@ EnableOAuth2Sso不检查令牌是否已过期

时间:2017-06-21 06:29:09

标签: spring-boot spring-security spring-security-oauth2

我已经在我的资源服务和ui面前实现了一个oauth2客户端的网关。除非我收到令牌到期时,所有事情都能正常运作

<oauth>
    <error_description>bfc5a9f6-0537-4ab9-91c1-e756501b429d</error_description>
    <error>invalid_token</error>
</oauth>

检查我发现的日志网关正在考虑用户已经认证,因为会话已经存在

2017-06-21 09:17:34.311 DEBUG 32482 --- [nio-8080-exec-6] o.s.s.w.a.i.FilterSecurityInterceptor    : Previously Authenticated: org.springframework.security.oauth2.provider.OAuth2Authentication@a80f4caf: Principal: user; Credentials: [PROTECTED]; Authenticated: true; Details: remoteAddress=0:0:0:0:0:0:0:1, sessionId=<SESSION>, tokenType=bearertokenValue=<TOKEN>; Granted Authorities: ROLE_ACTUATOR, ROLE_USER
2017-06-21 09:17:34.311 DEBUG 32482 --- [nio-8080-exec-6] o.s.s.access.vote.AffirmativeBased       : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@1aaae9c5, returned: 1

而我的资源服务或用户界面没有

2017-06-21 09:17:34.532  WARN 32484 --- [nio-9001-exec-1] o.s.b.a.s.o.r.UserInfoTokenServices      : Could not fetch user details: class org.springframework.security.oauth2.client.resource.UserRedirectRequiredException, A redirect is required to get the users approval

网关配置

@SpringBootApplication
@EnableDiscoveryClient
@EnableZuulProxy
public class GatewayApplication {

    public static void main(String[] args) {
        SpringApplication.run(GatewayApplication.class, args);
    }
}

@Configuration
@EnableOAuth2Sso
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf()
                .disable()
                .authorizeRequests()
                .anyRequest().authenticated();

    }

}

security:
  oauth2:
    client:
      accessTokenUri: http://localhost:9191/uaa/oauth/token
      userAuthorizationUri: http://localhost:9191/uaa/oauth/authorize
      clientId: acme
      clientSecret: acmesecret
    resource:
      user-info-uri: http://localhost:9191/uaa/user
      prefer-token-info: false
zuul:
  ignored-services: '*'
  routes:
    authserver: /uaa/**
    resource-service: /resource/**
    ui:
      path: /ui/**
      strip-prefix: false

UI配置或任何资源服务器

@SpringBootApplication
@EnableDiscoveryClient
@EnableResourceServer
public class UiApplication {

    public static void main(String[] args) {
        SpringApplication.run(UiApplication.class, args);
    }
}

security:
  oauth2:
    resource:
      user-info-uri: http://localhost:9191/uaa/user
server:
  port: 9001
  context-path: /${spring.application.name}

我期望并尝试做的是网关检查令牌是否有效以及它是否未将用户重定向到登录页面或使用刷新令牌来更新令牌?

1 个答案:

答案 0 :(得分:0)

在与gitter谈论@ dave-syer之后,他告诉我,我们需要在网关内声明OAuth2RestOperations,因为它在spring-boot中默认不创建,需要请求刷新令牌在OAuth2TokenRelayFilter

所以只需添加以下固定的每件事

 @Bean
 public OAuth2RestOperations oAuth2RestOperations(OAuth2ClientContext oauth2ClientContext, OAuth2ProtectedResourceDetails details) {
    OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(details, oauth2ClientContext);
    return oAuth2RestTemplate;
}
相关问题
最新问题