我正在研究OAUTH2 spring安全性,我应该从客户端UI点击http://localhost:8082/ui - REST端点,登录到auth服务器{{3后将带我到安全URI http://localhost:8082/secure }}
但是,在点击客户端用户界面http://localhost:8081/auth/login后,它直接将我带到http://localhost:8082/ui,而不是提示登录页面。并在安全页面" anonymousUser"返回值。
我正在下面共享我的客户端和服务器,返回的值是"欢迎登录用户!== anonymousUser"。 如果我做错了,任何帮助都会非常感激。
我的客户端配置
@EnableOAuth2Sso
@Configuration
@EnableWebSecurity
public class OauthConfig extends WebSecurityConfigurerAdapter {
@Autowired
private OAuth2ClientContextFilter oauth2ClientContextFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/**")
.permitAll()
.antMatchers("/", "/login/**")
.permitAll()
.anyRequest()
.authenticated().and()
.httpBasic().and().addFilterAfter(oauth2ClientContextFilter, SecurityContextPersistenceFilter.class);
}
@Bean
protected OAuth2RestTemplate OAuth2RestTemplate(
OAuth2ProtectedResourceDetails resource, OAuth2ClientContext context) {
return new OAuth2RestTemplate(resource, context);
}
}
application.yml
server:
port: 8082
servlet:
context-path: /ui
session:
cookieName: UISESSION
security:
oauth2:
client:
clientId: ClientId
clientSecret: secret
accessTokenUri: http://localhost:8081/auth/oauth/token
userAuthorizationUri: http://localhost:8081/auth/oauth/authorize
scope: openid
resource:
userInfoUri: http://localhost:8081/auth/rest/hello/principal
preferTokenInfo: false
application.properties
spring.thymeleaf.cache= false
spring.mvc.view.prefix=/
spring.mvc.view.suffix=.html
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
server.port= 8082
server.servlet.session.cookie.name=UISESSION
spring.thymeleaf.mode=LEGACYHTML5
management.endpoints.web.expose=*
服务器端授权服务器
@Configuration
@EnableAuthorizationServer
public class AuthorisationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
// TODO Auto-generated method stub
//security.allowFormAuthenticationForClients();
security.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient("ClientId")//.authorities("ROLE_ADMIN")
.secret("{noop}secret")
.authorizedGrantTypes("authorization_code").scopes("user_info").autoApprove(true);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
// TODO Auto-generated method stub
endpoints.authenticationManager(authenticationManager);
}
}
提供辅助资源服务器
@EnableResourceServer
@Configuration
@Order(1000)
public class ResourceServerConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private UserDetailsService customUserDetailsService;
@Autowired
public ResourceServerConfig(AuthenticationManager authenticationManager,
CustomUserDetailsService customUserDetailsService) {
this.authenticationManager = authenticationManager;
this.customUserDetailsService = customUserDetailsService;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.requestMatchers().antMatchers("/login","/oauth/authorize").and().authorizeRequests()
.anyRequest().authenticated().and().formLogin().permitAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.parentAuthenticationManager(authenticationManager).
userDetailsService(customUserDetailsService);
}
}
服务器端服务
@Service
public class CustomUserDetailsService implements UserDetailsService{
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
// TODO Auto-generated method stub
Optional<Users> userOptional= userRepository.findByName(username);
userOptional.orElseThrow(() -> new UsernameNotFoundException("user not found"));
return userOptional.map(users -> new CustomUserDetails(users)).get();
}
}