1

我一直在尝试配置 Spring OAuth2。已经部分成功。

为了测试我一直在使用 SOAPui 并将重定向 uri 设置为“urn:ietf:wg:oauth:2.0:oob”。

我的系统的问题是我可以去获取授权码,但它不会重定向到授权服务器来获取访问码。我一直在查看日志,发现那里没有定义 URL,它没有执行 /app/oauth/token?code=OB05Cb 而只是在 url 上执行 ?code=OB05Cb

调试:org.springframework.web.servlet.DispatcherServlet - 渲染视图 [org.springframework.web.servlet.view.RedirectView:未命名;网址 [urn:?code=OB05Cb]]

然后它显示在我的 SoapUI 上找不到的页面并停止工作流。

我相信我错过了一些没有这样做的拦截器。我不知道为什么它没有前进。谁能给我一些提示?谢谢!

我正在使用 Spring OAuth2 版本 2.0.3.RELEASE 4.0.5.RELEASE 3.2.5.RELEASE

这是我的配置文件。

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:sec="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:oauth2="http://www.springframework.org/schema/security/oauth2"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security/oauth2
http://www.springframework.org/schema/security/spring-security-oauth2.xsd">

<beans:bean id="tokenStore"
    class="com.nando.api.service.CassandraTokenStore" />

<beans:bean id="codes"
        class="com.nando.api.service.CassandraAuthorizationCodeService" />

<beans:bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
        <beans:property name="tokenStore" ref="tokenStore"/>
</beans:bean>

<!-- Added this -->
<beans:bean id="authenticationManager" class="org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationManager">
        <beans:property name="resourceId" value="nando"/>
        <beans:property name="tokenServices" ref="tokenServices"/>
</beans:bean>

<beans:bean id="tokenExtractor" 
           class="org.springframework.security.oauth2.provider.authentication.BearerTokenExtractor"/>

   <beans:bean id="userService" class="com.nando.api.service.DefaultUserService" />
    <beans:bean id="webServiceClientService"
        class="com.nando.api.service.DefaultWebServiceClientService" />
    <beans:bean id="clientDetailsUserService"
        class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
        <beans:constructor-arg ref="webServiceClientService" />
        <!-- might need or not to set the passwordEncoder -->
        <!-- <beans:property name="passwordEncoder" ref="passwordEncoder" /> -->
    </beans:bean>

<beans:bean id="oauthRequestFactory"
    class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory">
    <!-- Added this -->
    <beans:property name="checkUserScopes" value="true" />
    <!-- TODO arguments here -->
    <beans:constructor-arg name="clientDetailsService"
        ref="webServiceClientService" />
</beans:bean>

<beans:bean id="userApprovalHandler"
        class="org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler">
        <!-- TODO here -->
        <beans:property name="requestFactory" ref="oauthRequestFactory" />
        <beans:property name="tokenStore" ref="tokenStore" />
        <beans:property name="clientDetailsService" ref="webServiceClientService" />
    </beans:bean>

<beans:bean id="resolver" class="org.springframework.security.oauth2.provider.endpoint.DefaultRedirectResolver" />

<beans:bean id="requestValidator" class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestValidator" />

 <oauth2:authorization-server client-details-service-ref="webServiceClientService" 
 token-services-ref="tokenServices" user-approval-page="/oauth/userapproval" 
 error-page="/oauth/error" authorization-endpoint-url="/oauth/authorize" token-endpoint-url="/oauth/token" user-approval-handler-ref="userApprovalHandler">
 <oauth2:authorization-code
            authorization-code-services-ref="codes" />
        <oauth2:refresh-token/>
        <oauth2:password/>
 </oauth2:authorization-server>

<!-- Spring Security Authentication Managers -->

<beans:bean id="passwordEncoder"
        class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />

<sec:authentication-manager alias="userAuthenticationManager">
        <sec:authentication-provider user-service-ref="userService">
            <sec:password-encoder ref="passwordEncoder"/>
        </sec:authentication-provider>
</sec:authentication-manager>

