端点 /login/oauth2/code 消失,而 /oauth2/authorization 继续工作
Endpoint /login/oauth2/code disappear whereas /oauth2/authorization continue to work
配置自定义过滤器后,/login/oauth2/code/{registrationId} 不再显示,/oauth2/authorization/{reigstrationId} 仍然运行良好。 Spring 安全停止实施 /login/oauth2/code/{registrationId}
有什么建议吗?
我的 configure() 函数
http.
.antMatcher("/oauth2/authorization/**")
.addFilterBefore(
ValidationFilter(),
OAuth2AuthorizationRequestRedirectFilter::class.java
)
.oauth2Login()
.userInfoEndpoint()
.and()
.loginPage("/$AUTH_DEFAULT_SUCCESS_ROUTE/token")
.authorizationEndpoint()
.and()
.tokenEndpoint()
我的过滤器class
class ValidationFilter(private val configRepository:ConfigRepository) : OncePerRequestFilter() {
override fun doFilterInternal(
request: HttpServletRequest,
response: HttpServletResponse,
filterChain: FilterChain
) {
val registrationId = request.requestURI.split("/").last()
val findById = configRepository.findById(registrationId)
if (findById.isEmpty) {
response.sendError(
HttpStatus.NOT_FOUND.value(),
"$config is not registered"
)
} else {
filterChain.doFilter(request, response)
}
}
}
用日志更新
2021-09-13 11:52:00.039 DEBUG 5499 --- [nio-8094-exec-1] o.apache.catalina.valves.RemoteIpValve : Incoming request /login/oauth2/code/demo-auth with originalRemoteAddr [0:0:0:0:0:0:0:1], originalRemoteHost=[0:0:0:0:0:0:0:1], originalSecure=[false], originalScheme=[http], originalServerName=[localhost], originalServerPort=[8094] will be seen as newRemoteAddr=[0:0:0:0:0:0:0:1], newRemoteHost=[0:0:0:0:0:0:0:1], newSecure=[false], newScheme=[http], newServerName=[localhost], newServerPort=[8094]
2021-09-13 11:52:00.039 DEBUG 5499 --- [nio-8094-exec-1] o.a.c.authenticator.AuthenticatorBase : Security checking request GET /login/oauth2/code/demo-auth
2021-09-13 11:52:00.040 DEBUG 5499 --- [nio-8094-exec-1] org.apache.catalina.realm.RealmBase : No applicable constraints defined
2021-09-13 11:52:00.041 DEBUG 5499 --- [nio-8094-exec-1] o.a.c.a.jaspic.AuthConfigFactoryImpl : Loading persistent provider registrations from [/private/var/folders/px/pqfh3tdd5mz3fb0ck71241t00000gp/T/tomcat.8094.1488514718398247839/conf/jaspic-providers.xml]
2021-09-13 11:52:00.042 DEBUG 5499 --- [nio-8094-exec-1] o.a.c.authenticator.AuthenticatorBase : Not subject to any constraint
2021-09-13 11:52:00.049 DEBUG 5499 --- [nio-8094-exec-1] o.s.security.web.FilterChainProxy : Securing GET /login/oauth2/code/demo-auth?code=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb250ZXh0Ijp7Im5lZWRfcGF0aWVudF9iYW5uZXIiOmZhbHNlLCJzbWFydF9zdHlsZV91cmwiOiJodHRwczovL2xhdW5jaC5zbWFydGhlYWx0aGl0Lm9yZy9zbWFydC1zdHlsZS5qc29uIiwicGF0aWVudCI6Ijg3YTMzOWQwLThjYWUtNDE4ZS04OWM3LTg2NTFlNmFhYjNjNiIsImVuY291bnRlciI6IjQxOGUzOGNmLTlkYTYtNDE1NS1iMjA1LTBiZTI0MDI0YjFkYiJ9LCJjbGllbnRfaWQiOiJBbnkiLCJzY29wZSI6ImxhdW5jaCBvcGVuaWQgZmhpclVzZXIiLCJ1c2VyIjoiUGF0aWVudC84N2EzMzlkMC04Y2FlLTQxOGUtODljNy04NjUxZTZhYWIzYzYiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vbG9jYWxob3N0OjgwOTQvaW5kZXgiLCJpYXQiOjE2MzE1MjY2NjIsImV4cCI6MTYzMTUyNjk2Mn0.neurufjsALJMPlH1Kx-mjoz4GABUI05mQ46f48iUxcQ&state=eyJhbGciOiJub25lIn0.eyJrZXkiOiJZVWNncU8tMmZtZFRYcDVVNFM1VTVlR2RaYVc0UVpkRTU2aFJDSlZPZkJnPSIsImNsaWVudFJlZ2lzdHJhdGlvbklkIjoiZGVtby1hdXRoIn0.
