Spring Security Oauth 2自定义令牌端点URL

时间:2015-06-11 07:22:36

标签: java spring-security-oauth2

您好我必须在我的项目中集成spring security oauth2。所以我添加了配置相关部分及其工作正常。但问题是令牌的第一个请求转到“/ oauth / token”,我想将其更改为“api / v1 / token”。 我搜索了这个并找到了一些解决方案,例如在token-endpoint-url中添加oauth:authorization-server,同时添加了将覆盖ClientCredentialsTokenEndpointFilter并将url传递给构造函数的自定义过滤器类。但这些都行不通。 我收到以下错误请求“api / v1 / token” -

  

在SecurityContext中找不到Authentication对象

我的配置主要是基于xml的。 Spring-security.xml文件 -

<http pattern="/api/v1/token" create-session="stateless"
      authentication-manager-ref="authenticationManager"
      xmlns="http://www.springframework.org/schema/security" > 
    <intercept-url pattern="/api/v1/token" access="IS_AUTHENTICATED_FULLY" />
    <anonymous enabled="false" />
    <http-basic entry-point-ref="clientAuthenticationEntryPoint"/>
    <custom-filter ref="customClientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" /> 
    <access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
<http pattern="/test/**" create-session="never"
      entry-point-ref="oauthAuthenticationEntryPoint"       
      xmlns="http://www.springframework.org/schema/security">
    <anonymous enabled="false" />
    <intercept-url pattern="/test/**" access="ROLE_USER" />
    <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
    <access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
<beans:bean id="oauthAuthenticationEntryPoint"
            class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
</beans:bean>
 <beans:bean id="oauthAccessDeniedHandler"
    class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler">
</beans:bean>
<beans:bean id="clientAuthenticationEntryPoint"
            class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
    <beans:property name="realmName" value="springsec/client" />
    <beans:property name="typeName" value="Basic" />
</beans:bean>


 <beans:bean id="customClientCredentialsTokenEndpointFilter"
            class="com.walletdoc.oauth.web.security.CustomClientCredentialsTokenEndpointFilter">
     <beans:property name="authenticationManager" ref="authenticationManager" />
</beans:bean>

<authentication-manager alias="authenticationManager"
                        xmlns="http://www.springframework.org/schema/security">
    <authentication-provider user-service-ref="clientDetailsUserService" />
</authentication-manager>
<beans:bean id="clientDetails" class="com.walletdoc.oauth.web.security.SpringSecurityClientService">
    <beans:property name="id" value="mysupplycompany" />
    <beans:property name="secretKey" value="mycompanykey" />
    <beans:property name="authorities" value="ROLE_CLIENT" />
</beans:bean>
<beans:bean id="clientDetailsUserService"
            class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
    <beans:constructor-arg ref="clientDetails"/>
</beans:bean>



<authentication-manager id="userAuthenticationManager" 
                        xmlns="http://www.springframework.org/schema/security">
    <authentication-provider  ref="customUserAuthenticationProvider">
    </authentication-provider>
</authentication-manager>

<beans:bean id="customUserAuthenticationProvider"
            class="com.walletdoc.oauth.web.security.ClientAuthenticationProvider">
</beans:bean>

<oauth:authorization-server
    client-details-service-ref="clientDetails" token-services-ref="tokenServices" token-endpoint-url="/api/v1/token">
    <oauth:authorization-code />
    <oauth:implicit/>
    <oauth:refresh-token/>
    <oauth:client-credentials />
    <oauth:password authentication-manager-ref="userAuthenticationManager" />
</oauth:authorization-server>

<oauth:resource-server id="resourceServerFilter"
                       resource-id="springsec" token-services-ref="tokenServices" />

<beans:bean id="tokenStore"
            class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore" />

<beans:bean id="tokenServices"
            class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
    <beans:property name="tokenStore" ref="tokenStore" />
    <beans:property name="supportRefreshToken" value="true" />
    <beans:property name="accessTokenValiditySeconds" value="3600"></beans:property>
    <beans:property name="clientDetailsService" ref="clientDetails" />
</beans:bean>

我一直试图解决这个问题,所以任何帮助都会受到赞赏。

2 个答案:

答案 0 :(得分:5)

路径“/ oauth / token”不是事实上的标准吗?

不幸的是,我没有XML配置的确切答案,但也许这个Java配置可以给你提示。

扩展AuthorizationServerConfigurerAdapter时,通过以下方法,您可以访问允许访问授权服务器配置的Builder:

@Override
public void configure(AuthorizationServerEndpointsConfigurer oauthServer) throws Exception {
    oauthServer

        // Here you can override the default endpoints mappings
        .pathMapping("/oauth/authorize", "/api/v1/authorize")
        .pathMapping("/oauth/token", "/api/v1/token")

        // .. rest of the authorization server customization
        .authenticationManager(authenticationManager)
        .tokenStore(tokenStore);
}

这有点奇怪,因为你通过Map覆盖映射,你必须知道你想要覆盖的每个路径,并且AuthorizationServerEndpointsConfigurer类中没有任何提示或文档。

最后它起作用,就像授权服务器启动日志时显示的那样:

...
.s.o.p.e.FrameworkEndpointHandlerMapping : Mapped "{[/api/v1/authorize],methods=[],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto ...
.s.o.p.e.FrameworkEndpointHandlerMapping : Mapped "{[/api/v1/token],methods=[POST],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto ...

...

我想在XML中它应该转换为<oauth:authorization-server>内的一些元素,如:

<oauth:authorization-server>
  <!-- ... -->
  <pathMappings>
    <!-- key/value here -->
  </pathMappings>
</oauth:authorization-server>

编辑:检查XML schema后,您可能一开始就没错了,因为token-endpoint-url元素应根据评论进行数学运算:

        <xs:attribute name="token-endpoint-url" type="xs:string">
            <xs:annotation>
                <xs:documentation>
                    The URL at which a request for an access token
                    will be serviced.
                    Default value: "/oauth/token"
                </xs:documentation>
            </xs:annotation>
        </xs:attribute>

也许您应该在spring-security-oauth issue tracker

中提出问题

答案 1 :(得分:3)

终于搞定了。这个问题中缺少的一件事是 <beans:property name="filterProcessesUrl" value="/api/v1/token" />ClientCredentialsTokenEndpointFilter Bean定义中。

custom-filter标记中有ClientCredentialsTokenEndpointFilter Bean的引用,在该Bean中,定义了一个属性为filterProcessesUrl的属性,并将该值作为所需的URL给出,如我的情况它是/api/v1/token。这解决了这个问题。

所以基本上改变token-endpoint-url,我们需要在4处改变 -

  1. token-endpoint-url定义

  2. 中添加authorization-server
  3. <http pattern="changed URL"

  4. 更改
  5. <intercept-url pattern="changed URL"

  6. 更改
  7. 并在filterProcessesUrl中添加value="changed url" ClientCredentialsTokenEndpointFilter属性。