Fatal编程技术网
  • java/
  • Java Oauth2服务器中的登录表单不’;t返回到客户端url

Java Oauth2服务器中的登录表单不’;t返回到客户端url

java

Java Oauth2服务器中的登录表单不’;t返回到客户端url,java,spring-security-oauth2,Java,Spring Security Oauth2,我正在写一个Oauth2应用程序。 Spring应用程序是: @SpringBootApplication @EnableAuthorizationServer @EnableResourceServer public class Application { public static void main(String[] args) { SpringApplication.run(Application.class, args); } } applicat

我正在写一个Oauth2应用程序。 Spring应用程序是:

@SpringBootApplication
@EnableAuthorizationServer
@EnableResourceServer

public class Application {

    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }
}
application.properties是

security.oauth2.client.client-id=jerpweb
security.oauth2.client.client-secret=implementa
security.oauth2.client.authorized-grant-types=password,client_credentials,authorization_code,refresh_token
security.oauth2.client.scope=openid
security.oauth2.client.auto-approve-scopes=.*
证券配置为:

@Configuration
@EnableWebSecurity
@EnableTransactionManagement
@Order(-5)
public class SecurityConfigurationOauth extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailServiceImpl userService;

    @Autowired
    private PasswordEncoderService passwordEncoder;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
        auth.userDetailsService(userService).passwordEncoder(passwordEncoder);
    }


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .requestMatchers()
            .antMatchers("/login", "/oauth/authorize", "/oauth/confirm_access")
        .and()
            .authorizeRequests()
            .anyRequest().authenticated()
        .and()
            .formLogin().loginPage("/login").permitAll();
    }    

}
oauth服务器正在使用协议密码(本地主机:8081/oauth/token)。 如果我使用oauth2客户端

@SpringBootApplication
@EnableOAuth2Sso
public class ApplicationUi {

    public static void main(String[] args) {
        SpringApplication.run(ApplicationUi.class, args);
    }
}   

security.oauth2.client.client-id=jerpweb
security.oauth2.client.client-secret=implementa
security.oauth2.client.access-token-uri=http://localhost:8081/oauth/token
security.oauth2.client.user-authorization-uri=http://localhost:8081/oauth/authorize
security.oauth2.client.token-name=oauth_token
security.oauth2.client.authentication-scheme=query
security.oauth2.client.client-authentication-scheme=form
security.oauth2.client.scope=openid
客户端被正确重定向到授权服务器,但如果身份验证成功,则不会返回到客户端。 也就是说,如果我调用页面localhost:8080/我被重定向到,但如果身份验证正常,浏览器将保留在页面上ttp://localhost:8081/login 而不是返回页面localhost:8080/

SecurityConfiguration的正确配置是什么
oauth2登录表单

安全配置正常问题在于如何设置授权服务器

由于某些原因,授权服务器必须具有上下文路径,因此服务器应用程序属性的正确配置为:

server.port=8081
server.servlet.context-path=/uaa

security.oauth2.client.client-id=jerpweb
security.oauth2.client.client-secret=implementa
security.oauth2.client.authorized-grant-types=password,client_credentials,authorization_code,refresh_token
security.oauth2.client.scope=openid
security.oauth2.client.auto-approve-scopes=.*
必须相应地更改客户端映射

auth-server=http://localhost:8081/uaa
security.oauth2.client.access-token-uri=${auth-server}/oauth/token
security.oauth2.client.user-authorization-uri=${auth-server}/oauth/authorize
security.oauth2.resource.user-info-uri=${auth-server}/api/userinfo
通过这些修改,重定向工作正常