我一直在尝试配置 Spring OAuth2。已经部分成功。
为了测试我一直在使用 SOAPui 并将重定向 uri 设置为“urn:ietf:wg:oauth:2.0:oob”。
我的系统的问题是我可以去获取授权码,但它不会重定向到授权服务器来获取访问码。我一直在查看日志,发现那里没有定义 URL,它没有执行 /app/oauth/token?code=OB05Cb 而只是在 url 上执行 ?code=OB05Cb
调试:org.springframework.web.servlet.DispatcherServlet - 渲染视图 [org.springframework.web.servlet.view.RedirectView:未命名;网址 [urn:?code=OB05Cb]]
然后它显示在我的 SoapUI 上找不到的页面并停止工作流。
我相信我错过了一些没有这样做的拦截器。我不知道为什么它没有前进。谁能给我一些提示?谢谢!
我正在使用 Spring OAuth2 版本 2.0.3.RELEASE 4.0.5.RELEASE 3.2.5.RELEASE
这是我的配置文件。
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:sec="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:oauth2="http://www.springframework.org/schema/security/oauth2"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security/oauth2
http://www.springframework.org/schema/security/spring-security-oauth2.xsd">
<beans:bean id="tokenStore"
class="com.nando.api.service.CassandraTokenStore" />
<beans:bean id="codes"
class="com.nando.api.service.CassandraAuthorizationCodeService" />
<beans:bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
<beans:property name="tokenStore" ref="tokenStore"/>
</beans:bean>
<!-- Added this -->
<beans:bean id="authenticationManager" class="org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationManager">
<beans:property name="resourceId" value="nando"/>
<beans:property name="tokenServices" ref="tokenServices"/>
</beans:bean>
<beans:bean id="tokenExtractor"
class="org.springframework.security.oauth2.provider.authentication.BearerTokenExtractor"/>
<beans:bean id="userService" class="com.nando.api.service.DefaultUserService" />
<beans:bean id="webServiceClientService"
class="com.nando.api.service.DefaultWebServiceClientService" />
<beans:bean id="clientDetailsUserService"
class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
<beans:constructor-arg ref="webServiceClientService" />
<!-- might need or not to set the passwordEncoder -->
<!-- <beans:property name="passwordEncoder" ref="passwordEncoder" /> -->
</beans:bean>
<beans:bean id="oauthRequestFactory"
class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory">
<!-- Added this -->
<beans:property name="checkUserScopes" value="true" />
<!-- TODO arguments here -->
<beans:constructor-arg name="clientDetailsService"
ref="webServiceClientService" />
</beans:bean>
<beans:bean id="userApprovalHandler"
class="org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler">
<!-- TODO here -->
<beans:property name="requestFactory" ref="oauthRequestFactory" />
<beans:property name="tokenStore" ref="tokenStore" />
<beans:property name="clientDetailsService" ref="webServiceClientService" />
</beans:bean>
<beans:bean id="resolver" class="org.springframework.security.oauth2.provider.endpoint.DefaultRedirectResolver" />
<beans:bean id="requestValidator" class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestValidator" />
<oauth2:authorization-server client-details-service-ref="webServiceClientService"
token-services-ref="tokenServices" user-approval-page="/oauth/userapproval"
error-page="/oauth/error" authorization-endpoint-url="/oauth/authorize" token-endpoint-url="/oauth/token" user-approval-handler-ref="userApprovalHandler">
<oauth2:authorization-code
authorization-code-services-ref="codes" />
<oauth2:refresh-token/>
<oauth2:password/>
</oauth2:authorization-server>
<!-- Spring Security Authentication Managers -->
<beans:bean id="passwordEncoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
<sec:authentication-manager alias="userAuthenticationManager">
<sec:authentication-provider user-service-ref="userService">
<sec:password-encoder ref="passwordEncoder"/>
</sec:authentication-provider>
</sec:authentication-manager>
<sec:authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
<sec:authentication-provider user-service-ref="clientDetailsUserService"/>
</sec:authentication-manager>
<oauth2:resource-server id="oauth2ProviderFilter"
authentication-manager-ref="authenticationManager" token-extractor-ref="tokenExtractor" token-services-ref="tokenServices"/>
<beans:bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl" />
<beans:bean id="webSecurityExpressionHandler"
class="org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler" />
<beans:bean id="methodSecurityExpressionHandler"
class="org.springframework.security.oauth2.provider.expression.OAuth2MethodSecurityExpressionHandler" />
<beans:bean id="oauthAccessDeniedHandler"
class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
<beans:bean id="oauthAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint" />
<sec:global-method-security pre-post-annotations="enabled"
order="0" proxy-target-class="true">
<sec:expression-handler ref="methodSecurityExpressionHandler" />
</sec:global-method-security>
<sec:http security="none" pattern="/resource/**" />
<sec:http security="none" pattern="/favicon.ico" />
<beans:bean id="corsFilter" class="com.nando.api.filters.SpringCrossOriginResourceSharingFilter"/>
<!-- Maybe change the create-session here -->
<sec:http use-expressions="true" create-session="stateless"
authentication-manager-ref="userAuthenticationManager"
entry-point-ref="oauthAuthenticationEntryPoint" pattern="/oauth/token">
<sec:intercept-url pattern="/oauth/token" access="hasAuthority('OAUTH_CLIENT')" />
<sec:http-basic />
<sec:access-denied-handler ref="oauthAccessDeniedHandler" />
<sec:expression-handler ref="webSecurityExpressionHandler" />
<sec:custom-filter ref="corsFilter" after="LAST"/>
</sec:http>
<!-- Here is where the Services endpoints are secured -->
<sec:http use-expressions="true" create-session="never"
entry-point-ref="oauthAuthenticationEntryPoint" pattern="/services/**">
<sec:intercept-url pattern="/services/**"
access="hasAuthority('USE_WEB_SERVICES')" />
<sec:custom-filter ref="oauth2ProviderFilter" before="PRE_AUTH_FILTER" />
<sec:access-denied-handler ref="oauthAccessDeniedHandler" />
<sec:expression-handler ref="webSecurityExpressionHandler" />
</sec:http>
<!-- General security -->
<sec:http use-expressions="true">
<sec:intercept-url pattern="/session/list"
access="hasAuthority('VIEW_USER_SESSIONS')" />
<sec:intercept-url pattern="/oauth/**"
access="hasAuthority('USE_WEB_SERVICES')" />
<sec:intercept-url pattern="/login/**" access="permitAll()" />
<sec:intercept-url pattern="/login" access="permitAll()" />
<sec:intercept-url pattern="/scope/**" access="permitAll()" />
<sec:intercept-url pattern="/scope" access="permitAll()" />
<sec:intercept-url pattern="/logout" access="permitAll()" />
<sec:form-login default-target-url="/" login-page="/login"
login-processing-url="/login/submit" authentication-failure-url="/login?loginFailed"
username-parameter="username" password-parameter="password" />
<sec:logout logout-url="/logout" logout-success-url="/login?loggedOut"
delete-cookies="JSESSIONID" invalidate-session="true" />
<sec:session-management invalid-session-url="/login"
session-fixation-protection="changeSessionId">
<sec:concurrency-control error-if-maximum-exceeded="true"
max-sessions="1" session-registry-ref="sessionRegistry" />
</sec:session-management>
<sec:csrf />
<sec:expression-handler ref="webSecurityExpressionHandler" />
</sec:http>
</beans:beans>