首页 文章

无法通过Spring Security身份验证

提问于
浏览
1

无法通过Spring安全身份验证

AuditEvent [timestamp = 2018-07-05T12:08:06.306Z,principal = anonymousUser,type = AUTHORIZATION_FAILURE,data = {undetails = land.springframework.security.web.authentication.WebAuthenticationDetails@0:RemoteIpAddress:0:0:0 :0:0:0:0:1; SessionId:EF4FF849385896FA97E6E071393AC5E7,type = org.springframework.security.access.AccessDeniedException,message = Access被拒绝}]

我的配置:

@EnableAuthorizationServer
@Configuration
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter{

    //@Autowired
    private AuthenticationManager authenticationManagerBean;

    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security.tokenKeyAccess("permitAll()")
            .checkTokenAccess("isAuthenticated()")
            .allowFormAuthenticationForClients();
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
            .withClient("clientId")
            .secret("secret")
            .authorizedGrantTypes("authorization_code")
            .scopes("user_info")
            .autoApprove(true);
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.authenticationManager(authenticationManagerBean);
    }
}

@EnableResourceServer
@Configuration
public class ResourceServerConfig extends WebSecurityConfigurerAdapter{

    //@Autowired
    private AuthenticationManager authenticationManagerBean;

    @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.requestMatchers()
            .antMatchers("/login", "/oauth/authorize")
            .and()
            .authorizeRequests()
            .anyRequest()
            .authenticated()
            .and()
            .formLogin()
            .permitAll()
            .and()
            .csrf().disable();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.parentAuthenticationManager(authenticationManagerBean)
            .inMemoryAuthentication()
            .withUser("sumit")
            .password("sumit")
            .roles("USER");
    }
}

application.properties
server.port=8081
server.servlet.context-path=/auth


@RestController
@RequestMapping("/rest/hello")
public class HelloResource {

    @GetMapping("/principal")
    public Principal user(Principal principal) {
        return principal;
    }

    @GetMapping
    public String hello() {
        return "hello world";
    }
}
spring spring-boot

1 回答

  • 0

    改变这一行:

    .antMatchers("/login", "/oauth/authorize")

    至:

    .antMatchers("/login", "/oauth/authorize").permitAll()

    您可能会因尝试授权而陷入困境 .

    回复于

相关问题