2021-09-13 11:52:00.052 DEBUG 5499 --- [nio-8094-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2021-09-13 11:52:00.054 DEBUG 5499 --- [nio-8094-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2021-09-13 11:52:00.055 DEBUG 5499 --- [nio-8094-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Authorized public object filter invocation [GET /login/oauth2/code/demo-auth?code=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb250ZXh0Ijp7Im5lZWRfcGF0aWVudF9iYW5uZXIiOmZhbHNlLCJzbWFydF9zdHlsZV91cmwiOiJodHRwczovL2xhdW5jaC5zbWFydGhlYWx0aGl0Lm9yZy9zbWFydC1zdHlsZS5qc29uIiwicGF0aWVudCI6Ijg3YTMzOWQwLThjYWUtNDE4ZS04OWM3LTg2NTFlNmFhYjNjNiIsImVuY291bnRlciI6IjQxOGUzOGNmLTlkYTYtNDE1NS1iMjA1LTBiZTI0MDI0YjFkYiJ9LCJjbGllbnRfaWQiOiJBbnkiLCJzY29wZSI6ImxhdW5jaCBvcGVuaWQgZmhpclVzZXIiLCJ1c2VyIjoiUGF0aWVudC84N2EzMzlkMC04Y2FlLTQxOGUtODljNy04NjUxZTZhYWIzYzYiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vbG9jYWxob3N0OjgwOTQvaW5kZXgiLCJpYXQiOjE2MzE1MjY2NjIsImV4cCI6MTYzMTUyNjk2Mn0.neurufjsALJMPlH1Kx-mjoz4GABUI05mQ46f48iUxcQ&state=eyJhbGciOiJub25lIn0.eyJrZXkiOiJZVWNncU8tMmZtZFRYcDVVNFM1VTVlR2RaYVc0UVpkRTU2aFJDSlZPZkJnPSIsImNsaWVudFJlZ2lzdHJhdGlvbklkIjoiZGVtby1hdXRoIn0.]
2021-09-13 11:52:00.055 DEBUG 5499 --- [nio-8094-exec-1] o.s.security.web.FilterChainProxy : Secured GET /login/oauth2/code/demo-auth?code=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb250ZXh0Ijp7Im5lZWRfcGF0aWVudF9iYW5uZXIiOmZhbHNlLCJzbWFydF9zdHlsZV91cmwiOiJodHRwczovL2xhdW5jaC5zbWFydGhlYWx0aGl0Lm9yZy9zbWFydC1zdHlsZS5qc29uIiwicGF0aWVudCI6Ijg3YTMzOWQwLThjYWUtNDE4ZS04OWM3LTg2NTFlNmFhYjNjNiIsImVuY291bnRlciI6IjQxOGUzOGNmLTlkYTYtNDE1NS1iMjA1LTBiZTI0MDI0YjFkYiJ9LCJjbGllbnRfaWQiOiJBbnkiLCJzY29wZSI6ImxhdW5jaCBvcGVuaWQgZmhpclVzZXIiLCJ1c2VyIjoiUGF0aWVudC84N2EzMzlkMC04Y2FlLTQxOGUtODljNy04NjUxZTZhYWIzYzYiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vbG9jYWxob3N0OjgwOTQvaW5kZXgiLCJpYXQiOjE2MzE1MjY2NjIsImV4cCI6MTYzMTUyNjk2Mn0.neurufjsALJMPlH1Kx-mjoz4GABUI05mQ46f48iUxcQ&state=eyJhbGciOiJub25lIn0.eyJrZXkiOiJZVWNncU8tMmZtZFRYcDVVNFM1VTVlR2RaYVc0UVpkRTU2aFJDSlZPZkJnPSIsImNsaWVudFJlZ2lzdHJhdGlvbklkIjoiZGVtby1hdXRoIn0.
