Oauth 2.0配置与Spring Security冲突

时间:2016-11-17 11:26:39

标签: spring spring-mvc spring-security oauth-2.0 spring-java-config

我正在尝试使用Spring Security配置Oauth2。但是我的Oauth配置与Spring Security配置冲突。

资源服务器配置似乎不仅限于/api/v0/.*,而是覆盖所有安全配置。资源服务器运行良好。但是我使用Spring Security进行基于表单的身份验证并不起作用 - 它返回HTTP 404错误。

我的 WebSecurityConfigurerAdapter

中有以下代码 
@Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/admin/**").access("hasRole('ADMINISTRATOR')")
                .antMatchers("/1/admin/**").access("hasRole('ADMINISTRATOR')")
                .antMatchers("/profile**").authenticated()
                .antMatchers("/oauth/authorize").authenticated()

                .and()
                .formLogin()
                .loginPage("/login")
                .failureUrl("/login?error=1")
                .loginProcessingUrl("/login-attempt")
                .defaultSuccessUrl("/", false)

                .and()
                .csrf();
    }

这是我从 ResourceServerConfigurerAdapter

的配置 
@Override
        public void configure(HttpSecurity http) throws Exception {
            http
                    .authorizeRequests()
                    .regexMatchers("/api/v0/.*").authenticated();

        }

日志 

AntPathRequestMatcher:151 - Checking match of request : '/login-attempt'; against '/html/**'
AntPathRequestMatcher:151 - Checking match of request : '/login-attempt'; against '/webapi/**'
OrRequestMatcher:65 - Trying to match using Ant [pattern='/oauth/token']
AntPathRequestMatcher:151 - Checking match of request : '/login-attempt'; against '/oauth/token'
OrRequestMatcher:65 - Trying to match using Ant [pattern='/oauth/token_key']
AntPathRequestMatcher:151 - Checking match of request : '/login-attempt'; against '/oauth/token_key'
OrRequestMatcher:65 - Trying to match using Ant [pattern='/oauth/check_token']
AntPathRequestMatcher:151 - Checking match of request : '/login-attempt'; against '/oauth/check_token'
OrRequestMatcher:72 - No matches found
FilterChainProxy:324 - /login-attempt at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
FilterChainProxy:324 - /login-attempt at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
FilterChainProxy:324 - /login-attempt at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
HstsHeaderWriter:128 - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@2fa4c8cd
FilterChainProxy:324 - /login-attempt at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
AntPathRequestMatcher:151 - Checking match of request : '/login-attempt'; against '/logout'
FilterChainProxy:324 - /login-attempt at position 5 of 11 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'
BearerTokenExtractor:54 - Token not found in headers. Trying request parameters.
BearerTokenExtractor:57 - Token not found in request parameters.  Not an OAuth2 request.
OAuth2AuthenticationProcessingFilter:141 - No token in request, will continue chain.
FilterChainProxy:324 - /login-attempt at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
FilterChainProxy:324 - /login-attempt at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
FilterChainProxy:324 - /login-attempt at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
AnonymousAuthenticationFilter:100 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9056f12c: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 127.0.0.1;SessionId:672t27n01ruouli4a041a0xq;Granted Authorities: ROLE_ANONYMOUS'
FilterChainProxy:324 - /login-attempt at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
FilterChainProxy:324 - /login-attempt at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
FilterChainProxy:324 - /login-attempt at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
RegexRequestMatcher:106 - Checking match of request : '/login-attempt'; against '/api/v0/.*'
FilterSecurityInterceptor:209 - Public object - authentication not attempted
FilterChainProxy:309 - /login-attempt reached end of additional filter chain; proceeding with original chain

我做错了什么?提前谢谢!

1 个答案:

答案 0 :(得分:1)

不确定是否能解决您的问题。让我们试一试。 添加

@Order(1) 
@Order(2)

到您的配置类,然后重试。

相关问题
最新问题