我一直在尝试配置Spring OAuth2。已经部分成功了。
为了测试我一直在使用SOAPui并将redirect-uri设置为“urn:ietf:wg:oauth:2.0:oob”。
我系统的问题是我可以去获取授权代码但是它不会重定向到授权服务器以获取访问代码。我一直在看日志,我看到URL没有在那里定义,它没有做/ app / oauth / token?code = OB05Cb而不是它只是做?代码= OB05Cb在网址上
DEBUG:org.springframework.web.servlet.DispatcherServlet - 渲染视图[org.springframework.web.servlet.view.RedirectView:unnamed; URL [urn:?code = OB05Cb]]
然后它显示我的SoapUI上找不到的页面并停止工作流程。
我相信我错过了一些没有这样做的拦截器。我不知道它为什么不向前发展。任何人都可以给我一些提示吗?谢谢!
我正在使用Spring OAuth2版本2.0.3.RELEASE 4.0.5.RELEASE 3.2.5.RELEASE
这是我的配置文件。
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:sec="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:oauth2="http://www.springframework.org/schema/security/oauth2"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security/oauth2
http://www.springframework.org/schema/security/spring-security-oauth2.xsd">
<beans:bean id="tokenStore"
class="com.nando.api.service.CassandraTokenStore" />
<beans:bean id="codes"
class="com.nando.api.service.CassandraAuthorizationCodeService" />
<beans:bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
<beans:property name="tokenStore" ref="tokenStore"/>
</beans:bean>
<!-- Added this -->
<beans:bean id="authenticationManager" class="org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationManager">
<beans:property name="resourceId" value="nando"/>
<beans:property name="tokenServices" ref="tokenServices"/>
</beans:bean>
<beans:bean id="tokenExtractor"
class="org.springframework.security.oauth2.provider.authentication.BearerTokenExtractor"/>
<beans:bean id="userService" class="com.nando.api.service.DefaultUserService" />
<beans:bean id="webServiceClientService"
class="com.nando.api.service.DefaultWebServiceClientService" />
<beans:bean id="clientDetailsUserService"
class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
<beans:constructor-arg ref="webServiceClientService" />
<!-- might need or not to set the passwordEncoder -->
<!-- <beans:property name="passwordEncoder" ref="passwordEncoder" /> -->
</beans:bean>
<beans:bean id="oauthRequestFactory"
class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory">
<!-- Added this -->
<beans:property name="checkUserScopes" value="true" />
<!-- TODO arguments here -->
<beans:constructor-arg name="clientDetailsService"
ref="webServiceClientService" />
</beans:bean>
<beans:bean id="userApprovalHandler"
class="org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler">
<!-- TODO here -->
<beans:property name="requestFactory" ref="oauthRequestFactory" />
<beans:property name="tokenStore" ref="tokenStore" />
<beans:property name="clientDetailsService" ref="webServiceClientService" />
</beans:bean>
<beans:bean id="resolver" class="org.springframework.security.oauth2.provider.endpoint.DefaultRedirectResolver" />
<beans:bean id="requestValidator" class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestValidator" />
<oauth2:authorization-server client-details-service-ref="webServiceClientService"
token-services-ref="tokenServices" user-approval-page="/oauth/userapproval"
error-page="/oauth/error" authorization-endpoint-url="/oauth/authorize" token-endpoint-url="/oauth/token" user-approval-handler-ref="userApprovalHandler">
<oauth2:authorization-code
authorization-code-services-ref="codes" />
<oauth2:refresh-token/>
<oauth2:password/>
</oauth2:authorization-server>
<!-- Spring Security Authentication Managers -->
<beans:bean id="passwordEncoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
<sec:authentication-manager alias="userAuthenticationManager">
<sec:authentication-provider user-service-ref="userService">
<sec:password-encoder ref="passwordEncoder"/>
</sec:authentication-provider>
</sec:authentication-manager>
<sec:authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
<sec:authentication-provider user-service-ref="clientDetailsUserService"/>
</sec:authentication-manager>
<oauth2:resource-server id="oauth2ProviderFilter"
authentication-manager-ref="authenticationManager" token-extractor-ref="tokenExtractor" token-services-ref="tokenServices"/>
<beans:bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl" />
<beans:bean id="webSecurityExpressionHandler"
class="org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler" />
<beans:bean id="methodSecurityExpressionHandler"
class="org.springframework.security.oauth2.provider.expression.OAuth2MethodSecurityExpressionHandler" />
<beans:bean id="oauthAccessDeniedHandler"
class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
<beans:bean id="oauthAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint" />
<sec:global-method-security pre-post-annotations="enabled"
order="0" proxy-target-class="true">
<sec:expression-handler ref="methodSecurityExpressionHandler" />
</sec:global-method-security>
<sec:http security="none" pattern="/resource/**" />
<sec:http security="none" pattern="/favicon.ico" />
<beans:bean id="corsFilter" class="com.nando.api.filters.SpringCrossOriginResourceSharingFilter"/>
<!-- Maybe change the create-session here -->
<sec:http use-expressions="true" create-session="stateless"
authentication-manager-ref="userAuthenticationManager"
entry-point-ref="oauthAuthenticationEntryPoint" pattern="/oauth/token">
<sec:intercept-url pattern="/oauth/token" access="hasAuthority('OAUTH_CLIENT')" />
<sec:http-basic />
<sec:access-denied-handler ref="oauthAccessDeniedHandler" />
<sec:expression-handler ref="webSecurityExpressionHandler" />
<sec:custom-filter ref="corsFilter" after="LAST"/>
</sec:http>
<!-- Here is where the Services endpoints are secured -->
<sec:http use-expressions="true" create-session="never"
entry-point-ref="oauthAuthenticationEntryPoint" pattern="/services/**">
<sec:intercept-url pattern="/services/**"
access="hasAuthority('USE_WEB_SERVICES')" />
<sec:custom-filter ref="oauth2ProviderFilter" before="PRE_AUTH_FILTER" />
<sec:access-denied-handler ref="oauthAccessDeniedHandler" />
<sec:expression-handler ref="webSecurityExpressionHandler" />
</sec:http>
<!-- General security -->
<sec:http use-expressions="true">
<sec:intercept-url pattern="/session/list"
access="hasAuthority('VIEW_USER_SESSIONS')" />
<sec:intercept-url pattern="/oauth/**"
access="hasAuthority('USE_WEB_SERVICES')" />
<sec:intercept-url pattern="/login/**" access="permitAll()" />
<sec:intercept-url pattern="/login" access="permitAll()" />
<sec:intercept-url pattern="/scope/**" access="permitAll()" />
<sec:intercept-url pattern="/scope" access="permitAll()" />
<sec:intercept-url pattern="/logout" access="permitAll()" />
<sec:form-login default-target-url="/" login-page="/login"
login-processing-url="/login/submit" authentication-failure-url="/login?loginFailed"
username-parameter="username" password-parameter="password" />
<sec:logout logout-url="/logout" logout-success-url="/login?loggedOut"
delete-cookies="JSESSIONID" invalidate-session="true" />
<sec:session-management invalid-session-url="/login"
session-fixation-protection="changeSessionId">
<sec:concurrency-control error-if-maximum-exceeded="true"
max-sessions="1" session-registry-ref="sessionRegistry" />
</sec:session-management>
<sec:csrf />
<sec:expression-handler ref="webSecurityExpressionHandler" />
</sec:http>
</beans:beans>