails()); 
      return oAuth2RequestFactory; 

     } 

     @Bean 
     public UserApprovalHandler userApprovalHandler(){ 
      UserApprovalHandler userApprovalHandler = new UserApprovalHandler(); 
      userApprovalHandler.setTokenStore(this.tokenStore()); 
      userApprovalHandler.setRequestFactory(this.oAuth2RequestFactory()); 
      return userApprovalHandler; 
     } 


     @Bean 
     public DefaultTokenServices tokenServices(){ 
      DefaultTokenServices tokenServices = new DefaultTokenServices(); 
      tokenServices.setTokenStore(this.tokenStore()); 
      tokenServices.setSupportRefreshToken(true); 
      tokenServices.setClientDetailsService(this.clientDetails()); 
      return tokenServices; 
     } 

     @Bean 
     public CheckTokenEndpoint checkTokenEndpoint(){ 
      CheckTokenEndpoint checkTokenEndpoint = new CheckTokenEndpoint(); 
      checkTokenEndpoint.setTokenServices(this.tokenServices()); 
      return checkTokenEndpoint; 
     } 



     @Override 
     public void configure(ClientDetailsServiceConfigurer clients) throws Exception { 

      clients.inMemory().withClient("xaxax"); 
      clients.withClientDetails(this.clientDetails()); 

     } 

     @Override 
     public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { 

      List<AuthenticationProvider> listAuthenticationProvider = new ArrayList<>(); 

      listAuthenticationProvider.add(this.authenticationProvider()); 

      ProviderManager providerManager = new ProviderManager(listAuthenticationProvider); 

      endpoints 
        .tokenStore(this.tokenStore()) 
        .tokenServices(tokenServices()) 
        .userApprovalHandler(userApprovalHandler()) 
        .authenticationManager(providerManager) 
        .setClientDetailsService(clientDetails()); 

     } 

     @Override 
     public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception { 

      oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("permitAll()").allowFormAuthenticationForClients(); 

     } 


    }

SecurityConfiguration:

package com.xaxax.xa.api.config; 

import com.xaxax.xa.api.handler.LoginFailureHandler; 
import com.xaxax.xa.api.handler.TokenLogoutSuccessHandler; 
import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.context.annotation.Bean; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.context.annotation.Import; 
import org.springframework.core.annotation.Order; 
import org.springframework.security.authentication.AuthenticationProvider; 
import org.springframework.security.authentication.ProviderManager; 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 
import org.springframework.security.config.http.SessionCreationPolicy; 
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; 
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer; 
import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter; 
import org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService; 
import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler; 
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint; 
import org.springframework.security.web.authentication.AuthenticationSuccessHandler; 
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter; 
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; 
import org.springframework.web.servlet.View; 
import org.springframework.web.servlet.ViewResolver; 
import org.springframework.web.servlet.view.ContentNegotiatingViewResolver; 
import org.springframework.web.servlet.view.InternalResourceViewResolver; 
import org.springframework.web.servlet.view.json.MappingJackson2JsonView; 

import java.util.ArrayList; 
import java.util.List; 

@Configuration 
@Import(OAuth2AuthorizationServerConfig.class) 
@EnableWebSecurity 
@EnableResourceServer 
public class SecurityConfiguration { 


    @Autowired 
    private TokenLogoutSuccessHandler tokenLogoutSuccessHandler; 

    @Autowired 
    private AuthenticationSuccessHandler loginSuccessDBHandler; // AuthenticationSuccessHandler 

    @Autowired 
    private OAuth2AuthorizationServerConfig oAuth2AuthorizationServerConfig; 


    @Bean 
    public LoginFailureHandler authenticationFailureHandler(){ 
     return new LoginFailureHandler(); 
    } 

    @Bean 
    public InternalResourceViewResolver internalResourceViewResolver(){ 
     InternalResourceViewResolver internalResourceViewResolver = new InternalResourceViewResolver(); 
     internalResourceViewResolver.setPrefix("/WEB-INF/"); 
     internalResourceViewResolver.setSuffix(".jsp"); 
     return internalResourceViewResolver; 
    } 

    @Bean 
    public MappingJackson2JsonView mappingJackson2JsonView(){ 
     MappingJackson2JsonView mappingJackson2JsonView = new MappingJackson2JsonView(); 
     mappingJackson2JsonView.setExtractValueFromSingleKeyModel(true); 
     return mappingJackson2JsonView; 
    } 