<sec:authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
        <sec:authentication-provider user-service-ref="clientDetailsUserService"/>
</sec:authentication-manager>

<oauth2:resource-server id="oauth2ProviderFilter" 
            authentication-manager-ref="authenticationManager" token-extractor-ref="tokenExtractor" token-services-ref="tokenServices"/>

<beans:bean id="sessionRegistry"
        class="org.springframework.security.core.session.SessionRegistryImpl" />

<beans:bean id="webSecurityExpressionHandler"
        class="org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler" />

<beans:bean id="methodSecurityExpressionHandler"
        class="org.springframework.security.oauth2.provider.expression.OAuth2MethodSecurityExpressionHandler" />

<beans:bean id="oauthAccessDeniedHandler"
        class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />

<beans:bean id="oauthAuthenticationEntryPoint"
        class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint" />


<sec:global-method-security pre-post-annotations="enabled"
        order="0" proxy-target-class="true">
        <sec:expression-handler ref="methodSecurityExpressionHandler" />
</sec:global-method-security>


<sec:http security="none" pattern="/resource/**" />
<sec:http security="none" pattern="/favicon.ico" />

<beans:bean id="corsFilter" class="com.nando.api.filters.SpringCrossOriginResourceSharingFilter"/>

<!-- Maybe change the create-session here -->
<sec:http use-expressions="true" create-session="stateless"
    authentication-manager-ref="userAuthenticationManager"
    entry-point-ref="oauthAuthenticationEntryPoint" pattern="/oauth/token">
    <sec:intercept-url pattern="/oauth/token" access="hasAuthority('OAUTH_CLIENT')" />
    <sec:http-basic />
    <sec:access-denied-handler ref="oauthAccessDeniedHandler" />
    <sec:expression-handler ref="webSecurityExpressionHandler" />
    <sec:custom-filter ref="corsFilter" after="LAST"/>
</sec:http>

<!-- Here is where the Services endpoints are secured -->
<sec:http use-expressions="true" create-session="never"
    entry-point-ref="oauthAuthenticationEntryPoint" pattern="/services/**">
    <sec:intercept-url pattern="/services/**"
        access="hasAuthority('USE_WEB_SERVICES')" />
    <sec:custom-filter ref="oauth2ProviderFilter" before="PRE_AUTH_FILTER" />
    <sec:access-denied-handler ref="oauthAccessDeniedHandler" />
    <sec:expression-handler ref="webSecurityExpressionHandler" />
</sec:http>

<!-- General security -->
<sec:http use-expressions="true">
    <sec:intercept-url pattern="/session/list"
        access="hasAuthority('VIEW_USER_SESSIONS')" />
    <sec:intercept-url pattern="/oauth/**"
        access="hasAuthority('USE_WEB_SERVICES')" />
    <sec:intercept-url pattern="/login/**" access="permitAll()" />
    <sec:intercept-url pattern="/login" access="permitAll()" />
    <sec:intercept-url pattern="/scope/**" access="permitAll()" />
    <sec:intercept-url pattern="/scope" access="permitAll()" />
    <sec:intercept-url pattern="/logout" access="permitAll()" />
    <sec:form-login default-target-url="/" login-page="/login"
        login-processing-url="/login/submit" authentication-failure-url="/login?loginFailed"
        username-parameter="username" password-parameter="password" />
    <sec:logout logout-url="/logout" logout-success-url="/login?loggedOut"
        delete-cookies="JSESSIONID" invalidate-session="true" />
    <sec:session-management invalid-session-url="/login"
        session-fixation-protection="changeSessionId">
        <sec:concurrency-control error-if-maximum-exceeded="true"
            max-sessions="1" session-registry-ref="sessionRegistry" />
    </sec:session-management>
    <sec:csrf />
    <sec:expression-handler ref="webSecurityExpressionHandler" />
</sec:http>

</beans:beans>
4

0 回答 0