2021-09-13 11:52:00.057 DEBUG 5499 --- [nio-8094-exec-1] org.apache.tomcat.util.http.Parameters : Set encoding to UTF-8
2021-09-13 11:52:00.057 DEBUG 5499 --- [nio-8094-exec-1] org.apache.tomcat.util.http.Parameters : Decoding query null UTF-8
2021-09-13 11:52:00.057 DEBUG 5499 --- [nio-8094-exec-1] org.apache.tomcat.util.http.Parameters : Start processing with input [code=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb250ZXh0Ijp7Im5lZWRfcGF0aWVudF9iYW5uZXIiOmZhbHNlLCJzbWFydF9zdHlsZV91cmwiOiJodHRwczovL2xhdW5jaC5zbWFydGhlYWx0aGl0Lm9yZy9zbWFydC1zdHlsZS5qc29uIiwicGF0aWVudCI6Ijg3YTMzOWQwLThjYWUtNDE4ZS04OWM3LTg2NTFlNmFhYjNjNiIsImVuY291bnRlciI6IjQxOGUzOGNmLTlkYTYtNDE1NS1iMjA1LTBiZTI0MDI0YjFkYiJ9LCJjbGllbnRfaWQiOiJBbnkiLCJzY29wZSI6ImxhdW5jaCBvcGVuaWQgZmhpclVzZXIiLCJ1c2VyIjoiUGF0aWVudC84N2EzMzlkMC04Y2FlLTQxOGUtODljNy04NjUxZTZhYWIzYzYiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vbG9jYWxob3N0OjgwOTQvaW5kZXgiLCJpYXQiOjE2MzE1MjY2NjIsImV4cCI6MTYzMTUyNjk2Mn0.neurufjsALJMPlH1Kx-mjoz4GABUI05mQ46f48iUxcQ&state=eyJhbGciOiJub25lIn0.eyJrZXkiOiJZVWNncU8tMmZtZFRYcDVVNFM1VTVlR2RaYVc0UVpkRTU2aFJDSlZPZkJnPSIsImNsaWVudFJlZ2lzdHJhdGlvbklkIjoiZGVtby1hdXRoIn0.]
2021-09-13 11:52:00.057 DEBUG 5499 --- [nio-8094-exec-1] o.s.web.servlet.DispatcherServlet : GET "/login/oauth2/code/demo-auth?code=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb250ZXh0Ijp7Im5lZWRfcGF0aWVudF9iYW5uZXIiOmZhbHNlLCJzbWFydF9zdHlsZV91cmwiOiJodHRwczovL2xhdW5jaC5zbWFydGhlYWx0aGl0Lm9yZy9zbWFydC1zdHlsZS5qc29uIiwicGF0aWVudCI6Ijg3YTMzOWQwLThjYWUtNDE4ZS04OWM3LTg2NTFlNmFhYjNjNiIsImVuY291bnRlciI6IjQxOGUzOGNmLTlkYTYtNDE1NS1iMjA1LTBiZTI0MDI0YjFkYiJ9LCJjbGllbnRfaWQiOiJBbnkiLCJzY29wZSI6ImxhdW5jaCBvcGVuaWQgZmhpclVzZXIiLCJ1c2VyIjoiUGF0aWVudC84N2EzMzlkMC04Y2FlLTQxOGUtODljNy04NjUxZTZhYWIzYzYiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vbG9jYWxob3N0OjgwOTQvaW5kZXgiLCJpYXQiOjE2MzE1MjY2NjIsImV4cCI6MTYzMTUyNjk2Mn0.neurufjsALJMPlH1Kx-mjoz4GABUI05mQ46f48iUxcQ&state=eyJhbGciOiJub25lIn0.eyJrZXkiOiJZVWNncU8tMmZtZFRYcDVVNFM1VTVlR2RaYVc0UVpkRTU2aFJDSlZPZkJnPSIsImNsaWVudFJlZ2lzdHJhdGlvbklkIjoiZGVtby1hdXRoIn0.", parameters={masked}
2021-09-13 11:52:00.063 DEBUG 5499 --- [nio-8094-exec-1] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler [Classpath [META-INF/resources/], Classpath [resources/], Classpath [static/], Classpath [public/], ServletContext [/]]
2021-09-13 11:52:00.066 DEBUG 5499 --- [nio-8094-exec-1] o.s.w.s.r.ResourceHttpRequestHandler : Resource not found
2021-09-13 11:52:00.066 DEBUG 5499 --- [nio-8094-exec-1] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2021-09-13 11:52:00.066 DEBUG 5499 --- [nio-8094-exec-1] o.s.web.servlet.DispatcherServlet : Completed 404 NOT_FOUND
2021-09-13 11:52:00.067 DEBUG 5499 --- [nio-8094-exec-1] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2021-09-13 11:52:00.067 DEBUG 5499 --- [nio-8094-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2021-09-13 11:52:00.068 DEBUG 5499 --- [nio-8094-exec-1] o.a.c.c.C.[Tomcat].[localhost] : Processing ErrorPage[errorCode=0, location=/error]
