我有一个带有依赖项的oauth2客户端spring-boot应用程序: - spring-boot 1.2.0.RC1 - spring-security-oauth2 2.0.4.RELEASE - spring-security 3.2.5.RELEASE
客户端进行身份验证,身份验证在SecurityContextHolder中设置,但是当请求重定向到原始URL时,过滤器链会再次开始处理.我注意到在SecurityContextPersistenceFiltercontextBeforeChainExecution和contextAfterChainExecution都有一个null身份验证.
我在重定向循环中基于[1] Spring Security OAuth2(谷歌)Web应用程序的一些代码
有关为什么重定向循环的任何想法?先感谢您.
[Logs snippet] https://gist.github.com/yterradas/61da3f6eccc683b3a086
以下是安全配置.
@Configuration
public class SecurityConfig {
@Configuration
@EnableWebMvcSecurity
protected static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationProcessingFilter;
@Autowired
private LoginUrlAuthenticationEntryPoint vaultAuthenticationEntryPoint;
@SuppressWarnings({"SpringJavaAutowiringInspection"})
@Autowired
private OAuth2ClientContextFilter oAuth2ClientContextFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/**").authenticated()
.and()
.exceptionHandling().authenticationEntryPoint(vaultAuthenticationEntryPoint)
.and()
.addFilterAfter(oAuth2ClientContextFilter, ExceptionTranslationFilter.class)
.addFilterBefore(oAuth2ClientAuthenticationProcessingFilter, FilterSecurityInterceptor.class)
.anonymous().disable();
// @formatter:on
}
@Override
public void configure(WebSecurity …