Yoa*_*das 5 spring-security spring-boot spring-security-oauth2
我有一个带有依赖项的oauth2客户端spring-boot应用程序: - spring-boot 1.2.0.RC1 - spring-security-oauth2 2.0.4.RELEASE - spring-security 3.2.5.RELEASE
客户端进行身份验证,身份验证在SecurityContextHolder中设置,但是当请求重定向到原始URL时,过滤器链会再次开始处理.我注意到在SecurityContextPersistenceFiltercontextBeforeChainExecution和contextAfterChainExecution都有一个null身份验证.
我在重定向循环中基于[1] Spring Security OAuth2(谷歌)Web应用程序的一些代码
有关为什么重定向循环的任何想法?先感谢您.
[Logs snippet] https://gist.github.com/yterradas/61da3f6eccc683b3a086
以下是安全配置.
@Configuration
public class SecurityConfig {
@Configuration
@EnableWebMvcSecurity
protected static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationProcessingFilter;
@Autowired
private LoginUrlAuthenticationEntryPoint vaultAuthenticationEntryPoint;
@SuppressWarnings({"SpringJavaAutowiringInspection"})
@Autowired
private OAuth2ClientContextFilter oAuth2ClientContextFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/**").authenticated()
.and()
.exceptionHandling().authenticationEntryPoint(vaultAuthenticationEntryPoint)
.and()
.addFilterAfter(oAuth2ClientContextFilter, ExceptionTranslationFilter.class)
.addFilterBefore(oAuth2ClientAuthenticationProcessingFilter, FilterSecurityInterceptor.class)
.anonymous().disable();
// @formatter:on
}
@Override
public void configure(WebSecurity web) throws Exception {
// @formatter:off
web
/* TODO:
disable debug in production
*/
.debug(true);
// @formatter:on
}
}
@Configuration
@EnableOAuth2Client
protected static class ClientSecurityConfig {
@Value("${app.name}") private String appId;
@Value("${app.clientId}") private String appClientId;
@Value("${app.clientSecret}") private String appClientSecret;
@Value("${app.redirectUrl}") private String appRedirectUrl;
@Value("${vault.accessTokenUrl}") private String vaultAccessTokenUrl;
@Value("${vault.userAuthorizationUrl}") private String vaultUserAuthorizationUrl;
@Value("${vault.checkTokenUrl}") private String vaultCheckTokenUrl;
@SuppressWarnings({"SpringJavaAutowiringInspection"})
@Resource
@Qualifier("oauth2ClientContext")
private OAuth2ClientContext oAuth2ClientContext;
@Autowired
@Qualifier("securityDataSource")
private DataSource securityDataSource;
@Autowired
private MappingJackson2HttpMessageConverter jackson2HttpMessageConverter;
@Bean
public OAuth2RestOperations oAuth2RestOperations() {
AccessTokenProviderChain provider = new AccessTokenProviderChain(
Arrays.asList(new AuthorizationCodeAccessTokenProvider())
);
provider.setClientTokenServices(new JdbcClientTokenServices(securityDataSource));
OAuth2RestTemplate template = new OAuth2RestTemplate(oAuth2Resource(), oAuth2ClientContext);
template.setAccessTokenProvider(provider);
template.setMessageConverters(Arrays.asList(jackson2HttpMessageConverter));
return template;
}
@Bean
OAuth2ProtectedResourceDetails oAuth2Resource() {
AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();
resource.setId(appId);
resource.setAuthenticationScheme(AuthenticationScheme.query);
resource.setAccessTokenUri(vaultAccessTokenUrl);
resource.setUserAuthorizationUri(vaultUserAuthorizationUrl);
resource.setUseCurrentUri(false);
resource.setPreEstablishedRedirectUri(appRedirectUrl);
resource.setClientId(appClientId);
resource.setClientSecret(appClientSecret);
resource.setClientAuthenticationScheme(AuthenticationScheme.form);
return resource;
}
@Bean
ResourceServerTokenServices oAuth2RemoteTokenServices() {
VaultTokenServices tokenServices = new VaultTokenServices();
RestTemplate restOperations = new RestTemplate();
restOperations.setMessageConverters(Arrays.asList(jackson2HttpMessageConverter));
tokenServices.setRestTemplate(restOperations);
tokenServices.setClientId(appClientId);
tokenServices.setClientSecret(appClientSecret);
tokenServices.setCheckTokenEndpointUrl(vaultCheckTokenUrl);
return tokenServices;
}
@Bean
LoginUrlAuthenticationEntryPoint oAuth2AuthenticationEntryPoint() {
return new LoginUrlAuthenticationEntryPoint("/vaultLogin");
}
@Bean
OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationProcessingFilter() {
OAuth2ClientAuthenticationProcessingFilter filter =
new OAuth2ClientAuthenticationProcessingFilter("/vaultLogin");
filter.setRestTemplate(oAuth2RestOperations());
filter.setTokenServices(oAuth2RemoteTokenServices());
return filter;
}
}
}
我认为你有 2 个OAuth2ClientContextFilters(一个是由你添加的@EnableOAuth2Client,另一个是你手动添加到 Spring Security 过滤器链中的)。您应该能够删除您添加的那个。
| 归档时间: |
|
| 查看次数: |
5130 次 |
| 最近记录: |