我有一个Spring Boot应用程序,正在尝试通过Microsoft Azure(Office 365)登录进行安全保护。
通过Active Directory门户登录后,我将按预期重定向到我的应用程序,但没有身份验证。如下面的链接所示,我似乎正在找回授权代码。
我的安全性配置为
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
@Autowired
private OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService;
private TokenExtractor tokenExtractor = new BearerTokenExtractor();
@Override
protected void configure(HttpSecurity http) throws Exception
{
http.addFilterAfter(new OncePerRequestFilter() {
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain
filterChain)
throws ServletException, IOException {
// We don't want to allow access to a resource with no token so clear
// the security context in case it is actually an OAuth2Authentication
if (tokenExtractor.extract(request) == null) {
SecurityContextHolder.clearContext();
}
filterChain.doFilter(request, response);
}
}, AbstractPreAuthenticatedProcessingFilter.class);
http
.authorizeRequests()
.antMatchers("/login/**", "/webjars/**", "/resources/**", "/files/**",
"/access_token",
"/refresh/access_token","/auth_server/config", "/oauth2code").permitAll()
.anyRequest()
.authenticated()
.and()
.oauth2Login().redirectionEndpoint().baseUri("/")
.and()
.loginPage("/login");
}
在尝试了很多其他方面而没有取得进展之后,我正在使用此github链接作为指南。