下午好,我在 springboot 2.7.1 中更新到版本 3.1.1 的应用程序遇到问题 我的应用程序使用 CustomOpaqueTokenIntrospector 来验证令牌,问题是在版本 3.1.1 中“WebSecurityConfigurerAdapter”、“cors”、“antMatchers”、“oauth2ResourceServer().opaqueToken()”已被弃用,老实说我对此很陌生身份验证和授权。 您能否帮我解答如何纠正我的问题,我已附上我的配置类的代码。
类 OpaqueSecurityConfig:
package ec.edu.espe.generalapi.Config.security;
import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
@Configuration
public class OpaqueSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors();
http
.authorizeRequests(authz -> authz
.antMatchers(HttpMethod.GET, "/public/**", "/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html", "/apiGeneral-docs/**", "swagger-ui-GeneralApi/**", "/swagger-ui-GeneralApi.html/**").permitAll()
.antMatchers(HttpMethod.POST, "/public/**").permitAll()
.anyRequest().authenticated())
.oauth2ResourceServer().opaqueToken();
}
@Bean
OpaqueTokenIntrospector tokenIntrospector(RestTemplateBuilder builder, OAuth2ResourceServerProperties resourceServerProps) {
return new CustomOpaqueTokenIntrospector(builder, resourceServerProps);
}
}
类 CustomOpaqueTokenIntrospector:
package ec.edu.espe.generalapi.Config.security;
import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
import org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector;
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
import org.springframework.web.client.RestOperations;
import java.time.Duration;
public class CustomOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
private OAuth2ResourceServerProperties.Opaquetoken opaqueTokenProps;
private RestTemplateBuilder builder;
CustomOpaqueTokenIntrospector(RestTemplateBuilder builder, OAuth2ResourceServerProperties resourceServerProps) {
this.opaqueTokenProps = resourceServerProps.getOpaquetoken();
this.builder = builder;
}
@Override
public OAuth2AuthenticatedPrincipal introspect(String token) {
// System.out.println(token);
RestOperations restOperations = builder
.defaultHeader("Authorization", "Bearer " + token)
.setConnectTimeout(Duration.ofSeconds(60))
.setReadTimeout(Duration.ofSeconds(60))
.build();
return new NimbusOpaqueTokenIntrospector(opaqueTokenProps.getIntrospectionUri(), restOperations).introspect(token);
}
}
最后:
build.gradle
plugins {
id 'java'
id 'org.springframework.boot' version '3.1.3'
id 'io.spring.dependency-management' version '1.1.3'
}
group = 'example'
version = '0.0.1-SNAPSHOT'
java {
sourceCompatibility = '17'
}
repositories {
mavenCentral()
}
dependencies {
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.springframework.boot:spring-boot-starter-oauth2-resource-server:3.0.0'
implementation 'org.springframework.boot:spring-boot-gradle-plugin:2.7.0'
compileOnly 'org.projectlombok:lombok'
implementation 'org.springdoc:springdoc-openapi-ui:1.6.12'
implementation 'org.springdoc:springdoc-openapi-security:1.6.12'
implementation group: 'org.postgresql', name: 'postgresql', version: '42.3.1'
runtimeOnly 'com.nimbusds:oauth2-oidc-sdk:9.2.4'
implementation 'org.springframework.boot:spring-boot-starter-actuator:2.6.1'
runtimeOnly 'com.oracle.database.jdbc:ojdbc8'
annotationProcessor 'org.projectlombok:lombok'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
}
tasks.named('test') {
useJUnitPlatform()
}
在 Spring Security 5.7.0-M2 中,WebSecurityConfigurerAdapter 已被弃用。 现在您可以这样做: https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter