使用@EnableOAuth2Client 的 OAuth2 客户端手动配置不起作用
Manual Configuration of OAuth2 Client using @EnableOAuth2Client not working
我正在按照官方 spring 文档中的 this 教程使用 @EnableOAuth2Client 手动配置 OAuth2 客户端。由于某种原因,它不起作用。当我 运行 应用程序并访问 http://localhost:8080/login 时,我看到基本表单登录而不是 Google 登录选项。 (由于我的用例,我需要使这个手动配置起作用。)
但是 @EnableOauth2Sso 代码在我不使用 OAuth2AuthenticationProcessingFilters 进行任何手动配置的情况下工作正常。在这种情况下,我在访问登录页面时获得 google 登录选项。有人可以帮帮我吗。我添加了以下代码:
这与 @EnableOAuth2Sso 一起使用,效果很好
@Configuration
@EnableWebSecurity
@EnableOAuth2Sso
@PropertySource({ "classpath:/oauth2.properties" })
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
OAuth2ClientContext oauth2ClientContext;
@Value("${security.oauth2.resource.userInfoUri}")
String userInfoUri;
@Value("${security.oauth2.client.clientId}")
String clientId;
@Bean
public RequestContextListener requestContextListener() {
return new RequestContextListener();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
// http.antMatcher("/**").addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
}
}
这是 @EnableOAuth2Client,它不起作用,我改为使用表单登录
@Configuration
@EnableWebSecurity
@EnableOAuth2Client
@PropertySource({ "classpath:/oauth2.properties" })
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
OAuth2ClientContext oauth2ClientContext;
@Value("${security.oauth2.resource.userInfoUri}")
String userInfoUri;
@Value("${security.oauth2.client.clientId}")
String clientId;
@Bean
public RequestContextListener requestContextListener() {
return new RequestContextListener();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.antMatcher("/**").addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
}
private Filter ssoFilter() {
OAuth2ClientAuthenticationProcessingFilter googleFilter = new OAuth2ClientAuthenticationProcessingFilter("/login");
OAuth2RestTemplate googleTemplate = new OAuth2RestTemplate(google(), oauth2ClientContext);
googleFilter.setRestTemplate(googleTemplate);
googleFilter.setTokenServices(new UserInfoTokenServices(googleResource().getUserInfoUri(), google().getClientId()));
return googleFilter;
}
@Bean
@ConfigurationProperties("security.oauth2.client")
public AuthorizationCodeResourceDetails google() {
return new AuthorizationCodeResourceDetails();
}
@Bean
@ConfigurationProperties("security.oauth2.resource")
public ResourceServerProperties googleResource() {
return new ResourceServerProperties();
}
@Bean
public FilterRegistrationBean oauth2ClientFilterRegistration(
OAuth2ClientContextFilter filter) {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(filter);
registration.setOrder(-100);
return registration;
}
}
我会说对 super.configure(http) 的调用可能是问题所在。
来自 javadoc:
Typically subclasses should not invoke this method by calling super as it may override their configuration."
我正在按照官方 spring 文档中的 this 教程使用 @EnableOAuth2Client 手动配置 OAuth2 客户端。由于某种原因,它不起作用。当我 运行 应用程序并访问 http://localhost:8080/login 时,我看到基本表单登录而不是 Google 登录选项。 (由于我的用例,我需要使这个手动配置起作用。)
但是 @EnableOauth2Sso 代码在我不使用 OAuth2AuthenticationProcessingFilters 进行任何手动配置的情况下工作正常。在这种情况下,我在访问登录页面时获得 google 登录选项。有人可以帮帮我吗。我添加了以下代码:
这与 @EnableOAuth2Sso 一起使用,效果很好
@Configuration
@EnableWebSecurity
@EnableOAuth2Sso
@PropertySource({ "classpath:/oauth2.properties" })
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
OAuth2ClientContext oauth2ClientContext;
@Value("${security.oauth2.resource.userInfoUri}")
String userInfoUri;
@Value("${security.oauth2.client.clientId}")
String clientId;
@Bean
public RequestContextListener requestContextListener() {
return new RequestContextListener();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
// http.antMatcher("/**").addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
}
}
这是 @EnableOAuth2Client,它不起作用,我改为使用表单登录
@Configuration
@EnableWebSecurity
@EnableOAuth2Client
@PropertySource({ "classpath:/oauth2.properties" })
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
OAuth2ClientContext oauth2ClientContext;
@Value("${security.oauth2.resource.userInfoUri}")
String userInfoUri;
@Value("${security.oauth2.client.clientId}")
String clientId;
@Bean
public RequestContextListener requestContextListener() {
return new RequestContextListener();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.antMatcher("/**").addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
}
private Filter ssoFilter() {
OAuth2ClientAuthenticationProcessingFilter googleFilter = new OAuth2ClientAuthenticationProcessingFilter("/login");
OAuth2RestTemplate googleTemplate = new OAuth2RestTemplate(google(), oauth2ClientContext);
googleFilter.setRestTemplate(googleTemplate);
googleFilter.setTokenServices(new UserInfoTokenServices(googleResource().getUserInfoUri(), google().getClientId()));
return googleFilter;
}
@Bean
@ConfigurationProperties("security.oauth2.client")
public AuthorizationCodeResourceDetails google() {
return new AuthorizationCodeResourceDetails();
}
@Bean
@ConfigurationProperties("security.oauth2.resource")
public ResourceServerProperties googleResource() {
return new ResourceServerProperties();
}
@Bean
public FilterRegistrationBean oauth2ClientFilterRegistration(
OAuth2ClientContextFilter filter) {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(filter);
registration.setOrder(-100);
return registration;
}
}
我会说对 super.configure(http) 的调用可能是问题所在。
来自 javadoc:
Typically subclasses should not invoke this method by calling super as it may override their configuration."