更新我的其他发现。使用此设置:
.antMatcher("/oauth2/authorization/**")
.addFilterBefore(
ValidationFilter(),
OAuth2AuthorizationRequestRedirectFilter::class.java
)
.antMatcher( "/login/oauth2/code/**")
.addFilterBefore(
ValidationFilter(),
OAuth2AuthorizationRequestRedirectFilter::class.java
)
Then
"/oauth2/authorization/**" doesn't work anymore
我终于成功了。关键是/oauth2/authorization和/login/oauth2/code/都要配置antMatchers,否则如果你只配置一个端点,另一个端点会消失。
完整配置:
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI
@EnableWebSecurity
class MySecurityConfig {
@Configuration
@Order(1)
class MyWebSecurityConfigurerAdapter @Autowired constructor(
) : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
val validator = ValidationFilter()
http
.requestMatchers()
.antMatchers("$DEFAULT_AUTHORIZATION_REQUEST_BASE_URI/**", DEFAULT_FILTER_PROCESSES_URI)
.and()
.addFilterBefore(
validator,
OAuth2AuthorizationRequestRedirectFilter::class.java
)
.oauth2Login()
}
}
@Configuration
@Order(2)
class CommonWebSecurityConfigurerAdapter : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
http.headers().frameOptions().disable()
.and()
// REST API doesn't need csrf
.csrf().disable()
}
}
@Configuration
@Order(3)
class BasicAuthWebSecurityConfigurerAdapter : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
http
.authorizeRequests().antMatchers(
"/oauth2/v1/configs/**",
"/v1/token/validate/**"
)
.authenticated().and().httpBasic()
}
@Autowired
fun configureGlobal(auth: AuthenticationManagerBuilder) {
auth.inMemoryAuthentication()
.withUser(basicAuthUserName)
.password("{noop}$basicAuthPassword")
.roles("USER")
}
}
}
配置自定义过滤器后,/login/oauth2/code/{registrationId} 不再显示,/oauth2/authorization/{reigstrationId} 仍然运行良好。 Spring 安全停止实施 /login/oauth2/code/{registrationId}
有什么建议吗?
我的 configure() 函数
http.
.antMatcher("/oauth2/authorization/**")
.addFilterBefore(
ValidationFilter(),
OAuth2AuthorizationRequestRedirectFilter::class.java
)
.oauth2Login()
.userInfoEndpoint()
.and()
.loginPage("/$AUTH_DEFAULT_SUCCESS_ROUTE/token")
.authorizationEndpoint()
.and()
.tokenEndpoint()
我的过滤器class
class ValidationFilter(private val configRepository:ConfigRepository) : OncePerRequestFilter() {
override fun doFilterInternal(
request: HttpServletRequest,
response: HttpServletResponse,
filterChain: FilterChain
) {
val registrationId = request.requestURI.split("/").last()
val findById = configRepository.findById(registrationId)
if (findById.isEmpty) {
response.sendError(
HttpStatus.NOT_FOUND.value(),
"$config is not registered"
)
} else {
filterChain.doFilter(request, response)
}
}
}
用日志更新
2021-09-13 11:52:00.039 DEBUG 5499 --- [nio-8094-exec-1] o.apache.catalina.valves.RemoteIpValve : Incoming request /login/oauth2/code/demo-auth with originalRemoteAddr [0:0:0:0:0:0:0:1], originalRemoteHost=[0:0:0:0:0:0:0:1], originalSecure=[false], originalScheme=[http], originalServerName=[localhost], originalServerPort=[8094] will be seen as newRemoteAddr=[0:0:0:0:0:0:0:1], newRemoteHost=[0:0:0:0:0:0:0:1], newSecure=[false], newScheme=[http], newServerName=[localhost], newServerPort=[8094]
