我正在尝试将Spring OAuth2集成到Spring MVC REST中.大多数Spring OAuth2示例中只有ResourceServerConfigurerAdapter一些也有一些WebSecurityConfigurerAdapter.我不打算将OAuth与Google,Facebook等集成.我正在尝试为Spring MVC REST提供基于令牌的身份验证,该Basic身份验证目前基于身份验证.有人可以在单个服务器中了解Spring MVC REST + OAuth集成需要什么,而不是或者很好的资源吗?
目前我的POC没有WebSecurityConfigurerAdapter,但与之ResourceServerConfigurerAdapter一起工作AuthorizationServerConfigurerAdapter.看起来ResourceServerConfigurerAdapter就够了.现在我不知道我应该怎样对我现有的WebSecurityConfigurerAdapter,在我的Spring MVC REST应用程序中完美运行.
我试图在我现有的应用程序中实现Oauth2.最初我添加了spring安全性然后尝试添加oauth2,添加配置后我能够生成access_token但是通过使用access_token我无法访问资源.
这是我的代码:
SecurityConfiguration.java
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Autowired
private ClientDetailsService clientDetailsService;
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
}
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/", "/patients").permitAll()
.antMatchers("/oauth/token").permitAll()
.anyRequest().authenticated()
.and().httpBasic();
http.csrf().disable();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery("select username, password, 1 as enabled from user where username=?")
.authoritiesByUsernameQuery("select username, authority from authorities where username=?"); …我试图在springboot中实现Basic Auth + oAuth2,意味着一些url在登录系统后应该像传统方式一样工作,有些应该在AOuth2上工作.
就像我想允许管理面板访问SuperAdmin一样,url从
/超级管理员/****
我只想在一般登录系统后访问所有这些URL.
和Rest服务应该使用url start表单在AOuth2上工作
/ API/VI/****
这些网址用于访问申请人.
另外两者都工作正常,但两者都不起作用.
这是我的配置.
import in.kpis.tracking.configuration.CustomAuthenticationSuccessHandler;
import in.kpis.tracking.service.AdminUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
@Configuration
public class OAuth2ServerConfiguration {
protected static final String RESOURCE_ID = "restservice";
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
// @formatter:off
resources.resourceId(RESOURCE_ID);
// @formatter:on
}
@Override
public void configure(HttpSecurity http) throws Exception …