Question

目前，我正在与Angularjs一起开发Spring OAuth2安全项目。我正在使用oauth服务器获取令牌，并且我正在解析为标头但是当我尝试重定向到主页时，我被＃34抛出;需要完全身份验证才能访问此资源＆＃34 ;但我插入并且客户端服务器提供匿名用户并拒绝访问。

@Configuration
@EnableWebSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {

    web
            .ignoring()
            .antMatchers("/login.html")
            .antMatchers("/js/**")
            .antMatchers("/css/**")
            .antMatchers("/metronic/css/**")
            .antMatchers("/metronic/js/**")
            .antMatchers("/metronic/image/**")
            .antMatchers("/image/**")
            .antMatchers("/language/**")
            .antMatchers("/404.html")
            .antMatchers("/logout")
            .antMatchers("/kilitEkrani.html")
            .antMatchers("/metronic/css/fonts/**")
            .antMatchers("/metronic/fonts/**");

}

@Override
public void configure(HttpSecurity http) throws Exception {

    http.authorizeRequests().antMatchers("/css/**", "/metronic/css/**").permitAll()
            .and().authorizeRequests().antMatchers("/metronic/image/**", "/image/**", "/metronic/css/fonts/**", "/metronic/fonts/**").permitAll()
            .and().authorizeRequests().antMatchers("/js/**", "/metronic/js/**").permitAll()
            .and().httpBasic().and().authorizeRequests()
            .antMatchers("/login.html", "/language/**", "/api/kullanici/user", "/logout", "/kilitEkrani.html", "/404.html").permitAll()
            .anyRequest().authenticated().and()
            .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class).csrf().csrfTokenRepository(csrfTokenRepository()).and()
            .logout()
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/login.html")
            .permitAll().and().csrf().disable();
}

private Filter csrfHeaderFilter() {
    return new OncePerRequestFilter() {
        @Override
        protected void doFilterInternal(HttpServletRequest request,
                HttpServletResponse response, FilterChain filterChain)
                throws ServletException, IOException {
            CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class
                    .getName());
            if (csrf != null) {
                Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
                String token = csrf.getToken();
                if (cookie == null || token != null
                        && !token.equals(cookie.getValue())) {
                    cookie = new Cookie("XSRF-TOKEN", token);
                    cookie.setPath("/");
                    response.addCookie(cookie);
                }
            }
            filterChain.doFilter(request, response);
        }
    };
}

private CsrfTokenRepository csrfTokenRepository() {
    HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
    repository.setHeaderName("X-XSRF-TOKEN");
    return repository;
}
}

这是我的安全配置。我错过了什么吗？请帮忙......

Answer 1

我认为问题在于您在auth服务器中使用基本身份验证。您可以尝试禁用基本身份验证并使用表单身份验证。

Spring Oauth2 Angularjs登录不是Woking

1 个答案: