Fatal编程技术网
  • java/
  • Java 带有自定义安全过滤器的Spring Boot OAuth2

Java 带有自定义安全过滤器的Spring Boot OAuth2

java spring-security spring-boot oauth-2.0

Java 带有自定义安全过滤器的Spring Boot OAuth2,java,spring-security,spring-boot,oauth-2.0,spring-security-oauth2,Java,Spring Security,Spring Boot,Oauth 2.0,Spring Security Oauth2,我有一个带有OAuth2授权和资源服务器的spring引导设置。用户可以通过向/oauth/token发出POST请求来获取令牌。到目前为止,一切顺利 但是,我不想通过基本身份验证而通过自定义安全过滤器来保护/oauth/token 我尝试了以下操作,但从未调用DemoAuthenticationFilter: @Configuration @EnableResourceServer protected static class ResourceServerConfiguration exten

我有一个带有OAuth2授权和资源服务器的spring引导设置。用户可以通过向
/oauth/token
发出POST请求来获取令牌。到目前为止,一切顺利

但是,我不想通过基本身份验证而通过自定义安全过滤器来保护
/oauth/token

我尝试了以下操作,但从未调用
DemoAuthenticationFilter

@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
    // ...
    @Override
    public void configure(HttpSecurity http) throws Exception {
        // ...
        http.addFilterBefore(new DemoAuthenticationFilter(), BasicAuthenticationFilter.class);
        http.authorizeRequests().antMatchers("/oauth/token").authenticated();
    }
}
此外,如果我尝试将其添加到
websecurityConfigureAdapter
中,则仅在通过OAuth2对请求进行身份验证后才会调用筛选器:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    // ...
    @Override
    protected void configure(HttpSecurity http) throws Exception {
       // ...
       http.addFilterBefore(new DemoAuthenticationFilter(), BasicAuthenticationFilter.class);
       http.authorizeRequests().antMatchers("/oauth/token").authenticated();
    }
}
一些如何实现这一点的简单示例将非常有用。谢谢大家!

@Configuration
@EnableAuthorizationServer
public class OAuth2AuthorizationServer extends AuthorizationServerConfigurerAdapter {

    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
        oauthServer.allowFormAuthenticationForClients().addTokenEndpointAuthenticationFilter(new AligenieFilter());
    }

    //....
}
它对我有用