我配置了我的授权服务器,我想允许每个人访问/向 /clients 路由发帖,但我没有成功,我收到访问被拒绝的消息,请按照以下代码操作:
@Bean
@Order(1)
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
throws Exception {
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
http.cors(Customizer.withDefaults());
http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
.oidc(Customizer.withDefaults()); // Enable OpenID Connect 1.0
http
// Redirect to the login page when not authenticated from the
// authorization endpoint
.exceptionHandling((exceptions) -> exceptions
.defaultAuthenticationEntryPointFor(
new LoginUrlAuthenticationEntryPoint("/login"),
new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
)
)
// Accept access tokens for User Info and/or Client Registration
.oauth2ResourceServer((resourceServer) -> resourceServer
.jwt(Customizer.withDefaults()));
return http.build();
}
@Bean
@Order(2)
public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http)
throws Exception {
http
.cors(Customizer.withDefaults())
.authorizeHttpRequests((authorize) -> authorize
.requestMatchers(HttpMethod.POST, "/clients").permitAll()
.requestMatchers("/roles").hasRole("owner")
.anyRequest().authenticated()
)
.oauth2ResourceServer(resource -> resource.jwt(jwt -> jwt.jwtAuthenticationConverter(new JwtConverter())))
// Form login handles the redirect to the login page from the
// authorization server filter chain
.formLogin(Customizer.withDefaults());
return http.build();
}
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*")); // Permite acesso apenas a este domínio
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
configuration.setAllowedHeaders(Arrays.asList("Authorization", "Content-Type"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
@Bean
public UserDetailsService userDetailsService() {
return username -> {
final var aAccount = this.accountRepository.findByEmail(username)
.orElseThrow(() -> new RuntimeException("Account not found"));
return new AccountDetails(aAccount, Collections.emptyList());
};
}
@Bean
public JWKSource<SecurityContext> jwkSource() throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
JWKSet jwkSet = new JWKSet(KeysService.rsaKey());
return new ImmutableJWKSet<>(jwkSet);
}
@Bean
public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
}
@Bean
public AuthorizationServerSettings authorizationServerSettings() {
return AuthorizationServerSettings.builder().build();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
我的控制器:
@RestController
@RequestMapping("/clients")
public class ClientController {
@Autowired
private ClientService clientService;
@Autowired
private ClientRepository clientRepository;
@PostMapping
public ResponseEntity<?> createClient(@RequestBody CreateClientDTO createClientDTO) {
clientService.save(CreateClientDTO.toEntity(createClientDTO));
return ResponseEntity.noContent().build();
}
}
日志:日志不适合这里,我将其发布在我的要点中https://gist.github.com/Kaua3045/2c53b38517c10b3de1dec9f61c62f396