您好我必须在我的项目中集成spring security oauth2。所以我添加了配置相关部分及其工作正常。但问题是令牌的第一个请求转到“/ oauth / token”,我想将其更改为“api / v1 / token”。
我搜索了这个并找到了一些解决方案,例如在token-endpoint-url中添加oauth:authorization-server,同时添加了将覆盖ClientCredentialsTokenEndpointFilter并将url传递给构造函数的自定义过滤器类。但这些都行不通。
我收到以下错误请求“api / v1 / token” -
在SecurityContext中找不到Authentication对象
我的配置主要是基于xml的。 Spring-security.xml文件 -
<http pattern="/api/v1/token" create-session="stateless"
authentication-manager-ref="authenticationManager"
xmlns="http://www.springframework.org/schema/security" >
<intercept-url pattern="/api/v1/token" access="IS_AUTHENTICATED_FULLY" />
<anonymous enabled="false" />
<http-basic entry-point-ref="clientAuthenticationEntryPoint"/>
<custom-filter ref="customClientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
<http pattern="/test/**" create-session="never"
entry-point-ref="oauthAuthenticationEntryPoint"
xmlns="http://www.springframework.org/schema/security">
<anonymous enabled="false" />
<intercept-url pattern="/test/**" access="ROLE_USER" />
<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
<beans:bean id="oauthAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
</beans:bean>
<beans:bean id="oauthAccessDeniedHandler"
class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler">
</beans:bean>
<beans:bean id="clientAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<beans:property name="realmName" value="springsec/client" />
<beans:property name="typeName" value="Basic" />
</beans:bean>
<beans:bean id="customClientCredentialsTokenEndpointFilter"
class="com.walletdoc.oauth.web.security.CustomClientCredentialsTokenEndpointFilter">
<beans:property name="authenticationManager" ref="authenticationManager" />
</beans:bean>
<authentication-manager alias="authenticationManager"
xmlns="http://www.springframework.org/schema/security">
<authentication-provider user-service-ref="clientDetailsUserService" />
</authentication-manager>
<beans:bean id="clientDetails" class="com.walletdoc.oauth.web.security.SpringSecurityClientService">
<beans:property name="id" value="mysupplycompany" />
<beans:property name="secretKey" value="mycompanykey" />
<beans:property name="authorities" value="ROLE_CLIENT" />
</beans:bean>
<beans:bean id="clientDetailsUserService"
class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
<beans:constructor-arg ref="clientDetails"/>
</beans:bean>
<authentication-manager id="userAuthenticationManager"
xmlns="http://www.springframework.org/schema/security">
<authentication-provider ref="customUserAuthenticationProvider">
</authentication-provider>
</authentication-manager>
<beans:bean id="customUserAuthenticationProvider"
class="com.walletdoc.oauth.web.security.ClientAuthenticationProvider">
</beans:bean>
<oauth:authorization-server
client-details-service-ref="clientDetails" token-services-ref="tokenServices" token-endpoint-url="/api/v1/token">
<oauth:authorization-code />
<oauth:implicit/>
<oauth:refresh-token/>
<oauth:client-credentials />
<oauth:password authentication-manager-ref="userAuthenticationManager" />
</oauth:authorization-server>
<oauth:resource-server id="resourceServerFilter"
resource-id="springsec" token-services-ref="tokenServices" />
<beans:bean id="tokenStore"
class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore" />
<beans:bean id="tokenServices"
class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
<beans:property name="tokenStore" ref="tokenStore" />
<beans:property name="supportRefreshToken" value="true" />
<beans:property name="accessTokenValiditySeconds" value="3600"></beans:property>
<beans:property name="clientDetailsService" ref="clientDetails" />
</beans:bean>
我一直试图解决这个问题,所以任何帮助都会受到赞赏。
答案 0 :(得分:5)
路径“/ oauth / token”不是事实上的标准吗?
不幸的是,我没有XML配置的确切答案,但也许这个Java配置可以给你提示。
扩展AuthorizationServerConfigurerAdapter时,通过以下方法,您可以访问允许访问授权服务器配置的Builder:
@Override
public void configure(AuthorizationServerEndpointsConfigurer oauthServer) throws Exception {
oauthServer
// Here you can override the default endpoints mappings
.pathMapping("/oauth/authorize", "/api/v1/authorize")
.pathMapping("/oauth/token", "/api/v1/token")
// .. rest of the authorization server customization
.authenticationManager(authenticationManager)
.tokenStore(tokenStore);
}
这有点奇怪,因为你通过Map覆盖映射,你必须知道你想要覆盖的每个路径,并且AuthorizationServerEndpointsConfigurer类中没有任何提示或文档。
最后它起作用,就像授权服务器启动日志时显示的那样:
...
.s.o.p.e.FrameworkEndpointHandlerMapping : Mapped "{[/api/v1/authorize],methods=[],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto ...
.s.o.p.e.FrameworkEndpointHandlerMapping : Mapped "{[/api/v1/token],methods=[POST],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto ...
...
我想在XML中它应该转换为<oauth:authorization-server>内的一些元素,如:
<oauth:authorization-server>
<!-- ... -->
<pathMappings>
<!-- key/value here -->
</pathMappings>
</oauth:authorization-server>
编辑:检查XML schema后,您可能一开始就没错了,因为token-endpoint-url元素应根据评论进行数学运算:
<xs:attribute name="token-endpoint-url" type="xs:string">
<xs:annotation>
<xs:documentation>
The URL at which a request for an access token
will be serviced.
Default value: "/oauth/token"
</xs:documentation>
</xs:annotation>
</xs:attribute>
答案 1 :(得分:3)
终于搞定了。这个问题中缺少的一件事是
<beans:property name="filterProcessesUrl" value="/api/v1/token" />
在ClientCredentialsTokenEndpointFilter Bean定义中。
在custom-filter标记中有ClientCredentialsTokenEndpointFilter Bean的引用,在该Bean中,定义了一个属性为filterProcessesUrl的属性,并将该值作为所需的URL给出,如我的情况它是/api/v1/token。这解决了这个问题。
所以基本上改变token-endpoint-url,我们需要在4处改变 -
在token-endpoint-url定义
authorization-server
<http pattern="changed URL"
<intercept-url pattern="changed URL"
并在filterProcessesUrl中添加value="changed url" ClientCredentialsTokenEndpointFilter属性。