首页 文章

Spring Boot OAuth2带有自定义安全过滤器

提问于
浏览
4

我有一个带有OAuth2授权和资源服务器的spring boot设置 . 用户可以通过向 /oauth/token 发出POST请求来获取令牌 . 到现在为止还挺好 .

但是,我不想通过BASIC auth保护 /oauth/token ,而是通过自定义安全过滤器 .

我试过以下但是从未调用过 DemoAuthenticationFilter

@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
    // ...
    @Override
    public void configure(HttpSecurity http) throws Exception {
        // ...
        http.addFilterBefore(new DemoAuthenticationFilter(), BasicAuthenticationFilter.class);
        http.authorizeRequests().antMatchers("/oauth/token").authenticated();
    }
}

此外,如果我尝试将其添加到 WebSecurityConfigurerAdapter ,则只有在通过OAuth2验证请求后才会调用过滤器:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    // ...
    @Override
    protected void configure(HttpSecurity http) throws Exception {
       // ...
       http.addFilterBefore(new DemoAuthenticationFilter(), BasicAuthenticationFilter.class);
       http.authorizeRequests().antMatchers("/oauth/token").authenticated();
    }
}

一些简单的例子如何实现这一点将非常有帮助 . 谢谢!

1 回答

  • 0
    @Configuration
    @EnableAuthorizationServer
    public class OAuth2AuthorizationServer extends AuthorizationServerConfigurerAdapter {
    
        @Override
        public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
            oauthServer.allowFormAuthenticationForClients().addTokenEndpointAuthenticationFilter(new AligenieFilter());
        }
    
        //....
    }
    

    这个对我有用 .

相关问题