    @Bean 
    public ContentNegotiatingViewResolver viewResolvers(){ 

     ContentNegotiatingViewResolver contentNegotiatingViewResolver = new ContentNegotiatingViewResolver(); 

     List<ViewResolver> viewResolvers = new ArrayList<>(); 
     viewResolvers.add(internalResourceViewResolver()); 

     List<View> listView = new ArrayList<>(); 
     listView.add(mappingJackson2JsonView()); 

     contentNegotiatingViewResolver.setViewResolvers(viewResolvers); 
     contentNegotiatingViewResolver.setDefaultViews(listView); 
     return contentNegotiatingViewResolver; 

    } 


    @Bean 
    public OAuth2AuthenticationEntryPoint oAuth2AuthenticationEntryPoint(){ 
     OAuth2AuthenticationEntryPoint clientAuthenticationEntryPoint = new OAuth2AuthenticationEntryPoint(); 
     clientAuthenticationEntryPoint.setRealmName("xaxax/client"); 
     clientAuthenticationEntryPoint.setTypeName("Basic"); 
     return clientAuthenticationEntryPoint; 
    } 


    @Bean 
    public ClientDetailsUserDetailsService clientDetailsUserService(){ 
     ClientDetailsUserDetailsService clientDetailsUserService = new ClientDetailsUserDetailsService(this.oAuth2AuthorizationServerConfig.clientDetails()); 
     return clientDetailsUserService; 
    } 


    @Bean 
    public OAuth2AccessDeniedHandler oauthAccessDeniedHandler(){ 
     OAuth2AccessDeniedHandler oAuth2AccessDeniedHandler = new OAuth2AccessDeniedHandler(); 
     return oAuth2AccessDeniedHandler; 
    } 

    @Bean 
    public ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter(){ 
     ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter = new ClientCredentialsTokenEndpointFilter(); 

     List<AuthenticationProvider> listAuthenticationProvider = new ArrayList<>(); 

     listAuthenticationProvider.add(this.oAuth2AuthorizationServerConfig.authenticationProvider()); 

     ProviderManager providerManager = new ProviderManager(listAuthenticationProvider); 

     clientCredentialsTokenEndpointFilter.setAuthenticationManager(providerManager); 

     return clientCredentialsTokenEndpointFilter; 
    } 

    @Configuration 
    @Order(10) 
    public static class SecurityConfigurationFrom extends WebSecurityConfigurerAdapter { 

     @Autowired 
     private SecurityConfiguration securityConfiguration; 

     @Override 
     protected void configure(HttpSecurity http) throws Exception { 

      ResourceServerSecurityConfigurer resources = new ResourceServerSecurityConfigurer(); 
      resources.tokenStore(securityConfiguration.oAuth2AuthorizationServerConfig.tokenStore()); 
      resources.tokenServices(securityConfiguration.oAuth2AuthorizationServerConfig.tokenServices()); 

      // @formatter:off 
      http 
        .sessionManagement() 
         .sessionCreationPolicy(SessionCreationPolicy.ALWAYS) 
        .and() 
         .anonymous() 
        .and() 
         .authenticationProvider(securityConfiguration.oAuth2AuthorizationServerConfig.authenticationProvider()) 
         .addFilterBefore(securityConfiguration.clientCredentialsTokenEndpointFilter(), AbstractPreAuthenticatedProcessingFilter.class) 
         .authorizeRequests() 
          .antMatchers("/oauth/token/**").permitAll() 
          .antMatchers("/oauth/authorize/**").permitAll() 
          .antMatchers("/oauth/principal/**").hasRole("USER") 
          .antMatchers("/login.jsp").permitAll() 
        .and() 
         .exceptionHandling() 
          .accessDeniedPage("/login.jsp?authorization_error=true") 
         .accessDeniedHandler(securityConfiguration.oauthAccessDeniedHandler()) 
        .and() 
         .httpBasic() 
          .authenticationEntryPoint(securityConfiguration.oAuth2AuthenticationEntryPoint()) 
        .and() 
         .csrf() 
          .disable() 
         .logout() 
         .logoutUrl("/logout.do") 
         .logoutSuccessHandler(securityConfiguration.tokenLogoutSuccessHandler) 
         .logoutSuccessUrl("/login.jsp") 
        .and() 
         .formLogin() 
          .successHandler(securityConfiguration.loginSuccessDBHandler) 
          .failureHandler(securityConfiguration.authenticationFailureHandler()) 
          .loginProcessingUrl("/login.do") 
          .usernameParameter("j_username") 
          .passwordParameter("j_password") 
          .failureUrl("/login.jsp?authentication_error=true") 
          .loginPage("/login.jsp") 
      ; 
      http.headers().frameOptions().sameOrigin(); 

