java – Spring无法配置授权服务器
我创建了一个简单的授权服务器,但无法配置它.
>启动两个应用程序(8080用于auth服务器,9999用于客户端). 但是,如果我直接访问localhost:8080 / me,我有{“name”:“user”}.如何检索Hello,用户? 授权服务器 @RestController @EnableAuthorizationServer @SpringBootApplication public class Application extends WebSecurityConfigurerAdapter { public static void main(String[] args) { SpringApplication.run(Application.class,args); } @GetMapping({ "/user","/me" }) public Map<String,String> user(Principal principal) { return Collections.singletonMap("name",principal == null ? "null" : principal.getName()); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication() .withUser("user").password("user").authorities(AuthorityUtils.NO_AUTHORITIES); } @Override protected void configure(HttpSecurity http) throws Exception { http.formLogin(); } } 应用程序的属性 security: oauth2: client: client-id: clientid client-secret: clientsecret scope: read,write auto-approve-scopes: '.*' 客户 @Configuration @EnableAutoConfiguration @EnableOAuth2Sso @RestController public class Client { @GetMapping("/") public String home(Principal principal) { return "Hello," + principal.getName(); } public static void main(String[] args) { new SpringApplicationBuilder(Client.class) .properties("spring.config.name=client").run(args); } } 客户的财产 server: port: 9999 context-path: /client security: oauth2: client: client-id: clientid client-secret: clientsecret access-token-uri: http://localhost:8080/oauth/token user-authorization-uri: http://localhost:8080/oauth/authorize resource: user-info-uri: http://localhost:8080/me 更新: 解决方法
存在不同的端口9999 8080,当它从与第一资源本身服务的域或端口不同的域或端口请求资源时,这将导致跨源HTTP请求.
有关HTTP access control (CORS)的更多详细信息 官方春季网站Enabling Cross Origin Requests for a RESTful Web Service上有一个很好的例子 我建议只需通过实现Filter接口就可以在您的应用上进行CORS过滤. @Component @Order(Ordered.HIGHEST_PRECEDENCE) public class CorsFilter implements Filter { public CorsFilter() { } @Override public void doFilter(ServletRequest req,ServletResponse res,FilterChain chain) throws IOException,ServletException { HttpServletResponse response = (HttpServletResponse) res; HttpServletRequest request = (HttpServletRequest) req; response.setHeader("Access-Control-Allow-Origin","*"); //for production add only origins which should be allowed to access now for demo purposes this accepts all. response.setHeader("Access-Control-Allow-Methods","POST,GET,OPTIONS,DELETE"); //i would reduce this method list if not all methods used this is added just for demo purposes response.setHeader("Access-Control-Max-Age","3600"); response.setHeader("Access-Control-Allow-Headers","x-requested-with,authorization"); if ("OPTIONS".equalsIgnoreCase(request.getMethod())) { response.setStatus(HttpServletResponse.SC_OK); } else { chain.doFilter(req,res); } } @Override public void init(FilterConfig filterConfig) { } @Override public void destroy() { } } 如果您使用的是spring boot app,请务必在组件扫描中包含新过滤器所在的包. 如果您使用’web.xml’进行配置: 然后添加过滤器 <filter> <filter-name>CORS</filter-name> <filter-class>com.mycompany.CorsFilter</filter-class> </filter> 选项在servlet上添加映射 <filter-mapping> <filter-name>CORS</filter-name> <servlet-name>MyServlet</servlet-name> </filter-mapping> 选项B为所有应用添加过滤器: <filter-mapping> <filter-name>CORS</filter-name> <url-pattern>/*</url-pattern> <!--this will add cors on all apps--> </filter-mapping> (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |