有一个具有以下配置的资源服务器:
@SpringBootApplication
@RestController
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ResourceServer extends SpringBootServletInitializer {
@Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(ResourceServer.class);
}
public static void main(String[] args) {
SpringApplication.run(ResourceServer.class, args);
}
//@PreAuthorize("hasRole('ROLE_USER')")
@RequestMapping(value = "/user", method = RequestMethod.GET)
public Map<String, String> user(Principal user) {
OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) SecurityContextHolder.getContext().getAuthentication();
Authentication userAuthentication = oAuth2Authentication.getUserAuthentication();
return (Map<String, String>) userAuthentication.getDetails();
}
}
和
@Configuration
@EnableResourceServer
public class ResourcesServerConfiguration extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers(HttpMethod.GET, "/api/**").access("#oauth2.hasScope('read')");
}
@Primary
@Bean
public RemoteTokenServices tokenService() {
RemoteTokenServices tokenService = new RemoteTokenServices();
tokenService.setCheckTokenEndpointUrl("http://localhost:8081/auth/account/getDetailUser");
tokenService.setClientId("web");
tokenService.setClientSecret("secret");
return tokenService;
}
}
及其application.yml是:
spring:
datasource:
url: jdbc:oracle:thin:@192.168.192.131:1521:hamed
hikari:
connection-test-query: SELECT 1 FROM DUAL
minimum-idle: 1
maximum-pool-size: 5
driver-class-name: oracle.jdbc.OracleDriver
username: test
password: test
initialization-mode: always
jpa:
hibernate:
ddl-auto: none
database-platform: org.hibernate.dialect.Oracle12cDialect
logging:
level:
org.springframework.security: DEBUG
server:
port: 8083
context-path: /micro1
security:
basic:
enabled: false
oauth2:
client:
clientId: web
clientSecret: secret
accessTokenUri: http://localhost:8081/auth/oauth/token
userAuthorizationUri: http://localhost:8081/auth/oauth/authorize
resource:
userInfoUri: http://localhost:8081/auth/account/getDetailUser
有必要提及的是,流程是Authorization_code,并且在UAA中具有JDBC令牌存储,并且Spring Boot的版本是1.5.8.RELEASE
用户被重定向到UAA并成功登录,并使用代码重定向到客户端。到目前为止,一切都还可以,但是当我向资源服务器请求时,我想像这样获得经过身份验证的用户的所有权限:
@RequestMapping(value = "/user", method = RequestMethod.GET)
public Map<String, String> user(Principal user) {
OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) SecurityContextHolder.getContext().getAuthentication();
Authentication userAuthentication = oAuth2Authentication.getUserAuthentication();
return (Map<String, String>) userAuthentication.getDetails();
}
引发以下异常:
java.lang.ClassCastException: org.springframework.security.authentication.AnonymousAuthenticationToken 无法投射到 org.springframework.security.oauth2.provider.OAuth2Authentication
哪里出问题了,资源服务器中丢失了什么配置?
答案 0 :(得分:0)
您可以使用类似的代码
pkg_path