绕过登录页面以将用户直接发送到授权URI [英] Bypassing the login page to send the user directly to the authorization URI
问题描述
我是Spring框架的新手,我正在尝试使用Azure AD身份验证通过Spring Security设置我的应用程序.我已经设置了基本知识,并且我的应用程序已正确验证到Azure AD.
我所遇到的问题涉及绕过所生成的默认"/login"页面.我希望应用程序能够自动重定向到Microsoft的登录页面,而不是在需要身份验证时登陆默认的"/login"页面(或创建自己的自定义页面).
我的依赖项:
依赖项{编译('org.springframework.boot:spring-boot-starter-web')编译('org.springframework.boot:spring-boot-starter-thymeleaf')编译("org.springframework.boot:spring-boot-devtools")编译("org.springframework.security:spring-security-oauth2-client")编译("org.springframework.security:spring-security-oauth2-jose")编译("org.springframework.security:spring-security-config")编译('com.microsoft.azure:azure-active-directory-spring-boot-starter')编译'com.scireum:parsii:1.5'编译'com.microsoft.sqlserver:mssql-jdbc:7.0.0.jre8'编译"com.zaxxer:HikariCP:2.3.5"testCompile('org.springframework.boot:spring-boot-starter-test') }
WebSecurityConfig类
@EnableWebSecurity@EnableGlobalMethodSecurity(prePostEnabled = true)公共类WebSecurityConfig扩展了WebSecurityConfigurerAdapter {@Autowired私有OAuth2UserService< OidcUserRequest,OidcUser>oidcUserService;@Override受保护的void configure(HttpSecurity http)抛出异常{http.authorizeRequests().antMatchers("/**").hasRole("Users").anyRequest().authenticated().和().oauth2Login().userInfoEndpoint().oidcUserService(oidcUserService);}}
我也尝试过此操作,但无法运行.
org.springframework.beans.factory.BeanCreationException:在类路径资源[org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]中创建名称为'springSecurityFilterChain'的bean时出错通过工厂方法实例化失败;嵌套的异常是org.springframework.beans.BeanInstantiationException:无法实例化[javax.servlet.Filter]:工厂方法'springSecurityFilterChain'抛出了异常;嵌套异常为java.lang.IllegalArgumentException:实例不能为null在org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:590)〜[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1256)〜[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1105)〜[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:543)〜[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:503)〜[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]在org.springframework.beans.factory.support.AbstractBeanFactory.lambda $ doGetBean $ 0(AbstractBeanFactory.java:317)〜[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]在org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)〜[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]在org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:315)〜[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]在org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)〜[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]在org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:304)〜[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]在org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)〜[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]在org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:760)〜[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]在org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:869)〜[spring-context-5.0.7.RELEASE.jar:5.0.7.RELEASE]在org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:550)〜[spring-context-5.0.7.RELEASE.jar:5.0.7.RELEASE]在org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:140)〜[spring-boot-2.0.3.RELEASE.jar:2.0.3.RELEASE]在org.springframework.boot.SpringApplication.refresh(SpringApplication.java:759)〜[spring-boot-2.0.3.RELEASE.jar:2.0.3.RELEASE]在org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:395)〜[spring-boot-2.0.3.RELEASE.jar:2.0.3.RELEASE]在org.springframework.boot.SpringApplication.run(SpringApplication.java:327)〜[spring-boot-2.0.3.RELEASE.jar:2.0.3.RELEASE]在org.springframework.boot.SpringApplication.run(SpringApplication.java:1255)〜[spring-boot-2.0.3.RELEASE.jar:2.0.3.RELEASE]在org.springframework.boot.SpringApplication.run(SpringApplication.java:1243)〜[spring-boot-2.0.3.RELEASE.jar:2.0.3.RELEASE]在com.ctr.Application.main(Application.java:12)〜[main/:na]在java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(本机方法)〜[na:na]在java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)〜[na:na]在java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)〜[na:na]在java.base/java.lang.reflect.Method.invoke(Method.java:566)〜[na:na]在org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:49)〜[spring-boot-devtools-2.0.3.RELEASE.jar:2.0.3.RELEASE]由以下原因引起:org.springframework.beans.BeanInstantiationException:无法实例化[javax.servlet.Filter]:工厂方法'springSecurityFilterChain'引发了异常;嵌套异常为java.lang.IllegalArgumentException:实例不能为null在org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185)〜[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]在org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:582)〜[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]...省略了25个通用框架原因:java.lang.IllegalArgumentException:实例不能为null在org.springframework.util.Assert.notNull(Assert.java:193)〜[spring-core-5.0.7.RELEASE.jar:5.0.7.RELEASE]在org.springframework.core.ResolvableType.forInstance(ResolvableType.java:1068)〜[spring-core-5.0.7.RELEASE.jar:5.0.7.RELEASE]在com.ctr.security.WebSecurityConfig.getSingleAuthenticationUrl(WebSecurityConfig.java:59)〜[main/:na]在com.ctr.security.WebSecurityConfig.init(WebSecurityConfig.java:47)〜[main/:na]在com.ctr.security.WebSecurityConfig.init(WebSecurityConfig.java:21)〜[main/:na]在com.ctr.security.WebSecurityConfig $$ EnhancerBySpringCGLIB $ 3561cee5.init(< generate>)〜[main/:na]在org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:371)〜[spring-security-config-5.0.6.RELEASE.jar:5.0.6.RELEASE]在org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:325)〜[spring-security-config-5.0.6.RELEASE.jar:5.0.6.RELEASE]在org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41)〜[spring-security-config-5.0.6.RELEASE.jar:5.0.6.RELEASE]在org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:104)〜[spring-security-config-5.0.6.RELEASE.jar:5.0.6.RELEASE]中在org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration $$ EnhancerBySpringCGLIB $$ 37d1d0f8.CGLIB $ springSecurityFilterChain $ 2(< Generated>)〜[spring-security-config-5.0.6.RELEASE.jar:5.0.6.RELEASE]在org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration $$ EnhancerBySpringCGLIB $$ 37d1d0f8 $$ FastClassBySpringCGLIB $$ 8b7fc73a.invoke(< generated>)〜[spring-security-config-5.0.6.RELEASE.jar:5.0.6.RELEASE]在org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)〜[spring-core-5.0.7.RELEASE.jar:5.0.7.RELEASE]在org.springframework.context.annotation.ConfigurationClassEnhancer $ BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:361)〜[spring-context-5.0.7.RELEASE.jar:5.0.7.RELEASE]在org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration $$ EnhancerBySpringCGLIB $$ 37d1d0f8.springSecurityFilterChain(< Generated>)〜[spring-security-config-5.0.6.RELEASE.jar:5.0.6.释放]在java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(本机方法)〜[na:na]在java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)〜[na:na]在java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)〜[na:na]在java.base/java.lang.reflect.Method.invoke(Method.java:566)〜[na:na]在org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)〜[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]...省略了26个通用框架 此
com.ctr.security.WebSecurityConfig.getSingleAuthenticationUrl(WebSecurityConfig.java:59)上的 指向
ResolvableType类型= ResolvableType.forInstance(clientRegistrationRepository).as(Iterable.class); 我对Spring不太了解,无法知道本示例中发生的情况以及为什么它返回空值.是否可以绕过登录页面?还是我只需要自定义登录页面即可?
如果您想绕过默认生成的登录页面并自动触发身份验证,则需要配置 oauth2Login().loginPage(..)
