我真的是 OAuth2 的新手,并尝试在角色 auth.server 中构建一台服务器来授权用户,并尝试保留受保护的资源...
我有一些问题需要使用 ResourceServerConfigurerAdapter 来确保安全。似乎他忽略了从 userInfoUrl 中获取的所有角色......
所以这里的代码:
认证服务器
@SpringBootApplication
@EnableAuthorizationServer
@EnableResourceServer
@RestController
public class Oa2AuthServerApplication {
@RequestMapping("/user")
public Principal user(Principal user) {
return user;
}
public static void main(String[] args) {
SpringApplication.run(Oa2AuthServerApplication.class, args);
}
}
__
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("admin")
.password("admin")
.roles("ADMIN", "USER")
.and()
.withUser("user")
.password("user")
.roles("USER");
}
}
__
@Configuration
public class …我有一个像这样的实体:
@Entity
@Table(name = "transaction_receiver")
public class TransactionReceiver implements Serializable, Addressable {
private static final long serialVersionUID = 1L;
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private Long id;
@NotNull
@Column(name = "contact_id", nullable = false)
private String contactId;
@Column(name = "datev_number")
private String datevNumber;
@NotNull
@Column(name = "receiver", nullable = false)
private String receiver;
@NotNull
@Size(min = 22, max = 34)
@Column(name = "iban", length = 34, nullable = false)
private String iban;
@Size(min = 8, max = 11)
@Column(name = "bic", …