2021-09-13 11:52:00.039 DEBUG 5499 --- [nio-8094-exec-1] o.a.c.authenticator.AuthenticatorBase : Security checking request GET /login/oauth2/code/demo-auth
2021-09-13 11:52:00.040 DEBUG 5499 --- [nio-8094-exec-1] org.apache.catalina.realm.RealmBase : No applicable constraints defined
2021-09-13 11:52:00.041 DEBUG 5499 --- [nio-8094-exec-1] o.a.c.a.jaspic.AuthConfigFactoryImpl : Loading persistent provider registrations from [/private/var/folders/px/pqfh3tdd5mz3fb0ck71241t00000gp/T/tomcat.8094.1488514718398247839/conf/jaspic-providers.xml]
2021-09-13 11:52:00.042 DEBUG 5499 --- [nio-8094-exec-1] o.a.c.authenticator.AuthenticatorBase : Not subject to any constraint
2021-09-13 11:52:00.049 DEBUG 5499 --- [nio-8094-exec-1] o.s.security.web.FilterChainProxy : Securing GET /login/oauth2/code/demo-auth?code=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb250ZXh0Ijp7Im5lZWRfcGF0aWVudF9iYW5uZXIiOmZhbHNlLCJzbWFydF9zdHlsZV91cmwiOiJodHRwczovL2xhdW5jaC5zbWFydGhlYWx0aGl0Lm9yZy9zbWFydC1zdHlsZS5qc29uIiwicGF0aWVudCI6Ijg3YTMzOWQwLThjYWUtNDE4ZS04OWM3LTg2NTFlNmFhYjNjNiIsImVuY291bnRlciI6IjQxOGUzOGNmLTlkYTYtNDE1NS1iMjA1LTBiZTI0MDI0YjFkYiJ9LCJjbGllbnRfaWQiOiJBbnkiLCJzY29wZSI6ImxhdW5jaCBvcGVuaWQgZmhpclVzZXIiLCJ1c2VyIjoiUGF0aWVudC84N2EzMzlkMC04Y2FlLTQxOGUtODljNy04NjUxZTZhYWIzYzYiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vbG9jYWxob3N0OjgwOTQvaW5kZXgiLCJpYXQiOjE2MzE1MjY2NjIsImV4cCI6MTYzMTUyNjk2Mn0.neurufjsALJMPlH1Kx-mjoz4GABUI05mQ46f48iUxcQ&state=eyJhbGciOiJub25lIn0.eyJrZXkiOiJZVWNncU8tMmZtZFRYcDVVNFM1VTVlR2RaYVc0UVpkRTU2aFJDSlZPZkJnPSIsImNsaWVudFJlZ2lzdHJhdGlvbklkIjoiZGVtby1hdXRoIn0.
2021-09-13 11:52:00.052 DEBUG 5499 --- [nio-8094-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2021-09-13 11:52:00.054 DEBUG 5499 --- [nio-8094-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2021-09-13 11:52:00.055 DEBUG 5499 --- [nio-8094-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Authorized public object filter invocation [GET /login/oauth2/code/demo-auth?code=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb250ZXh0Ijp7Im5lZWRfcGF0aWVudF9iYW5uZXIiOmZhbHNlLCJzbWFydF9zdHlsZV91cmwiOiJodHRwczovL2xhdW5jaC5zbWFydGhlYWx0aGl0Lm9yZy9zbWFydC1zdHlsZS5qc29uIiwicGF0aWVudCI6Ijg3YTMzOWQwLThjYWUtNDE4ZS04OWM3LTg2NTFlNmFhYjNjNiIsImVuY291bnRlciI6IjQxOGUzOGNmLTlkYTYtNDE1NS1iMjA1LTBiZTI0MDI0YjFkYiJ9LCJjbGllbnRfaWQiOiJBbnkiLCJzY29wZSI6ImxhdW5jaCBvcGVuaWQgZmhpclVzZXIiLCJ1c2VyIjoiUGF0aWVudC84N2EzMzlkMC04Y2FlLTQxOGUtODljNy04NjUxZTZhYWIzYzYiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vbG9jYWxob3N0OjgwOTQvaW5kZXgiLCJpYXQiOjE2MzE1MjY2NjIsImV4cCI6MTYzMTUyNjk2Mn0.neurufjsALJMPlH1Kx-mjoz4GABUI05mQ46f48iUxcQ&state=eyJhbGciOiJub25lIn0.eyJrZXkiOiJZVWNncU8tMmZtZFRYcDVVNFM1VTVlR2RaYVc0UVpkRTU2aFJDSlZPZkJnPSIsImNsaWVudFJlZ2lzdHJhdGlvbklkIjoiZGVtby1hdXRoIn0.]
