java – Spring无法配置授权服务器
发布时间:2020-12-15 02:18:44 所属栏目:Java 来源:网络整理
导读:我创建了一个简单的授权服务器,但无法配置它. 启动两个应用程序(8080用于auth服务器,9999用于客户端). 转到localhost:9999 / client并重定向到localhost:8080 / login(按预期方式). 使用用户/用户填写登录表单. 重定向到localhost:9999 / client(按预期方
|
我创建了一个简单的授权服务器,但无法配置它.
>启动两个应用程序(8080用于auth服务器,9999用于客户端). 但是,如果我直接访问localhost:8080 / me,我有{“name”:“user”}.如何检索Hello,用户? 授权服务器 @RestController
@EnableAuthorizationServer
@SpringBootApplication
public class Application extends WebSecurityConfigurerAdapter {
public static void main(String[] args) {
SpringApplication.run(Application.class,args);
}
@GetMapping({ "/user","/me" })
public Map<String,String> user(Principal principal) {
return Collections.singletonMap("name",principal == null ? "null" : principal.getName());
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("user").authorities(AuthorityUtils.NO_AUTHORITIES);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin();
}
}
应用程序的属性 security:
oauth2:
client:
client-id: clientid
client-secret: clientsecret
scope: read,write
auto-approve-scopes: '.*'
客户 @Configuration
@EnableAutoConfiguration
@EnableOAuth2Sso
@RestController
public class Client {
@GetMapping("/")
public String home(Principal principal) {
return "Hello," + principal.getName();
}
public static void main(String[] args) {
new SpringApplicationBuilder(Client.class)
.properties("spring.config.name=client").run(args);
}
}
客户的财产 server:
port: 9999
context-path: /client
security:
oauth2:
client:
client-id: clientid
client-secret: clientsecret
access-token-uri: http://localhost:8080/oauth/token
user-authorization-uri: http://localhost:8080/oauth/authorize
resource:
user-info-uri: http://localhost:8080/me
更新: 解决方法
存在不同的端口9999 8080,当它从与第一资源本身服务的域或端口不同的域或端口请求资源时,这将导致跨源HTTP请求.
有关HTTP access control (CORS)的更多详细信息 官方春季网站Enabling Cross Origin Requests for a RESTful Web Service上有一个很好的例子 我建议只需通过实现Filter接口就可以在您的应用上进行CORS过滤. @Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class CorsFilter implements Filter {
public CorsFilter() {
}
@Override
public void doFilter(ServletRequest req,ServletResponse res,FilterChain chain) throws IOException,ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin","*"); //for production add only origins which should be allowed to access now for demo purposes this accepts all.
response.setHeader("Access-Control-Allow-Methods","POST,GET,OPTIONS,DELETE"); //i would reduce this method list if not all methods used this is added just for demo purposes
response.setHeader("Access-Control-Max-Age","3600");
response.setHeader("Access-Control-Allow-Headers","x-requested-with,authorization");
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req,res);
}
}
@Override
public void init(FilterConfig filterConfig) {
}
@Override
public void destroy() {
}
}
如果您使用的是spring boot app,请务必在组件扫描中包含新过滤器所在的包. 如果您使用’web.xml’进行配置: 然后添加过滤器 <filter>
<filter-name>CORS</filter-name>
<filter-class>com.mycompany.CorsFilter</filter-class>
</filter>
选项在servlet上添加映射 <filter-mapping>
<filter-name>CORS</filter-name>
<servlet-name>MyServlet</servlet-name>
</filter-mapping>
选项B为所有应用添加过滤器: <filter-mapping>
<filter-name>CORS</filter-name>
<url-pattern>/*</url-pattern> <!--this will add cors on all apps-->
</filter-mapping>
(编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |