Spring可以有多个ConfigurerAdapter吗?

时间:2016-09-20 16:48:45

标签: spring spring-security spring-boot spring-security-oauth2 spring-security-ldap

我需要使用ldap身份验证添加OAuth2安全性。 我首先实现了ldap身份验证并添加了WebSecurityConfigurerAdapter实例。

@Configuration
@EnableWebSecurity
@Order(2)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(final HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .anyRequest().fullyAuthenticated()
            .and()
            .formLogin();
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Autowired
    public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {
        auth.ldapAuthentication()
                .contextSource().url("ldaps://master:636/dc=domain,dc=com")
                .managerDn("cn=readonly,dc=domain,dc=com").managerPassword("123456")
                .and()
                .userSearchFilter("(uid={0})");
    }
}

我需要添加OAuth2资源服务器适配器ResourceServerConfigurerAdapter 

@Configuration
@Import({ DatabaseConfig.class })
@EnableResourceServer
@Order(1)
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Autowired DatabaseConfig databaseConfig;

    @Override
    public void configure(final HttpSecurity http) throws Exception {
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).and().authorizeRequests()
                .anyRequest().authenticated();
    }


    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        final JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        // converter.setSigningKey("123");
        final Resource resource = new ClassPathResource("public.txt");
        String publicKey = null;
        try {
            publicKey = IOUtils.toString(resource.getInputStream());
        } catch (final IOException e) {
            throw new RuntimeException(e);
        }
        converter.setVerifierKey(publicKey);
        return converter;
    }

    @Bean
    @Primary
    public DefaultTokenServices tokenServices() {
        final DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        return defaultTokenServices;
    }


    @Bean
    public TokenStore tokenStore() {
        return new JdbcTokenStore(databaseConfig.dataSource());
    }

似乎WebSecurityConfigurerAdapter和ResourceServerConfigurerAdapter在配置时都会发生冲突。

我正在使用configure()方法,但我只能在我的Rest API上使用http://localhost:8080/login通过ldap进行访问登录,并且无法使用oauth http://localhost:8081/login使用我的角度客户端

尝试访问资源时出现以下错误:

Failed to find refresh token for token eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJqb2huIiwic2NvcGUiOlsiZm9vIiwicmVhZCIsIndyaXRlIl0sIm9yZ2FuaXphdGlvbiI6ImpvaG5vRnZiIiwiYXRpIjoiNDcyZTJiNDYtZjgxZS00NGJiLWEwNDMtMGYwZmRjMDMzY2U1IiwiZXhwIjoxNDc2NTQ5NjYzLCJhdXRob3JpdGllcyI6WyJST0xFX1VTRVIiXSwianRpIjoiN2UwNzRkZDktOWI0ZC00MTU0LWJjMzktMDlkY2U4Y2UyZTg2IiwiY2xpZW50X2lkIjoiZm9vQ2xpZW50SWRQYXNzd29yZCJ9.fuarTPL1O00Yg6b3BPibwux1ZtlmrHaPCJkgjsJni_51B3NEHkdB9kqbABK3IkMWMlZdqY8xfR-zMpY9SxFkpRFDfyvosgLcsTZ...
Handling error: InvalidGrantException, Invalid refresh token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVC...

2 个答案:

答案 0 :(得分:1)

我有同样的问题。可能是我的解决方案并不优雅,但它对我有用。

我曾尝试OAuth2ResourceServerConfig扩展WebSecurityConfig并实现ResourceServerConfigurer。

您的OAuth2ResourceServerConfig必须是这样的

@Configuration
@Import({ DatabaseConfig.class })
@EnableResourceServer
@Order(1)
public class OAuth2ResourceServerConfig extends WebSecurityConfig implements ResourceServerConfigurer {

    @Autowired DatabaseConfig databaseConfig;

    @Override
    public void configure(final HttpSecurity http) throws Exception {
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).and().authorizeRequests()
                .anyRequest().authenticated();
    }


    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        final JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        // converter.setSigningKey("123");
        final Resource resource = new ClassPathResource("public.txt");
        String publicKey = null;
        try {
            publicKey = IOUtils.toString(resource.getInputStream());
        } catch (final IOException e) {
            throw new RuntimeException(e);
        }
        converter.setVerifierKey(publicKey);
        return converter;
    }

    @Bean
    @Primary
    public DefaultTokenServices tokenServices() {
        final DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        return defaultTokenServices;
    }


    @Bean
    public TokenStore tokenStore() {
        return new JdbcTokenStore(databaseConfig.dataSource());
    }

答案 1 :(得分:0)

根据this post,我认为你可以使用以前的版本添加到你的配置(yml或属性):

security:
  oauth2:
    resource:
        filter-order: 3

我尝试将@Order注释添加到我的源服务器配置中,并获得相同的问题。所以,我认为@Order注释并没有对ResourceServerConfigurerAdapter生效,但它适用于WebSecurityConfig。我不知道这是一个错误或意图。

相关问题
最新问题