Question

出于学习目的，我正在尝试使用Spring OAuth lib实现SSO。 AuthenticationServer如下所示：

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
    @Autowired
    private AuthenticationManager authenticationManager;

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.authenticationManager(authenticationManager);
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory() //
                .withClient("acme") //
                .secret("acmesecret") //
                .authorizedGrantTypes("authorization_code", "refresh_token", "password") //
                .scopes("openid");
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
        oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
   }
}

像这样的WebSecurity：

@Configuration
@EnableWebSecurity
public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter {
    @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin().loginPage("/login").permitAll().and() //
                .logout().and() //
                .authorizeRequests().anyRequest().hasRole("USER");
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
    }
}

和RestController：

@RestController
@EnableResourceServer
public class UserController {
    @GetMapping("/user/me")
    public Principal user(Principal principal) {
        return principal;
    }
}

Web应用程序保持最小化：

@SpringBootApplication
@EnableOAuth2Sso
public class WebApplication implements WebMvcConfigurer {

    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
    registry.addViewController("/").setViewName("index");
    }

    public static void main(String[] args) {
        SpringApplication.run(WebApplication.class, args);
    }
}

application.yml：

spring:
  thymeleaf:
    cache: false
  security:
    basic:
      enabled: false
    oauth2:
      client:
        clientId: acme
        clientSecret: acmesecret
        accessTokenUri: http://localhost:9999/auth/oauth/token
        userAuthorizationUri: http://localhost:9999/auth/oauth/authorize
      resource:
        userInfoUri: http://localhost:9999/auth/user/me

当我输入URL localhost：8080时，应该重定向到登录名（由spring生成？），但是出现401错误。

2018-09-29 12:42:28.257 DEBUG 7677 --- [nio-9999-exec-2] o.s.s.w.a.ExceptionTranslationFilter     : Access is denied (user is anonymous); redirecting to authentication entry point

我想念什么？谢谢！

Answer 1

您需要在Web应用程序中设置Web安全配置。

Spring Security不允许连接401甚至登录URL的原因。

因此，基本上，您需要添加如下的Java配置

@Configuration
@EnableOAuth2Sso
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .anyRequest().authenticated()
            .and()
            .formLogin().permitAll();
    }
}

希望这会有所帮助！快乐编码：）

使用Spring OAuth2启用SSO

1 个答案: