我有一个Spring Boot应用程序 . 我正在尝试为该应用程序实现OAuth2授权 . 我已经按照本教程https://spring.io/guides/tutorials/spring-boot-oauth2/ Enabling the Authorization Server 部分进行了操作 . 虽然我能够成功地从auth-server访问令牌,但当我尝试发送这些令牌来请求我的资源服务器时,它在控制台中出错 Unauthorized access .
org.springframework.security.access.AccessDeniedException: Access is denied
虽然我稍后会将授权服务器和资源服务器分开,但出于初始目的,两者的单个应用程序都可以工作 .
@Configuration
@EnableAuthorizationServer
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers(Application.baseURL + "/user/register");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests().anyRequest().authenticated()
.and().exceptionHandling()
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
.and().csrf().disable();
}
}
并用于用户认证
@Configuration
class WebSecurityConfiguration extends GlobalAuthenticationConfigurerAdapter {
@Loggable
private static Logger logger;
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService()).passwordEncoder(new BCryptPasswordEncoder());
}
@Bean
UserDetailsService userDetailsService() {
return new UserDetailsService() {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Session session = Hibernate.sessionFactory.openSession();
try {
UserPasswordDTO userPasswordDTO = new UserPasswordModel().getByEmailId(session, username);
return new SimsmisUser(username, userPasswordDTO.hashedPassword, true, true, true, true,
AuthorityUtils.createAuthorityList("USER"), userPasswordDTO.userId);
}
catch (InvalidIdException e) {
throw new UsernameNotFoundException(e.getMessage());
}
finally {
if (session != null) {
try {
session.close();
}
catch (Exception e) {
logger.error(e.getMessage(), e);
}
}
}
}
};
}
}
如何使用访问令牌与资源服务器通信?任何例子都会有帮助 .
1 回答
您尚未发布任何资源服务器配置 .
尝试本教程以获得更多见解:
https://spring.io/blog/2015/02/03/sso-with-oauth2-angular-js-and-spring-security-part-v