我正在写一个Oauth2应用程序。 Spring应用程序是:
@SpringBootApplication
@EnableAuthorizationServer
@EnableResourceServer
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
application.properties是
security.oauth2.client.client-id=jerpweb
security.oauth2.client.client-secret=implementa
security.oauth2.client.authorized-grant-types=password,client_credentials,authorization_code,refresh_token
security.oauth2.client.scope=openid
security.oauth2.client.auto-approve-scopes=.*
而securityConfiguration是:
@Configuration
@EnableWebSecurity
@EnableTransactionManagement
@Order(-5)
public class SecurityConfigurationOauth extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailServiceImpl userService;
@Autowired
private PasswordEncoderService passwordEncoder;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
auth.userDetailsService(userService).passwordEncoder(passwordEncoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.requestMatchers()
.antMatchers("/login", "/oauth/authorize", "/oauth/confirm_access")
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").permitAll();
}
}
oauth服务器正在使用协议密码(localhost:8081 / oauth / token)。如果我使用oauth2客户端
@SpringBootApplication
@EnableOAuth2Sso
public class ApplicationUi {
public static void main(String[] args) {
SpringApplication.run(ApplicationUi.class, args);
}
}
security.oauth2.client.client-id=jerpweb
security.oauth2.client.client-secret=implementa
security.oauth2.client.access-token-uri=http://localhost:8081/oauth/token
security.oauth2.client.user-authorization-uri=http://localhost:8081/oauth/authorize
security.oauth2.client.token-name=oauth_token
security.oauth2.client.authentication-scheme=query
security.oauth2.client.client-authentication-scheme=form
security.oauth2.client.scope=openid
客户端被正确地重定向到授权服务器,但如果验证成功,则不会返回到客户端。即如果我调用localhost:8080 /我被重定向到http://localhost:8081/login但是如果验证没问题,浏览器仍然在页面ttp:// localhost:8081 / login而不是返回到localhost:8080 /。
使用oauth2登录表单的SecurityConfiguration的正确配置是什么?
安全配置的问题在于授权服务器的设置方式。
由于某些原因,授权服务器必须具有上下文路径,因此服务器application.properties的正确配置为:
server.port=8081
server.servlet.context-path=/uaa
security.oauth2.client.client-id=jerpweb
security.oauth2.client.client-secret=implementa
security.oauth2.client.authorized-grant-types=password,client_credentials,authorization_code,refresh_token
security.oauth2.client.scope=openid
security.oauth2.client.auto-approve-scopes=.*
必须相应地更改客户端映射
auth-server=http://localhost:8081/uaa
security.oauth2.client.access-token-uri=${auth-server}/oauth/token
security.oauth2.client.user-authorization-uri=${auth-server}/oauth/authorize
security.oauth2.resource.user-info-uri=${auth-server}/api/userinfo
通过这些修改,重定向工作正常。