从(1.5.10.RELEASE / Edgware.SR2)迁移到(2.0.5.RELEASE / Finchely)后,在我的AuthorizationServer上获得403访问被拒绝

时间:2018-10-10 03:14:01

标签: spring-boot spring-cloud spring-security-oauth2

上周从(1.5.10.RELEASE / Edgware.SR2)迁移到(2.0.5.RELEASE / Finchely)后,我再也无法请求我的AuthorizationServer。

这是我迁移后的新代码:

这是我在配置服务器中的配置:

eureka:
  instance:
    preferIpAddress: true
  client:
    registerWithEureka: true
    fetchRegistry: true
    serviceUrl:
      defaultZone: http://user:password@localhost:8761/eureka/

security:        
  basic:
    enabled: false
  oauth2:
    client-id: small-ads
    signing-key: $2a$10$fcAHmFLPjfoqdIyc/2lNvusOoztfIYx4Qsu.UsH06nNO2Q/Ws1gDi
    grant-type:
      password: password
      authorization-code: authorization_code
      refresh-token: refresh_token
    scope:
      web: web
      mobile: mobile
    resources-ids: 
      buy-sell: buy-sell
      gateway: gateway
      upload: upload
    access-token-validity-seconds: 120

#Setting logging levels
logging:
  level:
    org.springframework: DEBUG
    org.springframework.security: DEBUG
    com.smartmedia.smallads.cloud.oauth.server: DEBUG

这是我的SecurityConfig:

package com.smartmedia.smallads.cloud.oauth.server;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;

import com.smartmedia.smallads.cloud.oauth.server.service.UserServiceImpl;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    @Override
    protected AuthenticationManager authenticationManager() throws Exception {
        return super.authenticationManager();
    }

    @Bean
    public UserDetailsService userDetailsService() {
        return new UserServiceImpl();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/oauth/token", "/oauth/authorize", "/oauth/confirm_access").permitAll()
                .anyRequest().authenticated().and().csrf().disable().cors();
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers(HttpMethod.OPTIONS);
    }

}

这是我的ServersConfig:

package com.smartmedia.smallads.cloud.oauth.server;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;

@EnableAuthorizationServer
@Configuration
public class ServersConfig extends AuthorizationServerConfigurerAdapter {

    @Value("${security.oauth2.client-id}")
    private String clientId;
    @Value("${security.oauth2.signing-key}")
    private String signingKey;
    @Value("${security.oauth2.grant-type.password}")
    private String grantTypePassword;
    @Value("${security.oauth2.grant-type.authorization-code}")
    private String grantTypeAuthorizationCode;
    @Value("${security.oauth2.grant-type.refresh-token}")
    private String grantTypeRefreshToken;
    @Value("${security.oauth2.scope.web}")
    private String scopeWeb;
    @Value("${security.oauth2.scope.mobile}")
    private String scopeMobile;
    @Value("${security.oauth2.resources-ids.buy-sell}")
    private String resourcesIdBuySell;
    @Value("${security.oauth2.resources-ids.gateway}")
    private String resourcesIdGateway;
    @Value("${security.oauth2.resources-ids.upload}")
    private String resourcesIdUpload;
    @Value("${security.oauth2.access-token-validity-seconds}")
    private String accessTokenValiditySeconds;

    @Autowired
    private AuthenticationManager authenticationManager;

    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        converter.setSigningKey(signingKey);
        return converter;
    }

    @Bean
    public TokenStore tokenStore() {
        return new JwtTokenStore(accessTokenConverter());
    }

    @Bean
    public DefaultTokenServices tokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        defaultTokenServices.setSupportRefreshToken(true);
        return defaultTokenServices;
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer configurer) throws Exception {
        configurer.inMemory().withClient(clientId).secret(signingKey).autoApprove(true)
                .authorizedGrantTypes(grantTypeAuthorizationCode, grantTypePassword, grantTypeRefreshToken)
                .scopes(scopeWeb, scopeMobile).resourceIds(resourcesIdBuySell, resourcesIdGateway, resourcesIdUpload);
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.tokenStore(tokenStore()).accessTokenConverter(accessTokenConverter())
                .authenticationManager(authenticationManager);
    }

    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        System.out.println("password encrypted 123456: " + new BCryptPasswordEncoder().encode("123456") );
        System.out.println("password encrypted password: " + new BCryptPasswordEncoder().encode("password") );
        System.out.println("password decrypted password: " + new BCryptPasswordEncoder().matches("password", "$2a$10$WvV9OvIbs6iAjsARi7BJFOaIGENsopxJSS5WVJyjkW4M2GFoC4XUO") );

        return new BCryptPasswordEncoder();
    }

}

这是我的CorsConfig:

package com.smartmedia.smallads.cloud.oauth.server;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

@Configuration
public class CorsConfig {

    @Bean
    public CorsFilter corsFilter() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = new CorsConfiguration();
        config.setAllowCredentials(true);
        config.addAllowedOrigin("*");
        config.setMaxAge(3600L);
        config.addAllowedHeader("*");
        config.addAllowedMethod("*");
        source.registerCorsConfiguration("/**", config);
        return new CorsFilter(source);
    }

}

这是我的POM:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.smart-media.small-ads</groupId>
    <artifactId>small-ads-cloud-oauth-server</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <packaging>jar</packaging>

    <name>small-ads-cloud-oauth-server</name>
    <description>Small ads cloud oauth server</description>

    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.0.5.RELEASE</version>
        <relativePath /> <!-- lookup parent from repository -->
    </parent>

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <java.version>1.8</java.version>
        <spring-cloud.version>Finchley.RELEASE</spring-cloud.version>
    </properties>

    <dependencies>

        <!-- Cloud config and ops -->
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-config</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-config-client</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-actuator</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
            <scope>runtime</scope>
        </dependency>
        <!-- Cloud config and ops -->

        <!-- Eureka client -->
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
        </dependency>
        <!-- Eureka client -->

        <!-- Circuit breaker -->
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-netflix-hystrix</artifactId>
        </dependency>
        <!-- Circuit breaker -->

        <!-- Feign client -->
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-openfeign</artifactId>
        </dependency>
        <!-- Feign client -->

        <!-- Cloud security -->
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-security</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.security.oauth.boot</groupId>
            <artifactId>spring-security-oauth2-autoconfigure</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-oauth2</artifactId>
        </dependency>
        <!-- Cloud security -->

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-mongodb</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.springframework.cloud</groupId>
                <artifactId>spring-cloud-dependencies</artifactId>
                <version>${spring-cloud.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>


</project>

这是我用来获取令牌的卷曲:

curl small-ads:123456@localhost:8901/uaa/oauth/token -d grant_type=password -d username=user -d password=password

0 个答案:

没有答案