Spring boot 配置了内存内令牌存储的服务器,它会生成sens,但在这里它应该使用JDBC。也许客户端需要相同的会话来获取令牌,但这不是共享的,但我认为客户端没有提出该请求。很高兴看到您发现了问题,修复起来比我最后想象的要容易。但我需要更好地理解整个过程。我希望它能帮助其
Spring boot 配置了内存内令牌存储的服务器,它会生成sens,但在这里它应该使用JDBC。也许客户端需要相同的会话来获取令牌,但这不是共享的,但我认为客户端没有提出该请求。很高兴看到您发现了问题,修复起来比我最后想象的要容易。但我需要更好地理解整个过程。我希望它能帮助其,spring-boot,kubernetes,horizontal-scrolling,oauth2-server,Spring Boot,Kubernetes,Horizontal Scrolling,Oauth2 Server,配置了内存内令牌存储的服务器,它会生成sens,但在这里它应该使用JDBC。也许客户端需要相同的会话来获取令牌,但这不是共享的,但我认为客户端没有提出该请求。很高兴看到您发现了问题,修复起来比我最后想象的要容易。但我需要更好地理解整个过程。我希望它能帮助其他人。谢谢你的全面解释。我能够用这种方法解决我的问题。在使用voyager/haproxy(ingres.appscode.com/affinity:'cookie')时,我不得不使用不同的注释,但效果都一样。如果没有这个答案,我会花很长时间在
配置了内存内令牌存储的服务器,它会生成sens,但在这里它应该使用JDBC。也许客户端需要相同的会话来获取令牌,但这不是共享的,但我认为客户端没有提出该请求。很高兴看到您发现了问题,修复起来比我最后想象的要容易。但我需要更好地理解整个过程。我希望它能帮助其他人。谢谢你的全面解释。我能够用这种方法解决我的问题。在使用voyager/haproxy(
ingres.appscode.com/affinity:'cookie'
)时,我不得不使用不同的注释,但效果都一样。如果没有这个答案,我会花很长时间在Spring代码上翻来翻去,毫无理由地诅咒它们。我真的不明白为什么在初始往返完成后,身份验证会针对不同的pod工作(我通过使用pod a登录,然后切换到pod B进行测试),但是对于任何使用voyager的人来说,这是一个指向指南的快速链接-确保您获得了正确的版本,因为他们已经多次更改了注释名称(通过登录到voyager吊舱和voyager版本
)
@Configuration
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Bean
@ConfigurationProperties(prefix = "spring.datasource")
public DataSource oauthDataSource() {
return DataSourceBuilder.create().build();
}
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Bean
public JdbcClientDetailsService clientDetailsSrv() {
return new JdbcClientDetailsService(oauthDataSource());
}
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(oauthDataSource());
}
@Bean
public ApprovalStore approvalStore() {
return new JdbcApprovalStore(oauthDataSource());
}
@Bean
public AuthorizationCodeServices authorizationCodeServices() {
return new JdbcAuthorizationCodeServices(oauthDataSource());
}
@Bean
public TokenEnhancer tokenEnhancer() {
return new CustomTokenEnhancer();
}
@Bean
@Primary
public AuthorizationServerTokenServices tokenServices() {
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setTokenStore(tokenStore());
tokenServices.setTokenEnhancer(tokenEnhancer());
return tokenServices;
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.withClientDetails(clientDetailsSrv());
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
oauthServer
.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()")
.allowFormAuthenticationForClients();
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
endpoints
.authenticationManager(authenticationManager)
.approvalStore(approvalStore())
//.approvalStoreDisabled()
.authorizationCodeServices(authorizationCodeServices())
.tokenStore(tokenStore())
.tokenEnhancer(tokenEnhancer());
}
}
@SpringBootApplication
@EnableResourceServer
@EnableAuthorizationServer
@EnableConfigurationProperties
@EnableFeignClients("com.oauth2.proxies")
public class AuthorizationServerApplication {
public static void main(String[] args) {
SpringApplication.run(AuthorizationServerApplication.class, args);
}
}
@Configuration
@Order(1)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Bean
@Override
public UserDetailsService userDetailsServiceBean() throws Exception {
return new JdbcUserDetails();
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception { // @formatter:off
http.requestMatchers()
.antMatchers("/",
"/login",
"/login.do",
"/registration",
"/registration/confirm/**",
"/registration/resendToken",
"/password/forgot",
"/password/change",
"/password/change/**",
"/oauth/authorize**")
.and()
.authorizeRequests()//autorise les requetes
.antMatchers(
"/",
"/login",
"/login.do",
"/registration",
"/registration/confirm/**",
"/registration/resendToken",
"/password/forgot",
"/password/change",
"/password/change/**")
.permitAll()
.and()
.requiresChannel()
.anyRequest()
.requiresSecure()
.and()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/login.do")
.usernameParameter("username")
.passwordParameter("password")
.and()
.userDetailsService(userDetailsServiceBean());
} // @formatter:on
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsServiceBean()).passwordEncoder(passwordEncoder());
}
}
@EnableOAuth2Sso
@Configuration
public class UiSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**")
.authorizeRequests()
.antMatchers(
"/",
"/index.html",
"/login**",
"/logout**",
//resources
"/assets/**",
"/static/**",
"/*.ico",
"/*.js",
"/*.json").permitAll()
.anyRequest()
.authenticated()
.and()
.csrf().csrfTokenRepository(csrfTokenRepository())
.and()
.addFilterAfter(csrfHeaderFilter(), SessionManagementFilter.class);
}
}
security:
oauth2:
client:
clientId: **********
clientSecret: *******
accessTokenUri: https://oauth2-server/oauth2-server/oauth/token
userAuthorizationUri: https://oauth2.mydomain.com/oauth2-server/oauth/authorize
resource:
userInfoUri: https://oauth2-server/oauth2-server/me
h*tps://oauth2.mydomain.com/oauth2-server/oauth/authorize?client_id=autorisation_code_client&redirect_uri=h*tps://www.mydomain.com/login&response_type=code&state=bSWtGx
location: h*tps://www.mydomain.com/login?code=gnpZ0r&state=bSWtGx
"annotations": {
...
"nginx.ingress.kubernetes.io/affinity": "cookie",
"nginx.ingress.kubernetes.io/session-cookie-expires": "172800",
"nginx.ingress.kubernetes.io/session-cookie-max-age": "172800",
"nginx.ingress.kubernetes.io/session-cookie-name": "route"
}