我正在尝试将Spring OAuth2集成到Spring MVC REST中.大多数Spring OAuth2示例中只有ResourceServerConfigurerAdapter一些也有一些WebSecurityConfigurerAdapter.我不打算将OAuth与Google,Facebook等集成.我正在尝试为Spring MVC REST提供基于令牌的身份验证,该Basic身份验证目前基于身份验证.有人可以在单个服务器中了解Spring MVC REST + OAuth集成需要什么,而不是或者很好的资源吗?
目前我的POC没有WebSecurityConfigurerAdapter,但与之ResourceServerConfigurerAdapter一起工作AuthorizationServerConfigurerAdapter.看起来ResourceServerConfigurerAdapter就够了.现在我不知道我应该怎样对我现有的WebSecurityConfigurerAdapter,在我的Spring MVC REST应用程序中完美运行.
我试图在我现有的应用程序中实现Oauth2.最初我添加了spring安全性然后尝试添加oauth2,添加配置后我能够生成access_token但是通过使用access_token我无法访问资源.
这是我的代码:
SecurityConfiguration.java
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Autowired
private ClientDetailsService clientDetailsService;
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
}
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/", "/patients").permitAll()
.antMatchers("/oauth/token").permitAll()
.anyRequest().authenticated()
.and().httpBasic();
http.csrf().disable();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery("select username, password, 1 as enabled from user where username=?")
.authoritiesByUsernameQuery("select username, authority from authorities where username=?"); …我想将OAuth2用于我的REST spring启动项目.使用一些示例我已经为OAuth2创建了配置:
@Configuration
public class OAuth2Configuration {
private static final String RESOURCE_ID = "restservice";
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends
ResourceServerConfigurerAdapter {
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
// @formatter:off
resources
.resourceId(RESOURCE_ID);
// @formatter:on
}
@Override
public void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.anonymous().disable()
.authorizeRequests().anyRequest().authenticated();
// @formatter:on
}
}
@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends
AuthorizationServerConfigurerAdapter {
private TokenStore tokenStore = new InMemoryTokenStore();
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Autowired
private UserDetailsServiceImpl userDetailsService;
@Override
public void …