溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
如何解決springboot2集成oauth2踩坑的問題,相信很多沒有經驗的人對此束手無策,為此本文總結了問題出現的原因和解決方法,通過這篇文章希望你能解決這個問題。
剛開始用springboot1.5集成oauth3沒問題,現在升級成springboot2.1踩了不少坑,下面列舉下:
Possible CSRF detected - state parameter was required but no state could be found
客戶端代碼
@EnableOAuth3Sso
@Configuration
public class UiSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**")
.authorizeRequests()
.antMatchers("/", "/login**")
.permitAll()
.anyRequest()
.authenticated();
}
}在獲取到code后一直停留在登陸頁面上 
在網上找了下有以下方案: 1、配置server.servlet.session.cookie.name=UPSESSIONID 但是這個試了沒效果 2、設置code策略authCodeProvider.setStateMandatory(false); 這里改動了很多代碼
@Configuration
@EnableOAuth3Client
@EnableGlobalMethodSecurity(prePostEnabled=true)//開啟@PreAuthorize注解
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private OAuth3ClientContext oauth3ClientContext;
@Override
protected void configure(HttpSecurity http) throws Exception {
// // @formatter:off
http.authorizeRequests()
.anyRequest().authenticated().and()
.formLogin().loginPage("/login").permitAll().and()
.exceptionHandling().and()
.logout().logoutSuccessUrl("/login").permitAll()
.and().headers().frameOptions().sameOrigin()
.and().csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);//這里需要配置在basic前
}
@Bean
public FilterRegistrationBean oauth3ClientFilterRegistration(OAuth3ClientContextFilter filter) {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(filter);
registration.setOrder(-100);
return registration;
}
@Bean
@ConfigurationProperties("security.oauth3")
public ClientResources trina() {
return new ClientResources();
}
private Filter ssoFilter() {
CompositeFilter filter = new CompositeFilter();
List<filter> filters = new ArrayList<filter>();
filters.add(ssoFilter(trina(), "/login"));
filter.setFilters(filters);
return filter;
}
private Filter ssoFilter(ClientResources client, String path) {
OAuth3ClientAuthenticationProcessingFilter oAuth3ClientAuthenticationFilter = new OAuth3ClientAuthenticationProcessingFilter(
path);
OAuth3RestTemplate oAuth3RestTemplate = new OAuth3RestTemplate(client.getClient(), this.oauth3ClientContext);
oAuth3ClientAuthenticationFilter.setRestTemplate(oAuth3RestTemplate);
AuthorizationCodeAccessTokenProvider authCodeProvider = new AuthorizationCodeAccessTokenProvider();
authCodeProvider.setStateMandatory(false);
AccessTokenProviderChain provider = new AccessTokenProviderChain(
Arrays.asList(authCodeProvider));
oAuth3RestTemplate.setAccessTokenProvider(provider);
UserInfoTokenServices tokenServices = new UserInfoTokenServices(client.getResource().getUserInfoUri(),
client.getClient().getClientId());
tokenServices.setRestTemplate(oAuth3RestTemplate);
oAuth3ClientAuthenticationFilter.setTokenServices(tokenServices);
return oAuth3ClientAuthenticationFilter;
}
}
class ClientResources {
@NestedConfigurationProperty
private AuthorizationCodeResourceDetails client = new AuthorizationCodeResourceDetails();
@NestedConfigurationProperty
private ResourceServerProperties resource = new ResourceServerProperties();
public AuthorizationCodeResourceDetails getClient() {
return client;
}
public ResourceServerProperties getResource() {
return resource;
}
}修改后訪問呢連接,登陸后成功跳轉到指定頁面。
看完上述內容,你們掌握如何解決springboot2集成oauth2踩坑的問題的方法了嗎?如果還想學到更多技能或想了解更多相關內容,歡迎關注億速云行業資訊頻道,感謝各位的閱讀!
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
