我正在配置spring-security-oauth SSO,客户端将无需登录即重定向到授权服务器进行授权。使用授权代码成功授权后,将返回到客户端/ login路径。但是有一个401
我所有的版本都是官方最新版本。
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
<version>2.1.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth.boot</groupId>
<artifactId>spring-security-oauth2-autoconfigure</artifactId>
<version>2.1.0.RELEASE</version>
</dependency>
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Bean
public PasswordEncoder passwordEncoder() {
String idForEncode = "bcrypt";
Map encoders = new HashMap<>();
encoders.put(idForEncode, new BCryptPasswordEncoder());
encoders.put("noop", NoOpPasswordEncoder.getInstance());
encoders.put("pbkdf2", new Pbkdf2PasswordEncoder());
encoders.put("scrypt", new SCryptPasswordEncoder());
encoders.put("sha256", new StandardPasswordEncoder());
return new DelegatingPasswordEncoder(idForEncode, encoders);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("adm*****ent")
.secret(passwordEncoder().encode("d6****************7f99d"))
.authorizedGrantTypes("password", "authorization_code", "refresh_token", "client_credentials", "implicit")
.accessTokenValiditySeconds(7200)
.redirectUris("http://127.0.0.1:8080/login")
.autoApprove(true)
.scopes("all");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
endpoints.tokenStore(jwtTokenStore()).accessTokenConverter(jwtAccessTokenConverter());
endpoints.authenticationManager(authenticationManager);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
}
@Bean
public JwtAccessTokenConverter jwtAccessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey("87458");
return converter;
}
@Bean
public TokenStore jwtTokenStore() {
return new JwtTokenStore(jwtAccessTokenConverter());
}
}
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
@Bean(BeanIds.AUTHENTICATION_MANAGER)
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
@Bean
public UserDetailsService userDetailsService() {
return new InMemoryUserDetailsManager(User.withDefaultPasswordEncoder()
.username("admin").password("123456").roles("USER").build());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.csrf().disable();
}
}
server:
port: 9999
logging:
level: {org.springframework.security: DEBUG,net.sdake: debug}
spring:
redis:
database: 6
host: localhost
port: 6379
session:
store-type: redis
@EnableOAuth2Sso
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http
.authorizeRequests()
.antMatchers("/login","/login/**", "/logout","/error").permitAll()
.anyRequest()
.authenticated();
}
}
server:
port: 8080
logging:
level: {org.springframework.security: DEBUG,net.sdake: debug}
security:
oauth2:
client:
clientId: a********t
clientSecret: d609*******************fc7f99d
accessTokenUri: http://127.0.0.1:9999/oauth/token
userAuthorizationUri: http://127.0.0.1:9999/oauth/authorize
# client-authentication-scheme: form
scope: [all]
resource:
user-info-uri: http://127.0.0.1:9999/user
prefer-token-info: false
jwt:
key-uri: http://127.0.0.1:9999/oauth/token_key
sso:
login-path: /login
spring:
redis:
database: 6
host: localhost
port: 6379
session:
store-type: redis
Redis stores session object information picture
First login request information picture
/oauth/authorize request information picture
