Spring JHipster OAuth2服务器-/oauth/authorize的登录页面
tl;博士强> 当用户被重定向到/oauth/authorize时,我想创建一个自定义的工作登录页面,在我设法显示我的登录页面时,它只是重定向到自己,而不管使用了什么凭据或者是否删除了它Spring JHipster OAuth2服务器-/oauth/authorize的登录页面,spring,spring-security,spring-boot,spring-security-oauth2,jhipster,Spring,Spring Security,Spring Boot,Spring Security Oauth2,Jhipster,tl;博士 当用户被重定向到/oauth/authorize时,我想创建一个自定义的工作登录页面,在我设法显示我的登录页面时,它只是重定向到自己,而不管使用了什么凭据或者是否删除了它 .requestMatchers().antMatchers("/oauth/authorize") 从WebSecurity配置适配器页面可以正常工作,但/oauth/token返回: error: "unauthorized" error_description: "There is no client au
.requestMatchers().antMatchers("/oauth/authorize")
从WebSecurity配置适配器页面可以正常工作,但/oauth/token返回:
error: "unauthorized"
error_description: "There is no client authentication. Try adding an appropriate authentication filter."
详细描述:我正在使用jhipster模板应用程序作为资源服务器,并带有一些小的管理前端。除此之外,我希望其他客户端应用程序能够使用我的资源服务器,但用户登录应该保留在我的应用程序上。 示例旅程:
127.0.0.1:8080/oauth/authorize?
response_type=code&client_id=kbExplorer&redirect_uri=http://localhost
重定向\u uri
127.0.0.1:8080/oauth/token?grand_type=authorization_code&code={code}
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@Order(Ordered.HIGHEST_PRECEDENCE)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Inject
private UserDetailsService userDetailsService;
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Inject
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder());
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/scripts/**/*.{js,html}")
.antMatchers("/bower_components/**")
.antMatchers("/i18n/**")
.antMatchers("/assets/**")
.antMatchers("/swagger-ui/index.html")
.antMatchers("/api/register")
.antMatchers("/api/activate")
.antMatchers("/api/account/reset_password/init")
.antMatchers("/api/account/reset_password/finish")
.antMatchers("/test/**")
.antMatchers("/console/**");
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
//.httpBasic().realmName("LES")
//.and()
.requestMatchers().antMatchers("/oauth/authorize")
.and()
.authorizeRequests()
.antMatchers("/api/logput").permitAll()
.antMatchers("/oauth/authorize").authenticated()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.formLogin().loginPage("/login").permitAll().and().csrf().disable();
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
return new SecurityEvaluationContextExtension();
}
}
正因为如此,我从mvc控制器获得了自定义登录页面:
@Configuration
public class MvcConfig extends WebMvcConfigurerAdapter {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/login").setViewName("login");
}
}
但是现在有一个问题,当我进入/oauth/authorize
登录页面时,它是正常的,除了你将放在那里的内容之外,它总是将你重定向回这个登录页面
我注意到,如果我只删除:
@Override
public void configure(HttpSecurity http) throws Exception {
http
//.httpBasic().realmName("LES")
//.and()
// This is the line I'm removing:
//.requestMatchers().antMatchers("/oauth/authorize")
//.and()
.authorizeRequests()
.antMatchers("/api/logput").permitAll()
.antMatchers("/oauth/authorize").authenticated()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.formLogin().loginPage("/login").permitAll().and().csrf().disable();
}
整个登录工作正常。但现在管理员应用程序停止了(这是纯jhipster angularjs模板)。仅打开此应用程序会产生错误:
error: "Internal Server Error"
exception: "java.lang.IllegalStateException"
message: "Request processing failed; nested exception is java.lang.IllegalStateException: User not found!"
path: "/api/account"
status: 500
timestamp: "2016-01-22T11:33:08.286+0000"
默认情况下尝试登录grand_type=密码生成:
error: "unauthorized"
error_description: "There is no client authentication. Try adding an appropriate authentication filter."
这是我的OAuth2ServerConfiguration
(基本上是它的纯jhipser模板):
问题是:
如何使登录页面工作,同时又不破坏api?我有错误的匹配器,登录页面在我的第一个选项中不工作,因为我在
配置方法中没有“/login”
的匹配器。
SecurityConfiguration
类应如下所示:
@Override
public void configure(HttpSecurity http) throws Exception {
http
.requestMatchers().antMatchers(HttpMethod.OPTIONS, "/**")
.antMatchers("/oauth/authorize","/login", "/oauth/confirm_access")
.and()
.authorizeRequests()
.antMatchers("/oauth/authorize").authenticated()
.and()
.formLogin().loginPage("/login").permitAll()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.csrf().disable();
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
.requestMatchers().antMatchers(HttpMethod.OPTIONS, "/**")
.antMatchers("/oauth/authorize","/login", "/oauth/confirm_access")
.and()
.authorizeRequests()
.antMatchers("/oauth/authorize").authenticated()
.and()
.formLogin().loginPage("/login").permitAll()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.csrf().disable();
}