      // @formatter:on 

     } 

    } 
    @Configuration 
    @Order(15) 
    public static class SecurityConfigurationCheckToken extends WebSecurityConfigurerAdapter { 

     @Autowired 
     private SecurityConfiguration securityConfiguration; 

     @Override 
     protected void configure(HttpSecurity http) throws Exception { 
      // @formatter:off 
      http 
       .sessionManagement() 
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS) 
       .and() 
       .anonymous() 
       .and() 
       .authorizeRequests() 
        .antMatchers("/**").permitAll() 
        .antMatchers("/oauth/check_token").fullyAuthenticated() 
       .and() 
        .exceptionHandling() 
        .accessDeniedHandler(securityConfiguration.oauthAccessDeniedHandler()) 
       .and() 
       .authenticationProvider(securityConfiguration.oAuth2AuthorizationServerConfig.authenticationProvider()) 
        .addFilterBefore(securityConfiguration.clientCredentialsTokenEndpointFilter(), AbstractPreAuthenticatedProcessingFilter.class) 
       .httpBasic() 
        .authenticationEntryPoint(securityConfiguration.oAuth2AuthenticationEntryPoint()); 
      // @formatter:on 
     } 

    } 

    @Configuration 
    @Order(20) 
    public static class SecurityConfigurationToken extends WebSecurityConfigurerAdapter { 

     @Autowired 
     private SecurityConfiguration securityConfiguration; 

     @Override 
     protected void configure(HttpSecurity http) throws Exception { 
      // @formatter:off 
      http 
        .sessionManagement() 
         .sessionCreationPolicy(SessionCreationPolicy.STATELESS) 
        .and() 
        .anonymous().disable() 
        .authorizeRequests() 
         .antMatchers("/oauth/token").fullyAuthenticated() 
        .and() 
        .exceptionHandling() 
         .accessDeniedHandler(securityConfiguration.oauthAccessDeniedHandler()) 
        .and() 
        .authenticationProvider(securityConfiguration.oAuth2AuthorizationServerConfig.authenticationProvider()) 
         .addFilterAfter(securityConfiguration.clientCredentialsTokenEndpointFilter(), BasicAuthenticationFilter.class) 
         .httpBasic() 
         .authenticationEntryPoint(securityConfiguration.oAuth2AuthenticationEntryPoint()); 
      // @formatter:on 
     } 

    } 

}

來源

2017-08-28 Edgar Silva

回答

1

現在的作品:)

我的最終代碼

SecurityConfiguration:

@Configuration 
@EnableWebSecurity 
public class SecurityConfiguration { 


    @Autowired 
    private TokenLogoutSuccessHandler tokenLogoutSuccessHandler; 

    @Autowired 
    private AuthenticationSuccessHandler loginSuccessDBHandler; // AuthenticationSuccessHandler 

    @Autowired 
    private OAuth2AuthorizationServerConfig oAuth2AuthorizationServerConfig; 


    @Bean 
    public LoginFailureHandler authenticationFailureHandler(){ 
     return new LoginFailureHandler(); 
    } 

    @Bean 
    public InternalResourceViewResolver internalResourceViewResolver(){ 
     InternalResourceViewResolver internalResourceViewResolver = new InternalResourceViewResolver(); 
     internalResourceViewResolver.setPrefix("/WEB-INF/"); 
     internalResourceViewResolver.setSuffix(".jsp"); 
     return internalResourceViewResolver; 
    } 

    @Bean 
    public MappingJackson2JsonView mappingJackson2JsonView(){ 
     MappingJackson2JsonView mappingJackson2JsonView = new MappingJackson2JsonView(); 
     mappingJackson2JsonView.setExtractValueFromSingleKeyModel(true); 
     return mappingJackson2JsonView; 
    } 

