ResourceService和WebSecurityConfigurerAdapter配置问题使用密码granttype for ouath2 spring boot

时间:2015-06-29 02:30:27

标签: spring-security-oauth2

Not able to call "/signup" post method using oauth2 configuration. Could you please let me know what wrong am doing?

我能够生成令牌但是要访问我需要提供标头令牌的单身网址。我希望singup url可以在不提供访问令牌的情况下访问任何人。

Below is my config for oauth2 resource server:
@Configuration
    protected static class ResourceServer extends WebSecurityConfigurerAdapter {


// configuration for httpsecurity
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            // @formatter:off   
            http
                .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**")))
                .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler())
            .and()
                .anonymous().disable()
                .csrf().disable()
                .exceptionHandling()
                    .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint())
                    .accessDeniedHandler(new OAuth2AccessDeniedHandler());
            // @formatter:on
        }

    }

// WebSecurityConfigurerAdapter
@Configuration 
//@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    @Autowired
    public UserDetailsService userDetailsService() {
        return new UserDetailsServiceImpl();
    }

    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    protected AccessDeniedHandler accessDeniedHandler() {
        return new OAuth2AccessDeniedHandler();
    }

    @Bean
    public AuthenticationEntryPoint authenticationEntryPoint() {
        return new OAuth2AuthenticationEntryPoint();
    }

    @Bean(name = "myAuthenticationManager")
    @Autowired
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/webjars/**", "/images/**",
                "/oauth/uncache_approvals", "/oauth/cache_approvals");
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService()).passwordEncoder(
                passwordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

//过滤出注册请求映射

         http
         .authorizeRequests().antMatchers("/signup").permitAll().and()
     // default protection for all resources (including /oauth/authorize)
         .authorizeRequests()
             .anyRequest().authenticated();
     // ... more configuration, e.g. for form login

    }
}

0 个答案:

没有答案