2021-09-13 11:52:00.055 DEBUG 5499 --- [nio-8094-exec-1] o.s.security.web.FilterChainProxy : Secured GET /login/oauth2/code/demo-auth?code=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb250ZXh0Ijp7Im5lZWRfcGF0aWVudF9iYW5uZXIiOmZhbHNlLCJzbWFydF9zdHlsZV91cmwiOiJodHRwczovL2xhdW5jaC5zbWFydGhlYWx0aGl0Lm9yZy9zbWFydC1zdHlsZS5qc29uIiwicGF0aWVudCI6Ijg3YTMzOWQwLThjYWUtNDE4ZS04OWM3LTg2NTFlNmFhYjNjNiIsImVuY291bnRlciI6IjQxOGUzOGNmLTlkYTYtNDE1NS1iMjA1LTBiZTI0MDI0YjFkYiJ9LCJjbGllbnRfaWQiOiJBbnkiLCJzY29wZSI6ImxhdW5jaCBvcGVuaWQgZmhpclVzZXIiLCJ1c2VyIjoiUGF0aWVudC84N2EzMzlkMC04Y2FlLTQxOGUtODljNy04NjUxZTZhYWIzYzYiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vbG9jYWxob3N0OjgwOTQvaW5kZXgiLCJpYXQiOjE2MzE1MjY2NjIsImV4cCI6MTYzMTUyNjk2Mn0.neurufjsALJMPlH1Kx-mjoz4GABUI05mQ46f48iUxcQ&state=eyJhbGciOiJub25lIn0.eyJrZXkiOiJZVWNncU8tMmZtZFRYcDVVNFM1VTVlR2RaYVc0UVpkRTU2aFJDSlZPZkJnPSIsImNsaWVudFJlZ2lzdHJhdGlvbklkIjoiZGVtby1hdXRoIn0.
2021-09-13 11:52:00.057 DEBUG 5499 --- [nio-8094-exec-1] org.apache.tomcat.util.http.Parameters : Set encoding to UTF-8
2021-09-13 11:52:00.057 DEBUG 5499 --- [nio-8094-exec-1] org.apache.tomcat.util.http.Parameters : Decoding query null UTF-8
2021-09-13 11:52:00.057 DEBUG 5499 --- [nio-8094-exec-1] org.apache.tomcat.util.http.Parameters : Start processing with input [code=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb250ZXh0Ijp7Im5lZWRfcGF0aWVudF9iYW5uZXIiOmZhbHNlLCJzbWFydF9zdHlsZV91cmwiOiJodHRwczovL2xhdW5jaC5zbWFydGhlYWx0aGl0Lm9yZy9zbWFydC1zdHlsZS5qc29uIiwicGF0aWVudCI6Ijg3YTMzOWQwLThjYWUtNDE4ZS04OWM3LTg2NTFlNmFhYjNjNiIsImVuY291bnRlciI6IjQxOGUzOGNmLTlkYTYtNDE1NS1iMjA1LTBiZTI0MDI0YjFkYiJ9LCJjbGllbnRfaWQiOiJBbnkiLCJzY29wZSI6ImxhdW5jaCBvcGVuaWQgZmhpclVzZXIiLCJ1c2VyIjoiUGF0aWVudC84N2EzMzlkMC04Y2FlLTQxOGUtODljNy04NjUxZTZhYWIzYzYiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vbG9jYWxob3N0OjgwOTQvaW5kZXgiLCJpYXQiOjE2MzE1MjY2NjIsImV4cCI6MTYzMTUyNjk2Mn0.neurufjsALJMPlH1Kx-mjoz4GABUI05mQ46f48iUxcQ&state=eyJhbGciOiJub25lIn0.eyJrZXkiOiJZVWNncU8tMmZtZFRYcDVVNFM1VTVlR2RaYVc0UVpkRTU2aFJDSlZPZkJnPSIsImNsaWVudFJlZ2lzdHJhdGlvbklkIjoiZGVtby1hdXRoIn0.]
