Spring security Spring Security OAUTH2:未执行配置(AuthorizationServerSecurityConfiger)
我在Tomcat容器中部署了一个Spring应用程序 不幸的是,我们有一个奇怪的XML和基于Java的spring安全配置组合,这使问题变得复杂 我正在尝试使用@EnableAuthorizationServer和扩展AuthorizationServerConfigurerAdapter在应用程序中启用OAUTH2授权服务器。问题是configure(AuthorizationServerSecurityConfigurer安全)方法没有执行,显然有些非常重要的事情,比如密码编码器没有初始化 我假设这是因为我们在XML文件中也有安全配置,但无论我花多长时间试图找出它,我都找不到解决方案 我们的设置是:HTTP安全性和authenticationManager的定义在XML文件中,OAUTH授权服务器的定义是基于Java的 任何想法都是非常受欢迎的 编辑1:Spring security Spring Security OAUTH2:未执行配置(AuthorizationServerSecurityConfiger),spring-security,oauth-2.0,spring-security-oauth2,Spring Security,Oauth 2.0,Spring Security Oauth2,我在Tomcat容器中部署了一个Spring应用程序 不幸的是,我们有一个奇怪的XML和基于Java的spring安全配置组合,这使问题变得复杂 我正在尝试使用@EnableAuthorizationServer和扩展AuthorizationServerConfigurerAdapter在应用程序中启用OAUTH2授权服务器。问题是configure(AuthorizationServerSecurityConfigurer安全)方法没有执行,显然有些非常重要的事情,比如密码编码器没有初始化
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private PasswordEncoder passwordEncoder;
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.passwordEncoder(passwordEncoder);
}
@Override
public void configure(ClientDetailsServiceConfigurer clientsConfigurer) throws Exception {
clientsConfigurer.inMemory()
.withClient("client")
.secret("secret")
.authorizedGrantTypes("password")
.authorities("ROLE_USER")
.scopes("read");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authenticationManager(authenticationManager)
.tokenEnhancer(accessTokenConverter())
.tokenStore(tokenStore());
}
@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
@Bean
public DefaultTokenServices tokenServices(ClientDetailsService clientDetailsService) {
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setClientDetailsService(clientDetailsService);
tokenServices.setTokenEnhancer(accessTokenConverter());
tokenServices.setTokenStore(tokenStore());
tokenServices.setAccessTokenValiditySeconds(accessTokenValidity);
return tokenServices;
}
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
return converter;
}
}
然后,这是xml配置
<http pattern="/oauth/*" create-session="stateless">
<csrf disabled="true"/>
<intercept-url pattern="/oauth/token" access="isFullyAuthenticated()"/>
<intercept-url pattern="/oauth/token_key" access="permitAll()"/>
<http-basic/>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="userDetailsService">
<password-encoder ref="passwordEncoder"/>
</authentication-provider>
<authentication-provider>
<user-service>
<user name="client" password="secret" authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager>
如果您发布了相关的代码/配置片段,将更容易提供帮助。谢谢。希望对你有所帮助,我添加了我觉得相关的代码。。。
@Configuration
@EnableWebSecurity
@ComponentScan("com.authentication")
@ImportResource("classpath:spring-security.xml")
public class SecurityConfig {
}