Spring 具有外部资源服务器应用程序的Oauth2集中式SSO提供程序不工作
我有一个OAuth2提供者应用程序(URL:),它将被多个资源服务器应用程序(RESTWebServices)访问。这里的想法是在集中的OAuth2提供程序中配置所有权限,并且应该针对OAuth2提供程序验证所有资源服务器应用程序的安全性 当我尝试访问时,会收到一条“需要完全身份验证”消息 您能告诉我App-A如何从集中式OAuth2提供商处读取权限吗 我的授权服务器配置:Spring 具有外部资源服务器应用程序的Oauth2集中式SSO提供程序不工作,spring,spring-boot,spring-security,oauth-2.0,spring-security-oauth2,Spring,Spring Boot,Spring Security,Oauth 2.0,Spring Security Oauth2,我有一个OAuth2提供者应用程序(URL:),它将被多个资源服务器应用程序(RESTWebServices)访问。这里的想法是在集中的OAuth2提供程序中配置所有权限,并且应该针对OAuth2提供程序验证所有资源服务器应用程序的安全性 当我尝试访问时,会收到一条“需要完全身份验证”消息 您能告诉我App-A如何从集中式OAuth2提供商处读取权限吗 我的授权服务器配置: @Configuration @RestController @EnableAuthorizationServ
@Configuration
@RestController
@EnableAuthorizationServer
public class AuthorizationServer extends AuthorizationServerConfigurerAdapter{
@RequestMapping("/user")
public Principal user(Principal user) {
return user;
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
//Start: Add App-A Protected Resources
clients.inMemory()
.withClient(“appAClientID”)
.secret(“appAClientSecret”)
.resourceIds(“APPA_RESOURCE_ID”)
.authorizedGrantTypes(“password”, “refresh_token”)
.authorities(“ROLE_CLIENT”, “ROLE_TRUSTED_CLIENT”)
.scopes(“read”, “write”)
.accessTokenValiditySeconds(600)
.refreshTokenValiditySeconds(3600);
//End: Add App-A Protected Resources
}
}
OAuth2提供程序上的我的资源服务器配置
@Configuration
@EnableResourceServer
public class SMEEShopResourceServer extends ResourceServerConfigurerAdapter{
@Override
public void configure(HttpSecurity http) throws Exception {
// TODO Auto-generated method stub
/**
* Allow only authenticated requests
* to access /user
*/
http.requestMatchers().antMatchers("/user/**")
.and().authorizeRequests().antMatchers("/user/**").authenticated();
/**
* Resource Configuration for App-A
*/
http.requestMatchers().antMatchers("/appA/xyz/**")
.and().authorizeRequests().antMatchers("/appA/xyz/**").permitALl();
http.requestMatchers().antMatchers("/appA/123/**")
.and().authorizeRequests().antMatchers("/appA/123/**").authenticated();
/**
* Add CSRF Filter
*/
http.authorizeRequests().and().csrf().csrfTokenRepository(csrfTokenRepository())
.and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
}
@Override
public void configure(ResourceServerSecurityConfigurer resources)
throws Exception {
// TODO Auto-generated method stub
String RESOURCE_ID = “APPA_RESOURCE_ID”;
resources.resourceId(RESOURCE_ID).tokenServices(getRemoteTokenService());
}
}
private Filter csrfHeaderFilter() {
return new OncePerRequestFilter() {
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class
.getName());
if (csrf != null) {
Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
String token = csrf.getToken();
if (cookie == null || token != null
&& !token.equals(cookie.getValue())) {
cookie = new Cookie("XSRF-TOKEN", token);
cookie.setPath("/");
response.addCookie(cookie);
}
}
filterChain.doFilter(request, response);
}
};
}
protected CsrfTokenRepository csrfTokenRepository() {
HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
repository.setHeaderName("X-XSRF-TOKEN");
return repository;
}
@Override
@Primary
@Bean
public RemoteTokenServices getRemoteTokenService() {
// TODO Auto-generated method stub
RemoteTokenServices tokenService = new RemoteTokenServices();
tokenService.setCheckTokenEndpointUrl(“http://localhost:8080/oauth/check_token”);
tokenService.setClientId(“appAClientID”);
tokenService.setClientSecret(“appAClientSecret”);
return tokenService;
}
以及应用程序A上的资源服务器
@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
// TODO Auto-generated method stub
http.requestMatchers().antMatchers("/**").and()
.authorizeRequests().anyRequest().authenticated()
.and().csrf().csrfTokenRepository(csrfTokenRepository())
.and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
}
@Override
public void configure(ResourceServerSecurityConfigurer resources)
throws Exception {
// TODO Auto-generated method stub
String RESOURCE_ID = “APPA_RESOURCE_ID”;
resources.resourceId(RESOURCE_ID).tokenServices(getRemoteTokenService());
}
}
protected Filter csrfHeaderFilter() {
return new OncePerRequestFilter() {
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class
.getName());
if (csrf != null) {
Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
String token = csrf.getToken();
if (cookie == null || token != null
&& !token.equals(cookie.getValue())) {
cookie = new Cookie("XSRF-TOKEN", token);
cookie.setPath("/");
response.addCookie(cookie);
}
}
filterChain.doFilter(request, response);
}
};
}
private CsrfTokenRepository csrfTokenRepository() {
HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
repository.setHeaderName("X-XSRF-TOKEN");
return repository;
}
@Override
@Primary
@Bean
public RemoteTokenServices getRemoteTokenService() {
// TODO Auto-generated method stub
RemoteTokenServices tokenService = new RemoteTokenServices();
tokenService.setCheckTokenEndpointUrl(“http://localhost:8080/oauth/check_token”);
tokenService.setClientId(“appAClientID”);
tokenService.setClientSecret(“appAClientSecret”);
return tokenService;
}
我的应用程序。应用程序A的属性
server.port=8090
server.context-path=/appA
# ----------------------------------------
# oAUTH 2.0 PROPERTIES
# ----------------------------------------
security.oauth2.client.client-id= appAClientID
security.oauth2.client.client-secret= appAClientSecret
spring.oauth2.client.access-token-uri=http://localhost:8080/oauth/token
security.oauth2.resource.id=APPA_RESOURCE_ID
security.oauth2.resource.token-info- uri=http://localhost:8080/oauth/check_token
security.oauth2.resource.userInfoUri= http://localhost:8080/user
嗨,你能帮我一下吗?这件事很重要,需要马上解决。嗨,你能帮我解决一下吗?这非常重要,需要立即解决