spring oauth2,无法检索用户信息
找不到说明如何使用access\u令牌获取用户信息的文档 我怎样才能做出这样的结论 当我访问/user端点时,我看到OAuth2AuthenticationProcessingFilter不包括在内。 我想我把下面的东西搞砸了spring oauth2,无法检索用户信息,spring,oauth-2.0,spring-oauth2,Spring,Oauth 2.0,Spring Oauth2,找不到说明如何使用access\u令牌获取用户信息的文档 我怎样才能做出这样的结论 当我访问/user端点时,我看到OAuth2AuthenticationProcessingFilter不包括在内。 我想我把下面的东西搞砸了 @Configuration @EnableWebSecurity @Order(2) // after ResourceServerConfigurerAdapter public class SecurityConfig extends WebSecurityConf
@Configuration
@EnableWebSecurity
@Order(2)
// after ResourceServerConfigurerAdapter
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// https://stackoverflow.com/questions/26387003/how-to-make-spring-boot-never-issue-session-cookie
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.antMatchers("/", "index", "/login**", "/webjars/**")
.permitAll()
.and().exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint)
.accessDeniedHandler(oAuth2FailedHandler)
.and().csrf().disable().authorizeRequests()
.and().addFilterBefore(new CORSFilter(), BasicAuthenticationFilter.class); }
}
I also have..
@Order(3)
@Configuration
@EnableResourceServer
@Slf4j
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(final ResourceServerSecurityConfigurer config) {
config.tokenServices(tokenServices());
}
@Override
public void configure(HttpSecurity http) throws Exception {
// super.configure(http);
log.info("hello OAuth2ResourceServerConfig:configure");
http
.authorizeRequests().anyRequest().authenticated();
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
final DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
return defaultTokenServices;
}
// JDBC token store configuration
@Bean
public DataSource dataSource() {
final DriverManagerDataSource dataSource = new DriverManagerDataSource();
dataSource.setDriverClassName(env.getProperty("spring.datasource.driver-class-name"));
dataSource.setUrl(env.getProperty("spring.datasource.url"));
dataSource.setUsername(env.getProperty("spring.datasource.username"));
dataSource.setPassword(env.getProperty("spring.datasource.password"));
return dataSource;
}
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource());
}
}
@Configuration
//@PropertySource({ "classpath:persistence.properties" }) @EnableAuthorizationServer
@Slf4j
public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
// ....
}
添加具有以下内容的REST控制器:
@RequestMapping("/user")
public @ResponseBody Principal user(Principal user) {
return user;
}
然后您可以使用授权标头中的访问令牌调用它。我还有
AuthorizationServerConfigurerAdapter
。。我不知道这些都隐藏着另一个。我有SecurityConfig
来设置SessionCreationPolicy.STATELESS
并添加CORSFilter。如果这是您的问题,那么资源服务器和身份验证服务器是同一个服务器。