Spring boot 为什么斯威格忽略了我的身份验证?
我正试图用J OpenId Connect保护一个招摇过市的接口 我可以使用OIDC登录,swagger显示我已获得授权: 但当我进行“试用”时,身份验证将被忽略,并弹出一个登录框: 在扩展SpringBootServletializer的Spring boot 为什么斯威格忽略了我的身份验证?,spring-boot,swagger-ui,openid-connect,Spring Boot,Swagger Ui,Openid Connect,我正试图用J OpenId Connect保护一个招摇过市的接口 我可以使用OIDC登录,swagger显示我已获得授权: 但当我进行“试用”时,身份验证将被忽略,并弹出一个登录框: 在扩展SpringBootServletializer的类中,我有: @Bean @ConditionalOnProperty(“security.oauth2.client.clientId”) public SecurityScheme SecurityScheme(环境,OAuth2ClientPrope
类中,我有:
@Bean
@ConditionalOnProperty(“security.oauth2.client.clientId”)
public SecurityScheme SecurityScheme(环境,OAuth2ClientProperties客户端属性){
String authorizationUri=environment.getRequiredProperty(“security.oauth2.client.user authorization uri”);
字符串accessTokenUri=environment.getRequiredProperty(“security.oauth2.client.access令牌uri”);
LoginEndpoint LoginEndpoint=新的LoginEndpoint(授权URI);
TokenRequestEndpoint TokenRequestEndpoint=
新的TokenRequestEndpoint(authorizationUri、clientProperties.getClientId()、clientProperties.getClientSecret());
TokenEndpoint TokenEndpoint=新的TokenEndpoint(accessTokenUri,“身份验证代码”);
GrantType GrantType=new AuthorizationCodeGrant(tokenRequestEndpoint,tokenEndpoint);
AuthorizationScope AuthorizationScope=新的AuthorizationScope(authorizationScopeGlobal,authorizationScopeGlobal);
返回新的OAuthBuilder()
.name(SecuritySchemaAuth2)
.grantType(数组.asList(grantType))
.scope(数组.asList(授权范围))
.build();
}
私有列表defaultAuth(){
AuthorizationScope AuthorizationScope=新的AuthorizationScope(authorizationScopeGlobal,authorizationScopeGlobalDesc);
AuthorizationScope[]authorizationScopes=新的AuthorizationScope[1];
authorizationScopes[0]=authorizationScope;
返回Arrays.asList(新的SecurityReference(SecuritySchemaAuth2,authorizationScopes));
}
@豆子
SecurityConfiguration安全性(OAuth2Client属性clientProperties){
返回新的SecurityConfiguration(
clientProperties.getClientId(),
clientProperties.getClientSecret(),
安全方案2,
“测试应用程序”,
“apiKey”,
ApiKeyVehicle.HEADER,
“api_密钥”,
“”/*范围分隔符*/);
}
@豆子
public SecurityContext SecurityContext(){
返回SecurityContext.builder().securityReferences(defaultAuth()).forpath(PathSelectors.regex(“/v1/*”).build();
}
还有一节课:
@ApiModel(value=“Template”,description=“restapi的模板”)
@RestController
@请求映射(“/v1”)
公共类TemplateServiceImplementation{
...
@ApiOperation(httpMethod=“GET”,value=“Call GET method”,
notes=“参见获取方法”)
@RequestMapping(method=RequestMethod.GET,value=“/calltemplate/{param}/”,products=MediaType.APPLICATION\u JSON\u value)
公共响应属性callGet(@PathVariable(“param”)字符串param,HttpServletRequest hreq){
MultiValueMap mapParams=新链接的MultiValueMap();
添加(“参数”,参数);
Structure Structure=restTemplate.getForObject(callGetEndpoint,Structure.class,mapParams);
ResponseEntity thisresponse=新的ResponseEntity(结构,HttpStatus.OK);
返回此响应;
}
对不起,所有的代码。那么我如何让GET使用我的OIDC身份验证呢
当我取消登录时,curl是:
curl-xget--header'Accept:application/json'--header'Authorization:Bearer-eyjrawqioijyc2exiwiwxnijoiulmy更多加密文本''http://localhost:8080/v1/calltemplate/%7B%20%20%20%22id%22%3A%20%22string%22%2C%20%20%20%22name%22%3A%20%22string%22%2C%20%20%20%22path%22%3A%20%22string%22%2C%20%20%20%22version%22%3A%20%22string%22%20%7D/“
请求url:
http://localhost:8080/v1/calltemplate/%7B%20%20%20%22id%22%3A%20%22string%22%2C%20%20%20%22name%22%3A%20%22string%22%2C%20%20%20%22path%22%3A%20%22string%22%2C%20%20%20%22version%22%3A%20%22string%22%20%7D/
和其他响应变量:
编辑忘记约会我的WebSecurityConfig
:
公共类WebSecurity配置扩展了WebSecurity配置适配器{
@凌驾
public void configure(WebSecurity web)引发异常{
忽略().antMatchers(“/v2/api docs”,“/configuration/ui”,
/swagger resources/**、/configuration/**、“/swagger ui.html”
,“/webjars/**”,“/csrf”,“/”;
}
更新
网络输出:
您是否正确定义了用户授权uri
?屏幕截图很好地显示了UI中的情况,但为了调试它,您最好提供浏览器工具显示的内容,尤其是在网络选项卡中。谢谢。我将在今晚(大约4或5小时后)发布此内容。您需要在“网络”选项卡中查看哪些内容?我已添加了可以看到的内容。Wrt用户授权uri
这是在第三行的“我的应用程序.属性.详细信息”中设置的。