    @Bean 
    public ContentNegotiatingViewResolver viewResolvers(){ 

     ContentNegotiatingViewResolver contentNegotiatingViewResolver = new ContentNegotiatingViewResolver(); 

     List<ViewResolver> viewResolvers = new ArrayList<>(); 
     viewResolvers.add(internalResourceViewResolver()); 

     List<View> listView = new ArrayList<>(); 
     listView.add(mappingJackson2JsonView()); 

     contentNegotiatingViewResolver.setViewResolvers(viewResolvers); 
     contentNegotiatingViewResolver.setDefaultViews(listView); 
     return contentNegotiatingViewResolver; 

    } 


    @Bean 
    public OAuth2AuthenticationEntryPoint oAuth2AuthenticationEntryPointLoginForm(){ 
     OAuth2AuthenticationEntryPoint clientAuthenticationEntryPoint = new OAuth2AuthenticationEntryPoint(); 
     clientAuthenticationEntryPoint.setRealmName("xaxax/client"); 
     clientAuthenticationEntryPoint.setTypeName(OAuth2AccessToken.BEARER_TYPE); 
     return clientAuthenticationEntryPoint; 
    } 


    @Bean 
    public OAuth2AuthenticationEntryPoint oAuth2AuthenticationEntryPointCheckToken(){ 
     OAuth2AuthenticationEntryPoint clientAuthenticationEntryPoint = new OAuth2AuthenticationEntryPoint(); 
     clientAuthenticationEntryPoint.setRealmName("xaxax/client"); 
     clientAuthenticationEntryPoint.setTypeName(OAuth2AccessToken.BEARER_TYPE); 
     return clientAuthenticationEntryPoint; 
    } 

    @Bean 
    public OAuth2AuthenticationEntryPoint oAuth2AuthenticationEntryPointToken(){ 
     OAuth2AuthenticationEntryPoint clientAuthenticationEntryPoint = new OAuth2AuthenticationEntryPoint(); 
     clientAuthenticationEntryPoint.setRealmName("xaxax/client"); 
     clientAuthenticationEntryPoint.setTypeName(OAuth2AccessToken.BEARER_TYPE); 
     return clientAuthenticationEntryPoint; 
    } 


    @Bean 
    public ClientDetailsUserDetailsService clientDetailsUserService(){ 
     ClientDetailsUserDetailsService clientDetailsUserService = new ClientDetailsUserDetailsService(this.oAuth2AuthorizationServerConfig.clientDetails()); 
     return clientDetailsUserService; 
    } 


    @Bean 
    public OAuth2AccessDeniedHandler oauthAccessDeniedHandler(){ 
     OAuth2AccessDeniedHandler oAuth2AccessDeniedHandler = new OAuth2AccessDeniedHandler(); 
     return oAuth2AccessDeniedHandler; 
    } 

    @Bean 
    public ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter(){ 
     ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter = new ClientCredentialsTokenEndpointFilter(); 

     List<AuthenticationProvider> listAuthenticationProvider = new ArrayList<>(); 

     listAuthenticationProvider.add(this.oAuth2AuthorizationServerConfig.authenticationProvider()); 

     ProviderManager providerManager = new ProviderManager(listAuthenticationProvider); 

     clientCredentialsTokenEndpointFilter.setAuthenticationManager(providerManager); 

     return clientCredentialsTokenEndpointFilter; 
    } 

    @Configuration 
    @Order(10) 
    public static class SecurityConfigurationCheckToken extends WebSecurityConfigurerAdapter { 

     @Autowired 
     private SecurityConfiguration securityConfiguration; 

     @Override 
     protected void configure(HttpSecurity http) throws Exception { 
      // @formatter:off 
      http.antMatcher("/oauth/check_token") 
        .sessionManagement() 
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS) 
        .and() 
        .anonymous() 
        .and() 
        .authorizeRequests() 
         .antMatchers("/**").permitAll() 
        .and() 
        .exceptionHandling() 
        .accessDeniedHandler(securityConfiguration.oauthAccessDeniedHandler()) 
        .and() 
        .authenticationProvider(securityConfiguration.oAuth2AuthorizationServerConfig.authenticationProvider()) 
        .addFilterBefore(new ApiTokenAccessFilter(securityConfiguration.oAuth2AuthorizationServerConfig.tokenServices()), AbstractPreAuthenticatedProcessingFilter.class) 
        .httpBasic() 
        .authenticationEntryPoint(securityConfiguration.oAuth2AuthenticationEntryPointCheckToken()); 
      // @formatter:on 
     } 

