我正在将 Springboot 2.4.3 应用程序迁移到 Springboot 3.2.3。由于 WebSecurityConfigurerAdapter 已被弃用,我尝试如下配置 SecurityFilterChain 。但是当我进行 API 调用时,所有调用都会失败并显示 403Forbidden。请帮我解决这个问题。 TIA
@Bean
public SecurityFilterChain filterRequestChain(HttpSecurity http) throws Exception {
http.csrf(AbstractHttpConfigurer::disable)
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(
auth -> auth.requestMatchers(properties.getWhiteListEndPoints().toArray(new String[0]))
.permitAll().requestMatchers("/**").authenticated());
http.exceptionHandling(
httpSecurityExceptionHandlingConfigurer -> httpSecurityExceptionHandlingConfigurer.accessDeniedHandler(
restAccessDeniedHandler));
http.oauth2Client(withDefaults());
return http.build();
}
这是我的财产文件
security:
oauth2:
resourceserver:
jwt:
user-info-uri: https://xxxxx/openam/oauth2/tokeninfo
client:
registration:
custom:
client-id: ccccc
client-secret: xxxxx
scope: ocean
grant-type: client_credentials
access-token-uri: https://xxxx/openam/oauth2/access_token?realm=/xyz
身份提供商配置丢失,您的客户端不知道从哪里获取身份https://docs.spring.io/spring-security/site/docs/5.2.3.RELEASE/reference/html5/#oauth2login-custom-提供商属性
spring:
security:
oauth2:
client:
registration:
okta:
client-id: okta-client-id
client-secret: okta-client-secret
provider:
okta:
authorization-uri: https://your-subdomain.oktapreview.com/oauth2/v1/authorize
token-uri: https://your-subdomain.oktapreview.com/oauth2/v1/token
user-info-uri: https://your-subdomain.oktapreview.com/oauth2/v1/userinfo
user-name-attribute: sub
jwk-set-uri: https://your-subdomain.oktapreview.com/oauth2/v1/keys