我正在尝试使用Spring security oauth进行oauth2身份验证。
我已经将OAuth2ClientAuthenticationProcessingFilter插入到我的安全配置中,并且使用AuthorizationCodeResourceDetails我正在检索授权代码,但Oauth流程已损坏,我无法获取access_token。
这是我的配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
/**
* Moved from com.myscript.backend.configuration.WebApp.java
* https://stackoverflow.com/questions/20863489/characterencodingfilter-dont-work-together-with-spring-security-3-2-0 *
*/
CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter();
characterEncodingFilter.setEncoding("UTF-8");
characterEncodingFilter.setForceEncoding(true);
http.addFilterBefore(characterEncodingFilter, CsrfFilter.class);
String key = "**************************";
ApiPersistentTokenBasedRememberMeServices rememberMeServices = new ApiPersistentTokenBasedRememberMeServices(key, userDetailsService, adminTokenRepository);
// @formatter:off
http
.exceptionHandling()
.authenticationEntryPoint(new Http403ForbiddenEntryPoint())
.and()
.csrf().disable()
.rememberMe()
.rememberMeServices(rememberMeServices)
.tokenRepository(adminTokenRepository)
.key(key)
.userDetailsService(userDetailsService)
.and()
.addFilterAfter(oauth2ClientContextFilter, SecurityContextPersistenceFilter.class)
.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class)
.formLogin()
.loginProcessingUrl("/**/authentication/login*")
.usernameParameter("email")
.passwordParameter("password")
.successHandler(new RestAuthenticationSuccessHandler())
.failureHandler(new RestAuthenticationFailureHandler())
.permitAll()
.and()
.logout()
.invalidateHttpSession(true)
.logoutSuccessHandler(new LogoutSuccessHandler() {
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
response.setStatus(HttpServletResponse.SC_OK);
}
})
.logoutRequestMatcher(new AntPathRequestMatcher("/**/authentication/logout*"))
.permitAll()
.and()
.authorizeRequests()
.antMatchers("/authentication/**", ...)
.permitAll()
.anyRequest()
.authenticated()
.and()
.anonymous();
// @formatter:on
}
private Filter ssoFilter() {
OAuth2ClientAuthenticationProcessingFilter ssoFilter = new OAuth2ClientAuthenticationProcessingFilter("/**/authentication/login/sso");
final OAuth2RestTemplate template = new OAuth2RestTemplate(sso());
ssoFilter.setRestTemplate(template);
return ssoFilter;
}
@Bean
protected OAuth2ProtectedResourceDetails sso() {
AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
details.setId("sso");
details.setClientId("*******");
details.setClientSecret("*******");
details.setAccessTokenUri("http://sso.test.com/oauth/token");
details.setUserAuthorizationUri("http://sso.test.com/oauth/authorize");
details.setPreEstablishedRedirectUri("http://localhost:8894/api/v3.0/admin/authentication/login/sso");
details.setScope(Arrays.asList("read", "write"));
details.setUseCurrentUri(false);
return details;
}
至少我被重定向到:http://localhost:8894/api/v3.0/admin/authentication?code=YjMXjl&state=ktv3am#