    } 

    @Configuration 
    @Order(15) 
    public static class SecurityConfigurationToken extends WebSecurityConfigurerAdapter { 

     @Autowired 
     private SecurityConfiguration securityConfiguration; 

     @Override 
     protected void configure(HttpSecurity http) throws Exception { 
      // @formatter:off 
      http.antMatcher("/oauth/token") 
        .sessionManagement() 
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS) 
        .and() 
        .anonymous().disable() 
        .authorizeRequests() 
        .antMatchers("/oauth/token").fullyAuthenticated() 
        .and() 
        .exceptionHandling() 
        .accessDeniedHandler(securityConfiguration.oauthAccessDeniedHandler()) 
        .and() 
        .authenticationProvider(securityConfiguration.oAuth2AuthorizationServerConfig.authenticationProvider()) 
        .addFilterAfter(securityConfiguration.clientCredentialsTokenEndpointFilter(), BasicAuthenticationFilter.class) 
        .httpBasic() 
        .authenticationEntryPoint(securityConfiguration.oAuth2AuthenticationEntryPointToken()); 
      // @formatter:on 
     } 

    } 


    @Configuration 
    @Order(20) 
    public static class SecurityConfigurationFrom extends WebSecurityConfigurerAdapter { 

     @Autowired 
     private SecurityConfiguration securityConfiguration; 

     @Override 
     protected void configure(HttpSecurity http) throws Exception { 

      // @formatter:off 
      http 
        .sessionManagement() 
         .sessionCreationPolicy(SessionCreationPolicy.ALWAYS) 
        .and() 
         .anonymous() 
        .and() 
         .authenticationProvider(securityConfiguration.oAuth2AuthorizationServerConfig.authenticationProvider()) 
         .addFilterBefore(new ApiTokenAccessFilter(securityConfiguration.oAuth2AuthorizationServerConfig.tokenServices()), AbstractPreAuthenticatedProcessingFilter.class) 
         .authorizeRequests() 
          .antMatchers("/oauth/token/**").permitAll() 
          .antMatchers("/oauth/authorize/**").permitAll() 
          .antMatchers("/oauth/principal/**").hasRole("USER") 
          .antMatchers("/login.jsp").permitAll() 
        .and() 
         .exceptionHandling() 
          .accessDeniedPage("/login.jsp?authorization_error=true") 
        .and() 
         .httpBasic() 
          .authenticationEntryPoint(securityConfiguration.oAuth2AuthenticationEntryPointLoginForm()) 
        .and() 
         .csrf() 
          .disable() 
         .logout() 
         .logoutUrl("/logout.do") 
         .logoutSuccessHandler(securityConfiguration.tokenLogoutSuccessHandler) 
         .logoutSuccessUrl("/login.jsp") 
        .and() 
         .formLogin() 
          .successHandler(securityConfiguration.loginSuccessDBHandler) 
          .failureHandler(securityConfiguration.authenticationFailureHandler()) 
          .loginProcessingUrl("/login.do") 
          .usernameParameter("j_username") 
          .passwordParameter("j_password") 
          .failureUrl("/login.jsp?authentication_error=true") 
          .loginPage("/login.jsp") 
      ; 
      http.headers().frameOptions().sameOrigin(); 
      // @formatter:on 

     } 

    } 


}

OAuth2AuthorizationServerConfig:

@Configuration 
@EnableAuthorizationServer 
public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter { 

    @Autowired 
    private UserDetailsService userDetailsServiceImpl; 

    @Autowired 
    private DataSource dataSource; 


    @Bean 
    public ClientDetailsService clientDetails(){ 
     JdbcClientDetailsService jdbcClientDetailsService = new JdbcClientDetailsService(this.dataSource); 
     return jdbcClientDetailsService; 
    } 

    @Bean 
    public TokenStore tokenStore() { 
     return new JdbcTokenStore(this.dataSource); 
    } 


    @Bean 
    public PasswordEncoder passwordEncoder() { 
     return new BCryptPasswordEncoder(); 
    } 

