Spring OAuth2在SecurityContext中未找到身份验证对象_Spring_Spring Security_Spring Security Oauth2

Spring OAuth2在SecurityContext中未找到身份验证对象

spring spring-security

Spring OAuth2在SecurityContext中未找到身份验证对象,spring,spring-security,spring-security-oauth2,Spring,Spring Security,Spring Security Oauth2,我正在尝试为我的应用程序配置spring安全性。身份验证已经启动并运行，我能够使用oauth/tokenURL生成oauth令牌。现在，当我使用这个令牌时，我得到了错误 17:47:08,668 DEBUG SessionManagementFilter:124 - Requested session ID Lna1JBtS5foU2qDaGONIzBcGgvt94FTSneANgG77 is invalid. 17:47:08,670 DEBUG FilterSecurityIntercept

我正在尝试为我的应用程序配置spring安全性。身份验证已经启动并运行，我能够使用oauth/tokenURL生成oauth令牌。现在，当我使用这个令牌时，我得到了错误

17:47:08,668 DEBUG SessionManagementFilter:124 - Requested session ID Lna1JBtS5foU2qDaGONIzBcGgvt94FTSneANgG77 is invalid.
17:47:08,670 DEBUG FilterSecurityInterceptor:219 - Secure object: FilterInvocation: URL: /api/user/update; Attributes: [hasAnyRole('ROLE_ANONYMOUS, USER')]
17:47:08,671 DEBUG ExceptionTranslationFilter:164 - Authentication exception occurred; redirecting to authentication entry point
org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:379)
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:223)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115)

下面是我的配置

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private ClientDetailsService clientDetailsService;

    @Autowired
    private MyAuthenticationProvider myAuthenticationProvider;

    @Autowired
    public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(myAuthenticationProvider);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf().disable()
            .anonymous().disable()
            .authorizeRequests()
                .antMatchers("/oauth/token", "/api/signup").permitAll()
                .anyRequest().hasAnyRole("ANONYMOUS, USER");
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/api/signup");
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public TokenStore tokenStore() {
        return new InMemoryTokenStore();
    }

    @Bean
    public TokenStoreUserApprovalHandler userApprovalHandler() {
        TokenStoreUserApprovalHandler handler = new TokenStoreUserApprovalHandler();
        handler.setTokenStore(tokenStore());
        handler.setRequestFactory(new DefaultOAuth2RequestFactory(clientDetailsService));
        handler.setClientDetailsService(clientDetailsService);
        return handler;
    }

    @Bean
    public ApprovalStore approvalStore() throws Exception {
        TokenApprovalStore store = new TokenApprovalStore();
        store.setTokenStore(tokenStore());
        return store;
    }

}

授权服务器类

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

    private static String REALM = "ABCDEF";

    @Autowired
    private UserApprovalHandler userApprovalHandler;

    @Autowired
    @Qualifier("authenticationManagerBean")
    private AuthenticationManager authenticationManager;

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory().withClient("user").secret("secret")
                .authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")
                .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT").scopes("read", "write", "trust") //
                .accessTokenValiditySeconds(60 * 60 * 24 * 1) // Access token is only valid for 1 days.
                .refreshTokenValiditySeconds(60 * 60 * 24 * 30); // Refresh token is only valid for 30 days.
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
        tokenEnhancerChain.setTokenEnhancers(Arrays.asList(tokenEnhancer(), accessTokenConverter()));
        endpoints.tokenEnhancer(tokenEnhancer()).userApprovalHandler(userApprovalHandler)
                .authenticationManager(authenticationManager);
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
        oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()").realm(REALM);
    }

    @Bean
    public TokenEnhancer tokenEnhancer() {
        return new MicroInvestTokenEnhancer();
    }

    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        converter.setSigningKey("123456789");
        return converter;
    }

}

身份验证提供者

@Component("myAuthenticationProvider")
public class MyAuthenticationProvider implements AuthenticationProvider {

    @Autowired
    private LoginService loginService;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        MicroInvestAuthenticationToken auth = null;
        if (authentication != null) {
            final String username = authentication.getPrincipal().toString();
            final String password = authentication.getCredentials().toString();
            LoginResponse user = loginService.login(username, password);
            if (user != null) {
                final List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
                grantedAuthorities.add(new SimpleGrantedAuthority("USER"));
                auth = new MicroInvestAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), grantedAuthorities);
                auth.setUser(user);
            }
        }
        return auth;
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return (UsernamePasswordAuthenticationToken.class).isAssignableFrom(authentication);
    }
}

@组件（“myAuthenticationProvider”）
公共类MyAuthenticationProvider实现AuthenticationProvider{
@自动连线
私人登录服务登录服务；
@凌驾
公共身份验证（身份验证）引发AuthenticationException{
MicroInvestAuthenticationToken auth=null；
if（身份验证！=null）{
最终字符串username=authentication.getPrincipal（）.toString（）；
最终字符串密码=authentication.getCredentials（）.toString（）；
LoginResponse user=loginService.login（用户名、密码）；
如果（用户！=null）{
最终列表授权机构=新ArrayList（）；
添加（新的SimpleGrantedAuthority（“用户”）；
auth=新的MicroInvestAuthenticationToken（authentication.getPrincipal（）、authentication.getCredentials（）、GrantedAuthories）；
auth.setUser（用户）；
}
}
返回auth；
}
@凌驾
公共布尔支持（类身份验证）{
返回（UsernamePasswordAuthenticationToken.class）.isAssignableFrom（身份验证）；
}
}