0
如何通過授權標頭中的oauth_token發送請求時如何確保正在對OAuth2ProtectedResourceFilter進行調用?Spring OAuth2 - 確保調用OAuth2ProtectedResourceFilter
A
回答
0
它總是通過一個過濾器,如果它是正確映射
0
如前所述,要確保一切,需要通過彈簧的安全過濾器去:
這裏樣本的過濾器是如何映射到servlet前面(用於授權端點的Spring MVC DispatcherServlet) 您可以將相同的過濾器映射到任何其他servlet,例如映射到您配置的jersey servlet。
在/WEB-INF/web.xml你需要一個過濾器映射,如:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<servlet-name>spring-dispatcher</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<servlet>
<servlet-name>spring-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-mvc-dispatcher-servlet.xml</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>spring-dispatcher</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
爲確保每次調用 '/ *',或任何模式,被過濾您使用http從春天的安全命名空間和一個名爲OAuth2AuthenticationProcessingFilter過濾器,將提防承載 Authorization頭,你需要這樣的事情在你的/WEB-INF/spring-mvc-dispatcher-servlet.xml或您的彈簧安全配置在哪裏:
<http pattern="/**"
create-session="never"
authentication-manager-ref="userAuthenticationManager"
access-decision-manager-ref="accessDecisionManager"
use-expressions="true">
<anonymous enabled="false" />
<custom-filter ref="oAuth2AuthenticationFilter" position="PRE_AUTH_FILTER" />
<access-denied-handler ref="oAuthAccessDeniedHandler" />
<intercept-url pattern="/**" access="isAuthenticated()" />
</http>
<beans:bean id="oAuth2AuthenticationFilter" class="org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter">
<beans:property name="authenticationManager" ref="userAuthenticationManager"/>
<beans:property name="authenticationEntryPoint" ref="oAuthAuthenticationEntryPoint"/>
</beans:bean>
相關問題
- 1. 使用oAuth2 |確保Spring Boot API的安全過濾用戶
- 2. spring oAuth2不保護資源
- 3. 如何確保首先調用Spring @EventListener?
- 4. 確保微服務春雲安全Oauth2
- 5. 使用Spring Security確保jQuery對Spring MVC REST API的調用
- 6. CORS on Spring-OAuth2
- 7. Neo4J TokenStore Spring oauth2
- 8. Spring Security Web + OAuth2
- 9. Springboot with Spring OAuth2
- 10. Spring Security OAuth2正確授權管理器
- 11. Spring Security OAuth2 accessToken
- 12. Spring oauth2 Remotetokenservice
- 13. Spring Security OAuth2 cookies
- 14. 其餘的調用需要JSESSIONID(Spring引導,Spring安全,OAuth2,Zuul)
- 15. Spring + Oauth2 + JWT + Websocket
- 16. Spring Security JWT和Oauth2
- 17. Spring Security + spring oauth2分辨率
- 18. Spring-Security-OAuth2中的grant_type
- 19. Spring Oauth2和Rest Backend
- 20. Spring Security Oauth2 Authorizarion Popup
- 21. 使用Spring Security和OAuth2保護Spring Rest - 用戶名/密碼公開
- 22. Spring Security OAuth2事件日誌
- 23. Spring oauth2和集成測試
- 24. Spring oauth2指定受保護和不受保護的資源
- 25. 其他Api調用給出錯誤400使用Spring Oauth2
- 26. 如何使用Spring Security OAuth2和MITREID Connect Introspect保護資源?
- 27. Spring Boot Oauth2註銷端點
- 28. Spring Oauth2 RemoteTokenServices錯誤extractAuthentication
- 29. 確保所調用的方法在Spring @Transactional邊界內
- 30. Spring OAuth2額外許可