    @Bean 
    public AuthenticationProvider authenticationProvider() { 
     DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider(); 
     daoAuthenticationProvider.setHideUserNotFoundExceptions(false); 
     daoAuthenticationProvider.setUserDetailsService(this.userDetailsServiceImpl); 
     daoAuthenticationProvider.setPasswordEncoder(this.passwordEncoder()); 
     return daoAuthenticationProvider; 
    } 

    @Bean 
    public EmptyPasswordEncoder emptyPasswordEncoder(){ 
     return new EmptyPasswordEncoder(); 
    } 


    @Bean 
    public AuthenticationProvider noPasswordAuthenticationProvider() { 
     DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider(); 
     daoAuthenticationProvider.setHideUserNotFoundExceptions(false); 
     daoAuthenticationProvider.setUserDetailsService(this.userDetailsServiceImpl); 
     daoAuthenticationProvider.setPasswordEncoder(this.emptyPasswordEncoder()); 
     return daoAuthenticationProvider; 
    } 



    @Bean 
    public DefaultOAuth2RequestFactory oAuth2RequestFactory(){ 

     DefaultOAuth2RequestFactory oAuth2RequestFactory = new DefaultOAuth2RequestFactory(this.clientDetails()); 
     return oAuth2RequestFactory; 

    } 



    @Bean 
    public UserApprovalHandler userApprovalHandler(){ 
     UserApprovalHandler userApprovalHandler = new UserApprovalHandler(); 
     userApprovalHandler.setTokenStore(this.tokenStore()); 
     userApprovalHandler.setRequestFactory(this.oAuth2RequestFactory()); 
     return userApprovalHandler; 
    } 


    @Bean 
    public DefaultTokenServices tokenServices(){ 
     DefaultTokenServices tokenServices = new DefaultTokenServices(); 
     tokenServices.setTokenStore(this.tokenStore()); 
     tokenServices.setSupportRefreshToken(true); 
     tokenServices.setClientDetailsService(this.clientDetails()); 
     return tokenServices; 
    } 

    @Bean 
    public CheckTokenEndpoint checkTokenEndpoint(){ 
     CheckTokenEndpoint checkTokenEndpoint = new CheckTokenEndpoint(); 
     checkTokenEndpoint.setTokenServices(this.tokenServices()); 
     return checkTokenEndpoint; 
    } 



    @Override 
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception { 

     clients.inMemory().withClient("xaxax"); 
     clients.withClientDetails(this.clientDetails()); 

    } 



    @Override 
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { 

     List<AuthenticationProvider> listAuthenticationProvider = new ArrayList<>(); 

     listAuthenticationProvider.add(this.authenticationProvider()); 

     ProviderManager providerManager = new ProviderManager(listAuthenticationProvider); 

     endpoints 
       .tokenStore(this.tokenStore()) 
       .tokenServices(tokenServices()) 
       .userApprovalHandler(userApprovalHandler()) 
       .authenticationManager(providerManager) 
       .setClientDetailsService(clientDetails()); 

    } 

    @Override 
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception { 

     oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("permitAll()").allowFormAuthenticationForClients(); 


    } 


}

ApiTokenAccessFilter:

public class ApiTokenAccessFilter extends OAuth2AuthenticationProcessingFilter { 

    public ApiTokenAccessFilter(ResourceServerTokenServices resourceServerTokenServices) { 

     super(); 
     setStateless(false); 
     setAuthenticationManager(oauthAuthenticationManager(resourceServerTokenServices)); 
    } 

    private AuthenticationManager oauthAuthenticationManager(ResourceServerTokenServices tokenServices) { 

     OAuth2AuthenticationManager oauthAuthenticationManager = new OAuth2AuthenticationManager(); 

     oauthAuthenticationManager.setResourceId("oauth2-resource"); 
     oauthAuthenticationManager.setTokenServices(tokenServices); 
     oauthAuthenticationManager.setClientDetailsService(null); 

     return oauthAuthenticationManager; 
    } 
}

鏈接,幫助我:

Spring Security OAuth2 - @EnableOauth2Sso but accept tokens as authentication, too

http://www.baeldung.com/spring-security-multiple-entry-points

來源

2017-08-29 17:25:28

相關問題

 相關問題