2021-09-13 11:52:00.057 DEBUG 5499 --- [nio-8094-exec-1] o.s.web.servlet.DispatcherServlet : GET "/login/oauth2/code/demo-auth?code=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb250ZXh0Ijp7Im5lZWRfcGF0aWVudF9iYW5uZXIiOmZhbHNlLCJzbWFydF9zdHlsZV91cmwiOiJodHRwczovL2xhdW5jaC5zbWFydGhlYWx0aGl0Lm9yZy9zbWFydC1zdHlsZS5qc29uIiwicGF0aWVudCI6Ijg3YTMzOWQwLThjYWUtNDE4ZS04OWM3LTg2NTFlNmFhYjNjNiIsImVuY291bnRlciI6IjQxOGUzOGNmLTlkYTYtNDE1NS1iMjA1LTBiZTI0MDI0YjFkYiJ9LCJjbGllbnRfaWQiOiJBbnkiLCJzY29wZSI6ImxhdW5jaCBvcGVuaWQgZmhpclVzZXIiLCJ1c2VyIjoiUGF0aWVudC84N2EzMzlkMC04Y2FlLTQxOGUtODljNy04NjUxZTZhYWIzYzYiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vbG9jYWxob3N0OjgwOTQvaW5kZXgiLCJpYXQiOjE2MzE1MjY2NjIsImV4cCI6MTYzMTUyNjk2Mn0.neurufjsALJMPlH1Kx-mjoz4GABUI05mQ46f48iUxcQ&state=eyJhbGciOiJub25lIn0.eyJrZXkiOiJZVWNncU8tMmZtZFRYcDVVNFM1VTVlR2RaYVc0UVpkRTU2aFJDSlZPZkJnPSIsImNsaWVudFJlZ2lzdHJhdGlvbklkIjoiZGVtby1hdXRoIn0.", parameters={masked}
2021-09-13 11:52:00.063 DEBUG 5499 --- [nio-8094-exec-1] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler [Classpath [META-INF/resources/], Classpath [resources/], Classpath [static/], Classpath [public/], ServletContext [/]]
2021-09-13 11:52:00.066 DEBUG 5499 --- [nio-8094-exec-1] o.s.w.s.r.ResourceHttpRequestHandler : Resource not found
2021-09-13 11:52:00.066 DEBUG 5499 --- [nio-8094-exec-1] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2021-09-13 11:52:00.066 DEBUG 5499 --- [nio-8094-exec-1] o.s.web.servlet.DispatcherServlet : Completed 404 NOT_FOUND
2021-09-13 11:52:00.067 DEBUG 5499 --- [nio-8094-exec-1] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2021-09-13 11:52:00.067 DEBUG 5499 --- [nio-8094-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2021-09-13 11:52:00.068 DEBUG 5499 --- [nio-8094-exec-1] o.a.c.c.C.[Tomcat].[localhost] : Processing ErrorPage[errorCode=0, location=/error]
更新我的其他发现。使用此设置:
.antMatcher("/oauth2/authorization/**")
.addFilterBefore(
ValidationFilter(),
OAuth2AuthorizationRequestRedirectFilter::class.java
)
.antMatcher( "/login/oauth2/code/**")
.addFilterBefore(
ValidationFilter(),
OAuth2AuthorizationRequestRedirectFilter::class.java
)
Then
"/oauth2/authorization/**" doesn't work anymore
我终于成功了。关键是/oauth2/authorization和/login/oauth2/code/都要配置antMatchers,否则如果你只配置一个端点,另一个端点会消失。
完整配置:
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI
@EnableWebSecurity
class MySecurityConfig {
@Configuration
@Order(1)
class MyWebSecurityConfigurerAdapter @Autowired constructor(
) : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
val validator = ValidationFilter()
http
.requestMatchers()
.antMatchers("$DEFAULT_AUTHORIZATION_REQUEST_BASE_URI/**", DEFAULT_FILTER_PROCESSES_URI)
.and()
.addFilterBefore(
validator,
OAuth2AuthorizationRequestRedirectFilter::class.java
)
.oauth2Login()
}
}
@Configuration
@Order(2)
class CommonWebSecurityConfigurerAdapter : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
http.headers().frameOptions().disable()
.and()
// REST API doesn't need csrf
.csrf().disable()
}
}
@Configuration
@Order(3)
class BasicAuthWebSecurityConfigurerAdapter : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
http
.authorizeRequests().antMatchers(
"/oauth2/v1/configs/**",
"/v1/token/validate/**"
)
.authenticated().and().httpBasic()
}
@Autowired
fun configureGlobal(auth: AuthenticationManagerBuilder) {
auth.inMemoryAuthentication()
.withUser(basicAuthUserName)
.password("{noop}$basicAuthPassword")
.roles("USER")
}
}
}