我正在使用 spring oAuthClient 版本 5.2.4.RELEASE 通过遵循 spring security https://docs.spring.io/spring-security/site/docs/current/reference/html5/#oauth2Client-authorized-manager-的文档链接 提供者
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction;
import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
import org.springframework.web.reactive.function.client.WebClient;
import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import reactor.core.publisher.Mono;
@AllArgsConstructor
@Configuration
@Slf4j
public class WebClientConfig {
@Bean("AuthProvider")
WebClient webClient(ReactiveClientRegistrationRepository clientRegistrations, ServerOAuth2AuthorizedClientRepository authorizedClients) {
ServerOAuth2AuthorizedClientExchangeFilterFunction oauth = new ServerOAuth2AuthorizedClientExchangeFilterFunction(
clientRegistrations,
authorizedClients);
oauth.setDefaultOAuth2AuthorizedClient(true);
oauth.setDefaultClientRegistrationId("AuthProvider");
return WebClient.builder()
.filter(oauth)
.filter(this.logRequest())
.build();
}
private ExchangeFilterFunction logRequest() {
return ExchangeFilterFunction.ofRequestProcessor(clientRequest -> {
log.info("Request: [{}] {}", clientRequest.method(), clientRequest.url());
log.debug("Payload: {}", clientRequest.body());
return Mono.just(clientRequest);
});
} …java spring spring-security spring-boot spring-security-oauth2
目前我正在尝试将 JWT 身份验证集成到现有的 Spring Boot Webflux 项目中。作为模板,我使用了这篇中等文章:https : //medium.com/@ard333/authentication-and-authorization-using-jwt-on-spring-webflux-29b81f813e78。
如果我将 Annotation @EnableWebFluxSecurity 放在我的 WebSecurityConfig 中,则会发生以下错误:
无法注册在类路径资源 [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class] 中定义的 bean 'conversionServicePostProcessor'。具有该名称的 bean 已经在类路径资源 [org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.class] 中定义并且覆盖被禁用。
基本上,它与这篇文章中的错误相同,使用 spring-boot-admin-server 时创建名为“conversionServicePostProcessor”的 bean 时出错,但答案对我没有帮助,我无法对答案发表评论。
在上一篇文章中提到了两个对我不起作用的解决方案。删除 websocket 依赖没有帮助,设置“spring.main.allow-bean-definition-overriding=true”似乎覆盖了我自己的配置,因为我的路由 /auth/login/guest 仍在响应 401。
这是我的 WebSecurityConfiguration:
package de.thm.arsnova.frag.jetzt.backend.config;
import de.thm.arsnova.frag.jetzt.backend.security.AuthenticationManager;
import de.thm.arsnova.frag.jetzt.backend.security.SecurityContextRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;
import reactor.core.publisher.Mono;
@Configuration
@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
public class WebSecurityConfig {
private final AuthenticationManager authenticationManager; …