使用 Oauth2 配置 Spring Security 6

问题描述 投票:0回答:1

我正在将 Springboot 2.4.3 应用程序迁移到 Springboot 3.2.3。由于 WebSecurityConfigurerAdapter 已被弃用,我尝试如下配置 SecurityFilterChain 。但是当我进行 API 调用时,所有调用都会失败并显示 403Forbidden。请帮我解决这个问题。 TIA

@Bean
  public SecurityFilterChain filterRequestChain(HttpSecurity http) throws Exception {
    http.csrf(AbstractHttpConfigurer::disable)
        .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
        .authorizeHttpRequests(
            auth -> auth.requestMatchers(properties.getWhiteListEndPoints().toArray(new String[0]))
                .permitAll().requestMatchers("/**").authenticated());
    http.exceptionHandling(
        httpSecurityExceptionHandlingConfigurer -> httpSecurityExceptionHandlingConfigurer.accessDeniedHandler(
            restAccessDeniedHandler));
    http.oauth2Client(withDefaults());
    return http.build();
  }

这是我的财产文件

security:
  oauth2:
    resourceserver:
      jwt:
        user-info-uri: https://xxxxx/openam/oauth2/tokeninfo
    client:
      registration:
        custom:
          client-id: ccccc
          client-secret: xxxxx
          scope: ocean
          grant-type: client_credentials
          access-token-uri: https://xxxx/openam/oauth2/access_token?realm=/xyz
spring spring-boot spring-security oauth-2.0
1个回答
0
投票

身份提供商配置丢失,您的客户端不知道从哪里获取身份https://docs.spring.io/spring-security/site/docs/5.2.3.RELEASE/reference/html5/#oauth2login-custom-提供商属性

spring:
 security:
  oauth2:
   client:
    registration:
      okta:
        client-id: okta-client-id
        client-secret: okta-client-secret
    provider:
      okta: 
        authorization-uri: https://your-subdomain.oktapreview.com/oauth2/v1/authorize
        token-uri: https://your-subdomain.oktapreview.com/oauth2/v1/token
        user-info-uri: https://your-subdomain.oktapreview.com/oauth2/v1/userinfo
        user-name-attribute: sub
        jwk-set-uri: https://your-subdomain.oktapreview.com/oauth2/v1/keys
© www.soinside.com 2019 - 2024. All rights reserved.