将 springboot 应用程序 2.7 迁移到 3.1.1 时出现 WebSecurityConfigurerAdapter 错误

问题描述 投票:0回答:1

下午好,我在 springboot 2.7.1 中更新到版本 3.1.1 的应用程序遇到问题 我的应用程序使用 CustomOpaqueTokenIntrospector 来验证令牌,问题是在版本 3.1.1 中“WebSecurityConfigurerAdapter”、“cors”、“antMatchers”、“oauth2ResourceServer().opaqueToken()”已被弃用,老实说我对此很陌生身份验证和授权。 您能否帮我解答如何纠正我的问题,我已附上我的配置类的代码。

类 OpaqueSecurityConfig:

package ec.edu.espe.generalapi.Config.security;

import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;

@Configuration
public class OpaqueSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
       
        http.cors();
        http
                .authorizeRequests(authz -> authz
                        .antMatchers(HttpMethod.GET, "/public/**", "/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html", "/apiGeneral-docs/**", "swagger-ui-GeneralApi/**", "/swagger-ui-GeneralApi.html/**").permitAll()
                        .antMatchers(HttpMethod.POST, "/public/**").permitAll()
                        .anyRequest().authenticated())
                .oauth2ResourceServer().opaqueToken();
    }

    @Bean
    OpaqueTokenIntrospector tokenIntrospector(RestTemplateBuilder builder, OAuth2ResourceServerProperties resourceServerProps) {
        return new CustomOpaqueTokenIntrospector(builder, resourceServerProps);
    }

}

类 CustomOpaqueTokenIntrospector:

package ec.edu.espe.generalapi.Config.security;

import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
import org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector;
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
import org.springframework.web.client.RestOperations;

import java.time.Duration;


public class CustomOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
    private OAuth2ResourceServerProperties.Opaquetoken opaqueTokenProps;
    private RestTemplateBuilder builder;
    CustomOpaqueTokenIntrospector(RestTemplateBuilder builder, OAuth2ResourceServerProperties resourceServerProps) {
        this.opaqueTokenProps = resourceServerProps.getOpaquetoken();
        this.builder = builder;
    }

    @Override
    public OAuth2AuthenticatedPrincipal introspect(String token) {
      //  System.out.println(token);
        RestOperations restOperations = builder
                .defaultHeader("Authorization", "Bearer " + token)
                .setConnectTimeout(Duration.ofSeconds(60))
                .setReadTimeout(Duration.ofSeconds(60))
                .build();
        return new NimbusOpaqueTokenIntrospector(opaqueTokenProps.getIntrospectionUri(), restOperations).introspect(token);
    }
}

最后:

build.gradle

plugins {
    id 'java'
    id 'org.springframework.boot' version '3.1.3'
    id 'io.spring.dependency-management' version '1.1.3'
}

group = 'example'
version = '0.0.1-SNAPSHOT'

java {
    sourceCompatibility = '17'
}


repositories {
    mavenCentral()
}

dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
    implementation 'org.springframework.boot:spring-boot-starter-web'
    implementation 'org.springframework.boot:spring-boot-starter-oauth2-resource-server:3.0.0'
    implementation 'org.springframework.boot:spring-boot-gradle-plugin:2.7.0'
    compileOnly 'org.projectlombok:lombok'
    implementation 'org.springdoc:springdoc-openapi-ui:1.6.12'
    implementation 'org.springdoc:springdoc-openapi-security:1.6.12'
    implementation group: 'org.postgresql', name: 'postgresql', version: '42.3.1'
    runtimeOnly 'com.nimbusds:oauth2-oidc-sdk:9.2.4'
    implementation 'org.springframework.boot:spring-boot-starter-actuator:2.6.1'
    runtimeOnly 'com.oracle.database.jdbc:ojdbc8'
    annotationProcessor 'org.projectlombok:lombok'
    testImplementation 'org.springframework.boot:spring-boot-starter-test'
}

tasks.named('test') {
    useJUnitPlatform()
}
java spring-security oauth-2.0 spring-security-oauth2 spring-oauth2
1个回答
0
投票

在 Spring Security 5.7.0-M2 中,WebSecurityConfigurerAdapter 已被弃用。 现在您可以这样做: https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.