1

我们开发了自己的授权服务器,我们将其用于单点登录我们开发了带有注释@EnableOAuth2Sso 的客户端应用程序,配置如下

@Override
  protected void configure(HttpSecurity http) throws Exception {
    http.sessionManagement()
    .sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
      .and()
      .antMatcher("/**")
      .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class).authorizeRequests()
      .and()
      .authorizeRequests()
        .antMatchers("/","/login/**","/callback/url/**","/error**","/webjars/**","/favicon.ico**").permitAll()
        .anyRequest().authenticated()
        .and().formLogin().failureHandler(customAuthenticationFailureHandler)
        .and().httpBasic()
        .and()
         .logout().invalidateHttpSession(true).deleteCookies("JSESSIONID");

它工作正常

但刚才我想使用 Spring Security 5 附带的 .oauth2Login() 功能,所以我将注释从 @EnableOAuth2Sso 更改为 @EnableOAuth2Client 并使用以下配置

  @Override
public void configure(HttpSecurity http) throws Exception {
    http.antMatcher("/**")
            .authorizeRequests()
            .anyRequest()
            .authenticated()
            .and()
            .oauth2Login();
}

现在在编译时我收到以下错误消息

Description:

Method springSecurityFilterChain in org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration required a bean of type 'org.springframework.security.oauth2.client.registration.ClientRegistrationRepository' that could not be found.

The following candidates were found but could not be injected:
- Bean method 'clientRegistrationRepository' in 'OAuth2ClientRegistrationRepositoryConfiguration' not loaded because OAuth2 
Clients Configured Condition registered clients is not available
Action:
Consider revisiting the entries above or defining a bean of type 'org.springframework.security.oauth2.client.registration.ClientRegistrationRepository' in your configuration.

所以我改变了我的 application.properties 从

security.oauth2.client.auto-approve-scopes=read,write
security.oauth2.client.access-token-uri=http://localhost:8080/xxxxx/oauth/token
security.oauth2.client.user-authorization-uri=http://localhost:8080/xxxxx/oauth/authorize
security.oauth2.client.client-id=xxx
security.oauth2.client.client-secret=secret
security.oauth2.client.pre-established-redirect-uri=http://localhost:11001/xxx/login/oauth2/code
security.oauth2.client.registered-redirect-uri=http://localhost:11001/xxx/login/oauth2/code
security.oauth2.client.useCurrentUri=false
security.oauth2.client.use-current-uri=false
security.oauth2.client.grant-type=authorization_code, refresh_token

到以下

 spring.security.oauth2.client.registration.client-id=xxx_client
 spring.security.oauth2.client.registration.client-secret=secret
 spring.security.oauth2.client.registration.authorization-grant-type=authorization_code,refresh_token
 spring.security.oauth2.client.registration.redirect-uri=http://localhost:11001/xxx/login/oauth2/code
 spring.security.oauth2.client.registration.scope=read,write
 spring.security.oauth2.client.registration.client-name=xxxxx
 spring.security.oauth2.client.registration.xxxxx.client-authentication-method=POST
 spring.security.oauth2.client.provider.token-uri=http://localhost:8080/xxxxx/oauth/token
 spring.security.oauth2.client.provider.authorization-uri=http://localhost:8080/xxxxx/oauth/authorize
 spring.security.oauth2.client.provider.user-info-uri=http://localhost:8080/xxxxx/validateLogin

但它会显示一个欢迎页面,其中显示了我们的授权服务器名称,即 xxxxx,如果我单击该链接,它不会连接到我们的授权服务器。

我在这里感到困惑 @EnableOAuth2Sso 和 @EnableOAuth2Client 之间有什么区别 为什么当我们使用 OAuth2Login() 时我们需要更改我们的属性

是否有任何使用 OAuth2Login 和自定义 Oauth2 提供程序的好例子(而不是 google、facebook、okta 等)我搜索了 google 但没有提供任何示例

4

0 回答 0