Spring Security OAuth2 SSO未经授权的401错误

时间:2019-03-19 11:04:26

标签: spring spring-boot spring-security oauth-2.0 single-sign-on

我对Spring Security和OAuth2 SSO特别陌生。

我目前正在尝试通过此示例Spring Boot OAuth2教程进行测试和学习: https://spring.io/guides/tutorials/spring-boot-oauth2/

我可以使用类似的application.yml设置登录:

import numpy as np
import plotly.graph_objs as go
from plotly.offline import download_plotlyjs, init_notebook_mode, plot, iplot
init_notebook_mode(connected=True)
import plotly.figure_factory as ff

#%qtconsole

z = np.random.randint(0,6, size=(10, 10))
z_text = np.full(z.shape, '', dtype=str)

d = {0:'a', 1:'b', 2:'c', 3:'d', 4:'e', 5:'f'}
class_mat = np.vectorize(d.get)(z)

fig = ff.create_annotated_heatmap(z, annotation_text=z_text, text=class_mat, hoverinfo='text', colorscale='Viridis', )
fig.layout.title = 'Semantic Segmentation'

# My suggestions:
fig.data[0]['hoverinfo'] = 'all'
fig['layout']['yaxis']['scaleanchor']='x'
fig['layout']['xaxis']['gridcolor'] = 'rgba(0, 0, 0, 0)'
fig['layout']['yaxis']['gridcolor'] = 'rgba(0, 0, 0, 0)'
fig['layout']['yaxis']['color'] = 'rgba(0, 0, 0, 0)'

iplot(fig)

这是我的pom.xml:

security:
 oauth2:
  client:
   clientId: 233668646673605
   clientSecret: 33b17e044ee6a4fa383f46ec6e28ea1d
   accessTokenUri: https://graph.facebook.com/oauth/access_token
   userAuthorizationUri: https://www.facebook.com/dialog/oauth
   tokenName: oauth_token
   authenticationScheme: query
   clientAuthenticationScheme: form
resource:
  userInfoUri: https://graph.facebook.com/me

这是还启用了OAuth2SSO以及安全和休息控制器的主要类:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>2.1.3.RELEASE</version>
    <relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.sao.social.apps</groupId>
<artifactId>SocialApplication</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>SocialApplication</name>
<description>OAuth2 Login With Spring Boot</description>

<properties>
    <java.version>1.8</java.version>
</properties>

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-test</artifactId>
        <scope>test</scope>
    </dependency>
            <dependency>
            <groupId>org.springframework.security.oauth.boot</groupId>
            <artifactId>spring-security-oauth2-autoconfigure</artifactId>
            <version>2.1.1.RELEASE</version>
            </dependency>
            <dependency>
            <groupId>org.webjars</groupId>
            <artifactId>jquery</artifactId>
            <version>2.1.1</version>
    </dependency>
    <dependency>
            <groupId>org.webjars</groupId>
            <artifactId>bootstrap</artifactId>
            <version>3.2.0</version>
    </dependency>
    <dependency>
            <groupId>org.webjars</groupId>
            <artifactId>webjars-locator-core</artifactId>
    </dependency>
    <dependency>
        <groupId>org.webjars</groupId>
        <artifactId>js-cookie</artifactId>
        <version>2.1.0</version>
    </dependency>
</dependencies>

<build>
    <plugins>
        <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
        </plugin>
    </plugins>
</build>

最后是视图:index.html:

@SpringBootApplication
    @EnableOAuth2Sso
    @RestController
    public class SocialApplication extends WebSecurityConfigurerAdapter  {
    @RequestMapping("/user")
       public Principal user(Principal principal) {
       return principal;
      }
      @Override
      protected void configure(HttpSecurity httpSec) throws Exception{
         httpSec
         .antMatcher("/**")
         .authorizeRequests()
              .antMatchers("/", "/login**", "/webjars/**", "/error**")
              .permitAll()
         .anyRequest()
              .authenticated()
              .and().logout().logoutSuccessUrl("/").permitAll()
        .and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
  }
   public static void main(String[] args) {
        SpringApplication.run(SocialApplication.class, args);
    }

}

我的主要挑战是我可以使用Facebook(在这种情况下为授权服务器)登录,但是当我重定向到localhost:8080 / login时,我总是会收到 401未经授权的错误< / strong>,而不是向我显示在view-index.html中按预期方式成功进行身份验证和登录的用户名。我还需要在Facebook上设置其他内容吗,或者我在Spring上缺少内容吗?

谢谢!

2 个答案:

答案 0 :(得分:0)

请确保SocialApplication类的包与其他包处于同一级别,主类的@SpringBootApplication注释可能没有扫描其组件。

这是我的解决方案。

答案 1 :(得分:0)

我也正在关注本教程,并且遇到相同的问题。更新到Java 11之后,问题消失了,并且显示了“ loggend as” div。