我正在开发一个带有 spring-security 的 Spring 应用程序并使用 google 登录,但在执行该应用程序时出现此错误:
***************************
APPLICATION FAILED TO START
***************************
Description:
Method springSecurityFilterChain in org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration required a bean of type 'org.springframework.security.oauth2.client.registration.ClientRegistrationRepository' that could not be found.
The following candidates were found but could not be injected:
- Bean method 'clientRegistrationRepository' in 'OAuth2ClientRegistrationRepositoryConfiguration' not loaded because OAuth2 Clients Configured Condition registered clients is not available
Action:
Consider revisiting the entries above or defining a bean of type 'org.springframework.security.oauth2.client.registration.ClientRegistrationRepository' in your configuration.
我的应用程序.yml:
spring:
datasource:
url: jdbc:mysql://localhost:3306/manager
username: application_spring
password: application_spring
jpa:
show-sql: true
hibernate:
ddl-auto: update
security:
oauth2:
client:
registration:
google:
client-id: {client id}
client-secret: {client-secret}
redirectUri: "{baseUrl}/oauth2/callback/{registrationId}"
scope:
- email
- profile
app:
auth:
tokenSecret: 926D96C90030DD58429D2751AC1BDBBC
tokenExpirationMsec: 864000000
oauth2:
# After successfully authenticating with the OAuth2 Provider,
# we'll be generating an auth token for the user and sending the token to the
# redirectUri mentioned by the frontend client in the /oauth2/authorize request.
# We're not using cookies because they won't work well in mobile clients.
authorizedRedirectUris:
- http://localhost:3000/oauth2/redirect
- myandroidapp://oauth2/redirect
- myiosapp://oauth2/redirect
还有我的 SecurityConfig 类:
package com.manager.manager.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import com.manager.manager.security.oatuh2.CustomOAuth2UserService;
import com.manager.manager.security.oatuh2.HttpCookieOAuth2AuthorizationRequestRepository;
import com.manager.manager.security.oatuh2.OAuth2AuthenticationFailureHandler;
import com.manager.manager.security.oatuh2.OAuth2AuthenticationSuccessHandler;
import com.manager.manager.security.utils.RestAuthenticationEntryPoint;
import com.manager.manager.security.utils.TokenAuthenticationFilter;
import com.manager.manager.service.impl.CustomUserDetailsService;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(
securedEnabled = true,
jsr250Enabled = true,
prePostEnabled = true
)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Autowired
private CustomOAuth2UserService customOAuth2UserService;
@Autowired
private OAuth2AuthenticationSuccessHandler oAuth2AuthenticationSuccessHandler;
@Autowired
private OAuth2AuthenticationFailureHandler oAuth2AuthenticationFailureHandler;
@Autowired
private HttpCookieOAuth2AuthorizationRequestRepository httpCookieOAuth2AuthorizationRequestRepository;
@Bean
public TokenAuthenticationFilter tokenAuthenticationFilter() {
return new TokenAuthenticationFilter();
}
/*
By default, Spring OAuth2 uses HttpSessionOAuth2AuthorizationRequestRepository to save
the authorization request. But, since our service is stateless, we can't save it in
the session. We'll save the request in a Base64 encoded cookie instead.
*/
@Bean
public HttpCookieOAuth2AuthorizationRequestRepository cookieAuthorizationRequestRepository() {
return new HttpCookieOAuth2AuthorizationRequestRepository();
}
@Override
public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
authenticationManagerBuilder
.userDetailsService(customUserDetailsService)
.passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean(BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf()
.disable()
.formLogin()
.disable()
.httpBasic()
.disable()
.exceptionHandling()
.authenticationEntryPoint(new RestAuthenticationEntryPoint())
.and()
.authorizeRequests()
.antMatchers("/",
"/error",
"/favicon.ico",
"/**/*.png",
"/**/*.gif",
"/**/*.svg",
"/**/*.jpg",
"/**/*.html",
"/**/*.css",
"/**/*.js")
.permitAll()
.antMatchers("/auth/**", "/oauth2/**")
.permitAll()
.anyRequest()
.authenticated()
.and()
.oauth2Login()
.authorizationEndpoint()
.baseUri("/oauth2/authorize")
.authorizationRequestRepository(cookieAuthorizationRequestRepository())
.and()
.redirectionEndpoint()
.baseUri("/oauth2/callback/*")
.and()
.userInfoEndpoint()
.userService(customOAuth2UserService)
.and()
.successHandler(oAuth2AuthenticationSuccessHandler)
.failureHandler(oAuth2AuthenticationFailureHandler);
// Add our custom Token based authentication filter
http.addFilterBefore(tokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
}
为了制作这个应用程序,我遵循了本教程: https://www.callicoder.com/spring-boot-security-oauth2-social-login-part-2/
有人知道可能是什么问题吗? 谢谢
看起来像缩进问题,安全属性必须位于 spring 属性下方
spring:
security:
我发现如果出现以下情况也会发生这种情况:
您可以在我的其他答案中阅读一些相关内容这里;通过在日志中查找此错误消息来对此进行分类就足够了:
No active profile set, falling back to 1 default profile: "default"
请检查您的 application.yml 文件。确保“security”部分正确嵌套在“spring”下。另外,请验证缩进是否准确,因为不正确的间距可能会导致错误。以下是如何构建它的示例:
春天: 安全: oauth2: 客户:
注意:确保整个安全配置正确放置在“spring”块内。”
作者在下面的github链接中给出了完整的源代码。下载代码并构建它并尝试运行它。在这个项目中有两种类型的项目,一种是java类型,你必须使用maven构建,另一种是react项目,你必须使用yarn构建,就像npm包管理器一样。
要运行“react-social”项目,您必须使用命令
yarn install && yarn build && yarn start
进行构建。要构建其他基于 spring 的项目“spring-social”,您必须使用命令 mvn clean install
。也可以直接运行命令mvn spring-boot:run
.
作者在github的ReadMe.md文件中给出了运行该项目的说明。我建议首先构建并运行基于 spring 的项目,然后运行 React-social 项目。
https://github.com/callicoder/spring-boot-react-oauth2-social-login-demo