Spring 引导安全 OAuth2:WebSecurityConfigurerAdapter:302 重定向到 /error
Spring Boot Security OAuth2: WebSecurityConfigurerAdapter: 302 Redirect to /error
仅仅是一个空 WebSecurityConfigurerAdapter 的存在就毁了我应用程序的 OAuth2。
我得到
$ curl -i -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 27f9e2b7-4441-4c03-acdb-7e7dc358f783" -d '{"apiKey": "key", "tag": "tag"}' localhost:8080/isTagAvailable
HTTP/1.1 302
Location: http://localhost:8080/error
我期待的时候
$ curl -i -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 27f9e2b7-4441-4c03-acdb-7e7dc358f783" -d '{"apiKey": "key", "tag": "tag"}' localhost:8080/isTagAvailable
HTTP/1.1 401
{"error":"invalid_token","error_description":"Invalid access token: 27f9e2b7-4441-4c03-acdb-7e7dc358f783"}
我必须注释掉 ENTIRE class 才能使 Oauth2 正常工作。即使只是评论 configure 方法也不起作用。为什么?
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/robots.txt").permitAll()
.and()
.authorizeRequests()
.antMatchers("/isTagAvailable").hasRole("USER")
// .anyRequest().authenticated()
.and()
.httpBasic().disable();
}
}
I learned how to add security logging, but it didn't print out any useful information.
我扔掉了 @EnableWebSecurity 和 WebSecurityConfigurerAdapter,这完全破坏了应用程序。我认为他们需要访问我认为我需要的 HttpSecurity。我发现这个简单的新 class 将解决问题。
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
String[] ignoredPaths = new String[]{...};
@Override
public void configure(HttpSecurity http) throws Exception{
http.authorizeRequests()
.antMatchers(ignoredPaths).permitAll()
.anyRequest().authenticated()
.and()
.httpBasic();
}
仅仅是一个空 WebSecurityConfigurerAdapter 的存在就毁了我应用程序的 OAuth2。
我得到
$ curl -i -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 27f9e2b7-4441-4c03-acdb-7e7dc358f783" -d '{"apiKey": "key", "tag": "tag"}' localhost:8080/isTagAvailable
HTTP/1.1 302
Location: http://localhost:8080/error
我期待的时候
$ curl -i -X POST -H "Content-Type: application/json" -H "Authorization: Bearer 27f9e2b7-4441-4c03-acdb-7e7dc358f783" -d '{"apiKey": "key", "tag": "tag"}' localhost:8080/isTagAvailable
HTTP/1.1 401
{"error":"invalid_token","error_description":"Invalid access token: 27f9e2b7-4441-4c03-acdb-7e7dc358f783"}
我必须注释掉 ENTIRE class 才能使 Oauth2 正常工作。即使只是评论 configure 方法也不起作用。为什么?
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/robots.txt").permitAll()
.and()
.authorizeRequests()
.antMatchers("/isTagAvailable").hasRole("USER")
// .anyRequest().authenticated()
.and()
.httpBasic().disable();
}
}
I learned how to add security logging, but it didn't print out any useful information.
我扔掉了 @EnableWebSecurity 和 WebSecurityConfigurerAdapter,这完全破坏了应用程序。我认为他们需要访问我认为我需要的 HttpSecurity。我发现这个简单的新 class 将解决问题。
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
String[] ignoredPaths = new String[]{...};
@Override
public void configure(HttpSecurity http) throws Exception{
http.authorizeRequests()
.antMatchers(ignoredPaths).permitAll()
.anyRequest().authenticated()
.and()
.httpBasic();
}