Spring OAuth@EnableResourceServer阻止来自OAuth服务器的登录页面_Spring_Oauth_Spring Security

Spring OAuth@EnableResourceServer阻止来自OAuth服务器的登录页面

spring oauth spring-security

Spring OAuth@EnableResourceServer阻止来自OAuth服务器的登录页面,spring,oauth,spring-security,Spring,Oauth,Spring Security,找到了对localhost:9999/uaa/oauth/authorize的浏览器响应？响应类型=code&client\u id=acme&redirect\u uri=302，但对localhost:9999/uaa/login的响应未经授权我可以在添加@EnableResourceServer之前获得登录令牌。我正在使用Spring boot和扩展WebSecurity配置适配器来使用数据源的身份验证管理器。当我尝试添加ResourceServerConfigurerAdapter时，

找到了对localhost:9999/uaa/oauth/authorize的浏览器响应？响应类型=code&client\u id=acme&redirect\u uri=302，
但对localhost:9999/uaa/login的响应未经授权

我可以在添加@EnableResourceServer之前获得登录令牌。我正在使用Spring boot和扩展WebSecurity配置适配器来使用数据源的身份验证管理器。当我尝试添加ResourceServerConfigurerAdapter时，它不会生成。允许登录页面的最简单方法是什么

@SpringBootApplication
@RestController
@EnableResourceServer
public class OAuthSvcApplication extends WebMvcConfigurerAdapter {

private static final Logger log = LoggerFactory.getLogger(OAuthSvcApplication.class);

   @RequestMapping("/user")
   public Principal user(Principal user) {
    return user;
   }
   public static void main(String[] args) {
      SpringApplication.run(OAuthSvcApplication.class, args);
   }

}

@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {


@Autowired
public void configureAuth(AuthenticationManagerBuilder auth,DataSource dataSource, Environment env)
        throws Exception {

    auth.jdbcAuthentication().dataSource(dataSource);
}


@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {


    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private DataSource dataSource;


    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints)
            throws Exception {
        endpoints.authenticationManager(authenticationManager);
    }


    @Override
    public void configure(AuthorizationServerSecurityConfigurer security)
            throws Exception {
            security.checkTokenAccess("hasAuthority('USER')");
        }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients)
            throws Exception {
        clients.inMemory()
                .withClient("acme")
                .secret("acmesecret")
                .authorizedGrantTypes("authorization_code",
                        "refresh_token", "password").scopes("openid");
        }

    }
}

SpringSecurityFilterChain应始终在其他筛选器之前订购。如果您想为所有或某些端点添加您自己的身份验证，最好是添加您自己的低阶WebSecurityConfigureAdapter。按如下方式修改WebSecurity ConfigureAdapter子类允许ResourceServer使用jdbc身份验证管理器：

@Configuration
@Order(-10)
protected static class LoginConfig extends WebSecurityConfigurerAdapter {


    @Autowired
    private AuthenticationManager authenticationManager;


    @Autowired
    private DataSource dataSource;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .formLogin().loginPage("/login").permitAll()
        .and()
            .requestMatchers().antMatchers("/login", "/oauth/authorize", "/oauth/confirm_access")
        .and()
            .authorizeRequests().anyRequest().authenticated();
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.parentAuthenticationManager(authenticationManager).jdbcAuthentication().dataSource(dataSource);

    }

}

我也有类似的问题，并尝试了这种方法

/login

在安全方面起作用，但返回404。我怀疑资源服务器和授权服务器之间存在更大的不兼容性。这正是我想做的，你找到解决方案了吗？