每个访问令牌登录和正常形式的登录均不起作用

时间:2019-03-26 09:05:57

标签: spring-security login access-token spring-security-oauth2

我尝试以不同的方式保护我的应用程序。 1:应通过oauth-token保护api-part(/ api / **) 第二:其他部分应使用用户名和密码通过常规形式登录进行保护。

使用WebSecurityConfig,我可以保护api部分。但是对于普通的Route / user,将显示表单登录,但是在提交登录凭证后什么也没有发生。

我希望您能给我一个提示,我在做什么错了?

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, proxyTargetClass = true)
public class WebSecurityConfig {


    @Configuration
    @Order(1)
    @EnableResourceServer
    public static class ApiWebSecurityConfig extends ResourceServerConfigurerAdapter {

        @Value("${security.signing-key}")
        private String signingKey;

        @Value("${security.encoding-strength}")
        private Integer encodingStrength;

        @Value("${security.security-realm}")
        private String securityRealm;

        @Value("${security.jwt.resource-ids}")
        private String resourceIds;

        @Autowired
        private ResourceServerTokenServices tokenServices;


        @Override
        public void configure(HttpSecurity http) throws Exception {
            http.antMatcher("/api/**").authorizeRequests()
            .antMatchers("/oauth/token").permitAll();

        }

        @Override
        public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
            resources.resourceId(resourceIds).tokenServices(tokenServices);
        }

        @Bean
        public JwtAccessTokenConverter accessTokenConverter() {
            JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
            converter.setSigningKey(signingKey);
            return converter;
        }

        @Bean
        public TokenStore tokenStore() {
            return new JwtTokenStore(accessTokenConverter());
        }

        @Bean
        @Primary 
        public DefaultTokenServices tokenServices() {
            DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
            defaultTokenServices.setTokenStore(tokenStore());
            defaultTokenServices.setSupportRefreshToken(true);
            return defaultTokenServices;
        }
    }

    @Configuration
    @Order(2)
    public static class FormWebSecurityConfig extends WebSecurityConfigurerAdapter {
        private static final String LOGIN_PROCESSING_URL = "/login";
        private static final String LOGIN_FAILURE_URL = "/login?error";
        private static final String LOGIN_URL = "/login";
        private static final String LOGOUT_SUCCESS_URL = "/logout";
        private static final String LOGIN_SUCCESS_URL = "/user";


        @Autowired
        private PasswordEncoder passwordEncoder;

        @Autowired
        private UserDetailsService userDetailsService;

        @Override
        protected void configure(HttpSecurity http) throws Exception {
             http .antMatcher("/user").requestCache().requestCache(new
              CustomRequestCache())

              // Restrict access to our application. 
              .and().authorizeRequests()

              // Allow all flow internal requests.
              .requestMatchers(SecurityUtils::isFrameworkInternalRequest).permitAll()

              // Allow all requests by logged in users.
              .anyRequest().hasAnyAuthority(Role.getAllRoles())

              // Configure the login page.
              .and().formLogin().loginPage(LOGIN_URL).permitAll().loginProcessingUrl(
              LOGIN_PROCESSING_URL) .failureUrl(LOGIN_FAILURE_URL)

              // Register the success handler that redirects users to the page they last
              //tried // to access 
              .successHandler(new
              SavedRequestAwareAuthenticationSuccessHandler())
              .defaultSuccessUrl(LOGIN_SUCCESS_URL,true)

              // Configure logout 
              .and().logout().logoutSuccessUrl(LOGOUT_SUCCESS_URL);


        }


        @Override
        public void configure(WebSecurity web) throws Exception {
            web.ignoring().antMatchers(

                    //icons and images...
        }


        @Bean
        public PasswordEncoder passwordEncoder() {
            return new BCryptPasswordEncoder();
        }

        @Bean
        @Scope(ConfigurableBeanFactory.SCOPE_PROTOTYPE)
        public User currentUser(UserRepository userRepository) {
            return userRepository.findByEmailIgnoreCase(SecurityUtils.getUsername());
        }

        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            super.configure(auth);
            auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
            // auth.userDetailsService(userDetailsService);
        }

        @Bean()
        @Override
        public AuthenticationManager authenticationManagerBean() throws Exception {
            return super.authenticationManagerBean();
        }

    }

}

0 个答案:

没有答案