问题
资源服务器请求check_token其未通过的授权令牌,该令牌由Spring Security实现。如何为/ check_token端点传递授权令牌?
我正在使用zuul作为api网关,并且所有请求仅通过zuul。 我创建了身份验证服务器(弹簧云项目)的身份验证服务器 并在下面给出了用于授权的代码,并且我向webSecurityConfigurationAdapter注册了authenticationManager 代码在下面给出
AuthorizationServerConfig.java
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
@Qualifier("userDetailsService")
private UserDetailsService userDetailsService;
@Autowired
private AuthenticationManager authenticationManager;
@Value("${config.oauth2.tokenTimeout}")
private int expiration;
@Value("${config.oauth2.privateKey}")
private String privateKey;
@Value("${config.oauth2.publicKey}")
private String publicKey;
@Autowired
private ClientDetailsService clientDetailsService;
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient("client")
.secret(passwordEncoder().encode("secret"))
.authorizedGrantTypes("client_credentials", "password", "refresh_token", "authorization_code")
.scopes("read", "write", "trust")
.accessTokenValiditySeconds(expiration)
.refreshTokenValiditySeconds(expiration);
}
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey(privateKey);
return converter;
}
@Bean
public JwtTokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
@Value("${filters.cors.allowed.origin}")
private String allowedOriginUrlForCordFilter;
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin(allowedOriginUrlForCordFilter);
//config.addAllowedOrigin("http://localhost:8080/");
config.addAllowedHeader("*");
config.addAllowedMethod("GET");
config.addAllowedMethod("PUT");
config.addAllowedMethod("POST");
config.addAllowedMethod("DELETE");
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
defaultTokenServices.setClientDetailsService(clientDetailsService);
defaultTokenServices.setSupportRefreshToken(true);
defaultTokenServices.setTokenEnhancer(accessTokenConverter());
return defaultTokenServices;
}
/**
* Defines the authorization and token endpoints and the token services
* @param endpoints
* @throws Exception
*/
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService)
.allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST)
.tokenStore(tokenStore())
.tokenServices(tokenServices())
.accessTokenConverter(accessTokenConverter());
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) {
security.checkTokenAccess("isAuthenticated()")
.allowFormAuthenticationForClients();
}
}
资源服务器另一个Spring Cloud项目,这基本上是我们的业务服务 为了进行进一步的通信,我需要授权令牌,该代码是通过使用我实现的过滤器实现的。
ResourceServerConfiguration.java
@Configuration
@EnableResourceServer
@EnableWebSecurity(debug = true)
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
// private static final Logger LOGGER =
// Logger.getLogger(ResourceServerConfiguration.class);
@Value("${config.oauth2.publicKey}")
private String publicKey;
@Value("${config.oauth2.privateKey}")
private String privateKey;
@Value("${config.oauth2.resource.id}")
private String resourceId;
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable().anonymous().disable().authorizeRequests()
// .antMatchers(HttpMethod.OPTIONS).permitAll()
// .antMatchers("/oauth/**").authenticated()
.antMatchers("/register/**").authenticated();
}
// @Override
// public void configure(ResourceServerSecurityConfigurer resources) {
// resources.resourceId(resourceId).tokenServices(tokenServices()).tokenStore(tokenStore());
// }
// @Bean
// @Primary
// public DefaultTokenServices tokenServices() {
// DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
// defaultTokenServices.setTokenStore(tokenStore());
// defaultTokenServices.setSupportRefreshToken(true);
// defaultTokenServices.setTokenEnhancer(accessTokenConverter());
// return defaultTokenServices;
// }
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey(privateKey);
return converter;
}
@Bean
public JwtTokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
@Primary
@Bean
public RemoteTokenServices tokenServices() {
final RemoteTokenServices tokenService = new RemoteTokenServices();
tokenService.setCheckTokenEndpointUrl("http://localhost:8765/auth/oauth/check_token/");
tokenService.setClientId("client");
tokenService.setClientSecret("secret");
//tokenService.setTokenName("");
// tokenService.setTokenStore(tokenStore());
// tokenService.setSupportRefreshToken(true);
tokenService.setAccessTokenConverter(accessTokenConverter());
return tokenService;
}
}
现在的问题是,当资源服务器请求check_token时,我可以传递授权令牌。