我正在使用OAuth2集成进行Spring REST,下面是详细信息:
春季:4.3.0
春季安全性:4.1.0
Sping OAuth:2.3.0
JDK 1.6
已在Tomcat 7.0和Websphere 7中部署。
我能够部署项目,也能够访问资源。但是OAuth无法正常工作。在不传递令牌etccc的情况下,我可以从REST服务获得响应。
控制器: https://gist.github.com/nareshnaredla2424/803b4e3aa0428ecbd36aacd86d47d7c6
AuthorizationServerConfigurerAdapter: https://gist.github.com/nareshnaredla2424/3e9baf2c895045db8b71b57b129392fd
ResourceServerConfigurerAdapter: https://gist.github.com/nareshnaredla2424/2de1fa631fc172b5d2cb2ccab80cb209
WebSecurityConfigurerAdapter: https://gist.github.com/nareshnaredla2424/66473b3e7644bf3fbdcf783a8e73a191
GlobalMethodSecurityConfiguration: https://gist.github.com/nareshnaredla2424/799d9153a1413aecbd49243fe2275dc5
AbstractAnnotationConfigDispatcherServletInitializer: https://gist.github.com/nareshnaredla2424/b64a424ee0f98050e3d5c6c58fa53e27
WebMvcConfigurerAdapter: https://gist.github.com/nareshnaredla2424/b66c35efbafdc8a64843d78455dc8d92
几天后我将面对这个问题。
任何人都可以帮助我解决此问题。
谢谢。
答案 0 :(得分:0)
尝试一些更改:
在OAuth2ResourceServerConfig类中,删除方法:
public void configure(HttpSecurity http) throws Exception,该类将如下所示:
@Configuration
@EnableResourceServer
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {
private static final String RESOURCE_ID = "SPRING_REST_API";
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.resourceId(RESOURCE_ID).stateless(false);
}
}
在OAuth2SecurityConfig类中,更新方法:
通过添加protected void configure(HttpSecurity http)来 antMatchers("/**").authenticated():
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.anonymous().disable()
.authorizeRequests()
.antMatchers("/oauth/token").permitAll()
.antMatchers("/**").authenticated();
}