Spring boot Spring Oauth2在Spring boot 2.0中返回401未经授权的错误
我试图用SpringOAuth2实现SSO。对于Spring1.5.x,它可以正常工作。然而,一旦我将oauth服务器应用升级到SpringBoot2.2.3.RELEASE,我甚至无法进入登录表单。 转到“重定向”并返回错误消息Spring boot Spring Oauth2在Spring boot 2.0中返回401未经授权的错误,spring-boot,spring-security,single-sign-on,spring-security-oauth2,spring-oauth2,Spring Boot,Spring Security,Single Sign On,Spring Security Oauth2,Spring Oauth2,我试图用SpringOAuth2实现SSO。对于Spring1.5.x,它可以正常工作。然而,一旦我将oauth服务器应用升级到SpringBoot2.2.3.RELEASE,我甚至无法进入登录表单。 转到“重定向”并返回错误消息 { "error": "unauthorized", "error_description": "Full authentication is required to access this resource" } 服务器应用程序 SpringBoo
{
"error": "unauthorized",
"error_description": "Full authentication is required to access this resource"
}
服务器应用程序
SpringBootApplication
@EnableResourceServer
public class SsoServerApplication {
public static void main(String[] args) {
SpringApplication.run(SsoServerApplication.class, args);
}
@Configuration
public static class LoginConfig extends WebSecurityConfigurerAdapter {
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.requestMatchers()
.antMatchers("/login", "/oauth/authorize")
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin().and().httpBasic();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user")
.password("password")
.roles("USER");
}
}
@Configuration
@EnableAuthorizationServer
public static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("foo")
.secret("bar")
.authorizedGrantTypes("authorization_code", "refresh_token", "password")
.scopes("user_info")
.autoApprove(true);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer
.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()");
oauthServer.allowFormAuthenticationForClients();
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
}
}
客户端应用程序
package com.shekhargulati.app1;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@SpringBootApplication
@EnableOAuth2Sso
@RestController
public class App1Application extends WebMvcConfigurerAdapter {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/").setViewName("index");
}
public static void main(String[] args) {
SpringApplication.run(App1Application.class, args);
}
}
用户控制器
@RestController
public class UserController {
@GetMapping("/user/me")
public Principal user(Principal principal) {
return principal;
}
}
客户端应用程序.properties
server:
port: 8082
security:
oauth2:
client:
clientId: foo
clientSecret: bar
accessTokenUri: http://localhost:8080/sso-server/oauth/token
userAuthorizationUri: http://localhost:8080/sso-server/oauth/authorize
resource:
userInfoUri: http://localhost:8080/sso-server/user/me
server application.properties文件
server.port=8080
server.context-path=/sso-server
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.shekhargulati</groupId>
<artifactId>sso-server</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>sso-server</name>
<description>SSO Server</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.3.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<spring-cloud.version>Greenwich.SR1</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>jakarta.xml.bind</groupId>
<artifactId>jakarta.xml.bind-api</artifactId>
<version>2.3.2</version>
</dependency>
<!-- Runtime, com.sun.xml.bind module -->
<dependency>
<groupId>org.glassfish.jaxb</groupId>
<artifactId>jaxb-runtime</artifactId>
<version>2.3.2</version>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
4.0.0
com.shekhargulati
单点登录服务器
0.0.1-快照
罐子
单点登录服务器
证服务器
org.springframework.boot
spring启动程序父级
2.2.3.1发布
UTF-8
UTF-8
1.8
格林威治
jakarta.xml.bind
jakarta.xml.bind-api
2.3.2
org.glassfish.jaxb
jaxb运行时
2.3.2
org.springframework.cloud
spring-cloud-starter-oauth2
org.springframework.boot
SpringBootStarterWeb
org.springframework.boot
弹簧起动试验
测试
org.springframework.cloud
spring云依赖关系
${spring cloud.version}
聚甲醛
进口
org.springframework.boot
springbootmaven插件
客户端应用程序pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.shekhargulati</groupId>
<artifactId>app1</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>app1</name>
<description>App1</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.0.RELEASE</version>
<!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<version>2.1.0.RELEASE</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.security.oauth.boot/spring-security-oauth2-autoconfigure -->
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.1.0.RELEASE</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-thymeleaf -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
<version>2.2.5.RELEASE</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.thymeleaf.extras/thymeleaf-extras-springsecurity4 -->
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
<version>3.0.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.1.0.RELEASE</version>
</dependency>
<!-- https://mvnrepository.com/artifact/mysql/mysql-connector-java -->
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
4.0.0
com.shekhargulati
附件1
0.0.1-快照
罐子
附件1
附件1
org.springframework.boot
spring启动程序父级
2.1.0.1发布
UTF-8
UTF-8
1.8
org.springframework.boot
SpringBootStarterWeb
org.springframework.boot
弹簧启动安全
2.1.0.1发布
org.springframework.security.oauth.boot
spring-security-oauth2-autoconfigure
2.1.0.1发布
org.springframework.boot
弹簧启动装置
2.2.5.1发布
org.thymeleaf.extras
thymeleaf-extras-springsecurity5
3.0.4.1发布
org.springframework.security.oauth
spring-security-oauth2
2.1.0.1发布
org.springframework.boot
springbootmaven插件
您不允许访问登录页面。您必须允许匿名访问您的登录页面。谢谢!它的工作原理是我在clientg应用程序上添加了身份验证过滤器。但是,我在服务器端添加了成功处理程序配置,它将我重定向到服务器身份验证/登录页面,并显示403身份验证错误。是否缺少任何其他配置?@组件公共类TestHandler实现AuthenticationSuccessHandler{public void on AuthenticationSuccess(HttpServletRequest请求、HttpServletResponse响应、身份验证验证)抛出IOException{Set roles=AuthorityUtils.AuthorityListSet服务器端@Override protected void configure(HttpSecurity http)上的if(authentication.getAuthorities());if(roles.contains(“ROLE_USER”)){response.sendRedirect(“localhost:8082/tt”);}}}}抛出异常{http.requestMatchers().antMatchers(“/login”,“/login2”,“/login/process”,“/oauth/authorize”).and().authorizeRequests().anyRequest().authorized().and().formLogin().successHandler(authorizementSuccessHandler.permitAll();}您不允许访问您的登录页面。您必须允许匿名访问您的登录页面。谢谢!这与我在clientg应用程序上添加身份验证筛选器一样有效。但是,我在服务器端添加了成功处理程序配置,它会将我重定向到服务器身份验证/登录页面,并出现403身份验证错误。是否有其他配置我缺少验证?@Component公共类TestHandler实现AuthenticationSuccessHandler{public void onAuthenticationSuccess(HttpServletRequest请求、HttpServletResponse响应、验证验证验证)抛出IOException{Set roles=AuthorityUtils.AuthorityListSet(Authentication.GetAuthority());如果服务器端@Override protected void configure(HttpSecurity http)上的(roles.contains(“ROLE_USER”){response.sendrirect(“localhost:8082/tt”);}}}}}抛出异常{http.requestMatchers().antMatchers(“/login”、“/login2”、“/login/process”、“/oauth/authorize”)。和().authorizeRequests().anyRequest().authenticated()和().formLogin().successHandler(authenticationSuccessHandler).permitAll();;}