我是Spring boot和Spring oauth2的新手,谷歌搜索后使用mongodb使用spring boot 1.2.4获得了一些示例 . 以下是设置:
-
用于授权服务器的Spring boot 1.2.4和Spring oauth2 2.0.7
-
资源服务器的Spring boot 1.5.4和spring oauth2 2.0.7
Resource Server的控制器代码段如下:
@RequestMapping("/hello")
@ResponseBody
@PreAuthorize("hasRole('Dev')")
//@PreAuthorize("hasRole('Dev')")
public String helloWorld() {
return "Hello World.";
}
当资源和授权服务器是spring boot 1.2.4授权正在运行FINE但是使用不同的版本它似乎是不兼容的,因为它会抛出一个错误:
{
"error": "access_denied",
"error_description": "Access is denied"
}
当我将记录放入1.5.4时,这是日志结果:
2017-06-28 23:25:13 [http-nio-8081-exec-1] DEBUG o.s.s.a.i.a.MethodSecurityInterceptor - Secure object: ReflectiveMethodInvocation: public java.lang.String st.malike.auth.client.http.DemoController.helloWorld(); target is of class [st.malike.auth.client.http.DemoController]; Attributes: [[authorize: '#oauth2.throwOnError(hasRole('Dev'))', filter: 'null', filterTarget: 'null']]
2017-06-28 23:25:13 [http-nio-8081-exec-1] DEBUG o.s.s.a.i.a.MethodSecurityInterceptor - Previously Authenticated: org.springframework.security.oauth2.provider.OAuth2Authentication@1c32aba2: Principal: null; Credentials: [PROTECTED]; Authenticated: true; Details: remoteAddress=0:0:0:0:0:0:0:1, tokenType=BearertokenValue=<TOKEN>; Granted Authorities: Dev
2017-06-28 23:25:13 [http-nio-8081-exec-1] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter@6d6b90, returned: -1
2017-06-28 23:25:13 [http-nio-8081-exec-1] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.access.vote.RoleVoter@1deeabb9, returned: 0
2017-06-28 23:25:13 [http-nio-8081-exec-1] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.access.vote.AuthenticatedVoter@1c3cd0b, returned: 0
2017-06-28 23:25:13 [http-nio-8081-exec-1] DEBUG o.s.b.f.s.DefaultListableBeanFactory - Returning cached instance of singleton bean 'delegatingApplicationListener'
2017-06-28 23:25:13 [http-nio-8081-exec-1] DEBUG o.s.w.s.m.m.a.ExceptionHandlerExceptionResolver - Resolving exception from handler [public java.lang.String st.malike.auth.client.http.DemoController.helloWorld()]: org.springframework.security.access.AccessDeniedException: Access is denied
2017-06-28 23:25:13 [http-nio-8081-exec-1] DEBUG o.s.w.s.m.a.ResponseStatusExceptionResolver - Resolving exception from handler [public java.lang.String st.malike.auth.client.http.DemoController.helloWorld()]: org.springframework.security.access.AccessDeniedException: Access is denied
2017-06-28 23:25:13 [http-nio-8081-exec-1] DEBUG o.s.w.s.m.s.DefaultHandlerExceptionResolver - Resolving exception from handler [public java.lang.String st.malike.auth.client.http.DemoController.helloWorld()]: org.springframework.security.access.AccessDeniedException: Access is denied
2017-06-28 23:25:13 [http-nio-8081-exec-1] DEBUG o.s.web.servlet.DispatcherServlet - Could not complete request
org.springframework.security.access.AccessDeniedException: Access is denied
现在我知道该行在Spring-boot-1.5.3中引起了麻烦
o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter@6d6b90, returned: -1
请帮助如何使用上述设置进行授权或如何使授权工作 .
1 回答
我使用spring-boot 1.5.3在资源服务器中将spring-security版本更改为3.2.10.RELEASE,一切正常 . 似乎4.x中的spring-security逻辑已更改且不兼容 .