例如:
@Override受保护的void configure(HttpSecurity http)抛出异常{http.authorizeRequests().anyRequest().authenticated().和().oauth2Login().loginPage("/oauth2/authorization/azure")...} 这里是
My dependencies: } WebSecurityConfig class I've tried this suggestion by adding ".loginPage("/auth") to the above and added this method into the controller. That results in this redirect error. I've also tried this but it fails to run. This points to I don't know Spring well enough to know what's going on in this example and why it's returning a null value. Is it possible to bypass the login page? Or do I just need live with customizing a login page? If you would like to bypass the default generated login page and automatically trigger authentication, you need to configure For example: Here is a link to a sample Also, new in Spring Security 5.1, 这篇关于绕过登录页面以将用户直接发送到授权URI的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!dependencies {
compile('org.springframework.boot:spring-boot-starter-web')
compile('org.springframework.boot:spring-boot-starter-thymeleaf')
compile("org.springframework.boot:spring-boot-devtools")
compile("org.springframework.security:spring-security-oauth2-client")
compile("org.springframework.security:spring-security-oauth2-jose")
compile("org.springframework.security:spring-security-config")
compile('com.microsoft.azure:azure-active-directory-spring-boot-starter')
compile 'com.scireum:parsii:1.5'
compile 'com.microsoft.sqlserver:mssql-jdbc:7.0.0.jre8'
compile "com.zaxxer:HikariCP:2.3.5"
testCompile('org.springframework.boot:spring-boot-starter-test')
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/**").hasRole("Users")
.anyRequest().authenticated()
.and()
.oauth2Login()
.userInfoEndpoint()
.oidcUserService(oidcUserService);
}
}
@RequestMapping(value = "/auth", method = { RequestMethod.POST, RequestMethod.GET })
public ModelAndView loginPage() {
Map<String, Object> model = new HashMap<>();
return new ModelAndView("redirect:/oauth2/authorization/azure", "model", model);
}
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: Instance must not be null
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:590) ~[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1256) ~[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1105) ~[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:543) ~[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:503) ~[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:317) ~[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) ~[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:315) ~[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) ~[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:304) ~[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) ~[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:760) ~[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:869) ~[spring-context-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:550) ~[spring-context-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:140) ~[spring-boot-2.0.3.RELEASE.jar:2.0.3.RELEASE]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:759) ~[spring-boot-2.0.3.RELEASE.jar:2.0.3.RELEASE]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:395) ~[spring-boot-2.0.3.RELEASE.jar:2.0.3.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:327) ~[spring-boot-2.0.3.RELEASE.jar:2.0.3.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1255) ~[spring-boot-2.0.3.RELEASE.jar:2.0.3.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1243) ~[spring-boot-2.0.3.RELEASE.jar:2.0.3.RELEASE]
at com.ctr.Application.main(Application.java:12) ~[main/:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
at org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:49) ~[spring-boot-devtools-2.0.3.RELEASE.jar:2.0.3.RELEASE]
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: Instance must not be null
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185) ~[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:582) ~[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]
... 25 common frames omitted
Caused by: java.lang.IllegalArgumentException: Instance must not be null
at org.springframework.util.Assert.notNull(Assert.java:193) ~[spring-core-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.core.ResolvableType.forInstance(ResolvableType.java:1068) ~[spring-core-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at com.ctr.security.WebSecurityConfig.getSingleAuthenticationUrl(WebSecurityConfig.java:59) ~[main/:na]
at com.ctr.security.WebSecurityConfig.init(WebSecurityConfig.java:47) ~[main/:na]
at com.ctr.security.WebSecurityConfig.init(WebSecurityConfig.java:21) ~[main/:na]
at com.ctr.security.WebSecurityConfig$$EnhancerBySpringCGLIB$$3561cee5.init(<generated>) ~[main/:na]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:371) ~[spring-security-config-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:325) ~[spring-security-config-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41) ~[spring-security-config-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:104) ~[spring-security-config-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$37d1d0f8.CGLIB$springSecurityFilterChain$2(<generated>) ~[spring-security-config-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$37d1d0f8$$FastClassBySpringCGLIB$$8b7fc73a.invoke(<generated>) ~[spring-security-config-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228) ~[spring-core-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:361) ~[spring-context-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$37d1d0f8.springSecurityFilterChain(<generated>) ~[spring-security-config-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154) ~[spring-beans-5.0.7.RELEASE.jar:5.0.7.RELEASE]
... 26 common frames omitted
at com.ctr.security.WebSecurityConfig.getSingleAuthenticationUrl(WebSecurityConfig.java:59)
ResolvableType type = ResolvableType.forInstance(clientRegistrationRepository).as(Iterable.class);
oauth2Login().loginPage(..)@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.oauth2Login()
.loginPage("/oauth2/authorization/azure")
...
}
oauth2Login() will automatically trigger if you only have 1 ClientRegistration configured.
