带有 OAuth 的 Spring Boot Security Multi Http 不起作用

Posted

技术标签:

【中文标题】带有 OAuth 的 Spring Boot Security Multi Http 不起作用【英文标题】:Spring Boot Security Multi Http with OAuth not working 【发布时间】:2019-02-17 09:00:41 【问题描述】:

我有一个使用 Spring Boot 开发并受 Sprint Security 和 OAuth 保护的可用 Rest API:

@Configuration
@EnableResourceServer
@EnableOAuth2Client
@Order(2)
public class SecurityConfig extends ResourceServerConfigurerAdapter 

    @Override
    public void configure(HttpSecurity http) throws Exception 
        http.cors().and().antMatcher("/**").csrf().disable();
        http.authorizeRequests().anyRequest().authenticated().and().httpBasic();

然后我在我的应用程序中添加了一些 Web 表单,因此我按照以下说明扩展了安全配置以处理多个 HttpSecurity:https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#multiple-httpsecurity,但它不再起作用了。 

@Configuration
@EnableWebSecurity
public class SecurityConfig 

    @Configuration
    @EnableOAuth2Sso
    @EnableOAuth2Client
    @Order(1)                                    
    public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter 

    

    @Configuration
    @EnableOAuth2Sso
    @EnableOAuth2Client
    @Order(2)
    public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter

将日志文件与工作版本进行比较时,我发现 多 HTTP 配置不会触发 OAuth2AuthenticationProcessingFilter:

工作日志

12:45:01.808 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request '/external_users' matched by universal pattern '/**'
12:45:01.809 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
12:45:01.810 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
12:45:01.812 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
12:45:02.093 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 4 of 13 in additional filter chain; firing Filter: 'CorsFilter'
12:45:02.093 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
12:45:02.093 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', GET]
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/external_users'; against '/logout'
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', POST]
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /external_users' doesn't match 'POST /logout
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', PUT]
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /external_users' doesn't match 'PUT /logout
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', DELETE]
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /external_users' doesn't match 'DELETE /logout
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - No matches found
12:45:02.094 [http-nio-8081-exec-1] DEBUG o.s.security.web.FilterChainProxy - /external_users at position 6 of 13 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'

非工作日志

12:49:42.506 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/external_users'; against '/api/**'
12:49:42.510 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
12:49:42.511 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
12:49:42.512 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
12:49:42.514 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 4 of 12 in additional filter chain; firing Filter: 'CorsFilter'
12:49:42.515 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
12:49:42.515 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', GET]
12:49:42.517 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/api/external_users'; against '/logout'
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', POST]
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/external_users' doesn't match 'POST /logout
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', PUT]
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/external_users' doesn't match 'PUT /logout
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - Trying to match using Ant [pattern='/logout', DELETE]
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /api/external_users' doesn't match 'DELETE /logout
12:49:42.518 [http-nio-8082-exec-2] DEBUG o.s.s.w.u.matcher.OrRequestMatcher - No matches found
12:49:42.519 [http-nio-8082-exec-2] DEBUG o.s.security.web.FilterChainProxy - /api/external_users at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'

【问题讨论】:

【参考方案1】:

我找到了一个适合我的替代配置:

    更改@EnableResourceServer 的第一个注释而不是@EnableWebSecurity 将 ApiWebSecurityConfigurationAdapter 的父类改为 ResourceServerConfigurerAdapter 移除 FormLoginWebSecurityConfigurerAdapter 的 Order 注释

这是最终的工作代码:

@Configuration
@EnableResourceServer
public class SecurityConfig 

    @Configuration
    @EnableOAuth2Sso
    @EnableOAuth2Client
    @Order(1)                                    
    public static class ApiWebSecurityConfigurationAdapter extends ResourceServerConfigurerAdapter 

    

    @Configuration
    @EnableOAuth2Sso
    @EnableOAuth2Client
    public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter

【讨论】:

以上是关于带有 OAuth 的 Spring Boot Security Multi Http 不起作用的主要内容,如果未能解决你的问题,请参考以下文章

带有 Spring Boot 的 OAuth2 SSO 没有授权屏幕

带有加密 JWT 访问令牌的 Spring Boot OAuth2

带有 Spring Boot REST 应用程序的 OAuth2 - 无法使用令牌访问资源

带有jdbc令牌存储的spring boot oauth2给出oauth_access_token关系不存在

带有访问/刷新令牌的 Spring Boot OAuth2 SSO 未正确存储在数据库中

带有 Google 的 OAuth2 - CORS 错误(Angular + Spring boot)[重复]