我试图将Spring OAuth2安全性添加到我的应用程序中以保护我的REST端点,即Spring RestControllers。目前我只是试图让基本的部分到位。但是,OAuth2提供程序的某些内容正在生成oauth2AuthorizationEndpoint bean方法的模糊映射。
我正在使用spring-security-web:3.2.8.RELEASE和pring-security-oauth2:2.0.7.RELEASE 在启动时,我收到以下错误:
java.lang.RuntimeException: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'oauth2HandlerMapping': Invocation of init method failed; nested exception is java.lang.IllegalStateException: Ambiguous mapping found. Cannot map 'authorizationEndpoint' bean method
public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map<java.lang.String, java.lang.Object>,java.util.Map<java.lang.String, java.lang.String>,org.springframework.web.bind.support.SessionStatus,java.security.Principal)
to {[/oauth/authorize],methods=[],params=[],headers=[],consumes=[],produces=[],custom=[]}: There is already 'oauth2AuthorizationEndpoint' bean method
我的配置是:
<security:http pattern="/api/**" entry-point-ref="oauth2EntryPoint"
access-decision-manager-ref="affirmativeBasedDecisionManager">
<security:intercept-url pattern="/api/mobile/survey/**" access="ROLE_CANVASSER"/>
<security:intercept-url pattern="/api/mobile/monitor/**" access="ROLE_MONITOR"/>
<security:intercept-url pattern="/api/**" access="ROLE_GEM_USER"/>
<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER"/>
<security:access-denied-handler ref="oauthAccessDeniedHandler"/>
</security:http>
<oauth:authorization-server
client-details-service-ref="gemUserClientDetailsService" token-services-ref="tokenServices">
<oauth:authorization-code />
<oauth:implicit/>
<oauth:refresh-token/>
<oauth:client-credentials />
<oauth:password authentication-manager-ref="authenticationManager"/>
</oauth:authorization-server>
<bean id="defaultOAuth2UserApprovalHandler" class="org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler"/>
<bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
<property name="accessTokenValiditySeconds" value="86400"/>
<property name="tokenStore" ref="tokenStore"/>
<property name="supportRefreshToken" value="true"/>
<property name="clientDetailsService" ref="gemUserClientDetailsService"/>
</bean>
<bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore"/>
<bean name="gemDetailsService" class="com.factgem.gem.security.AuthenticationProvider"/>
<bean id="oauth2EntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="gem"/>
</bean>
<bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler"/>
<bean id="roleVoterHierarchyVoter" class="org.springframework.security.access.vote.RoleHierarchyVoter">
<constructor-arg ref="roleHierarchy"/>
<property name="rolePrefix" value="ROLE"/>
</bean>
<bean id="webExpressionVoter" class="org.springframework.security.web.access.expression.WebExpressionVoter"/>
<bean id="webSecurityExpressionHandler"
class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler">
<property name="roleHierarchy" ref="roleHierarchy"/>
</bean>
<bean id="webExpressionHandler" class="org.springframework.security.web.access.expression.WebExpressionVoter">
<property name="expressionHandler">
<ref bean="webSecurityExpressionHandler"/>
</property>
</bean>
<bean id="authenticatedVoter" class="org.springframework.security.access.vote.AuthenticatedVoter"/>
<bean id="jsr250Voter" class="org.springframework.security.access.annotation.Jsr250Voter"/>
<bean id="affirmativeBasedDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
<constructor-arg>
<list>
<ref local="roleVoterHierarchyVoter"/>
<ref local="webExpressionVoter"/>
<ref local="authenticatedVoter"/>
<ref local="jsr250Voter"/>
</list>
</constructor-arg>
</bean>