如何通过Spring-boot 1.3.0.RC1为oauth2提供自定义安全配置 [英] How to provide custom security configuration for oauth2 with spring-boot 1.3.0.RC1

问题描述

在spring-cloud Angel.SR3版本中，我遵循了 https://github.com/中的示例spring-cloud-samples/sso ，并且在spring-boot 1.2.6.RELEASE中一切正常.

With spring-cloud Angel.SR3 release I followed example in https://github.com/spring-cloud-samples/sso and things work fine with spring-boot 1.2.6.RELEASE.

但是在spring-boot 1.3.0.RC1中，oauth2内容已移入spring-boot本身，并且以下代码无法编译，因为类 OAuth2SsoConfigurerAdapter 不再存在.

However with spring-boot 1.3.0.RC1, the oauth2 stuff has moved into spring-boot itself, and the code below fails to compile because class OAuth2SsoConfigurerAdapter no longer exists.

创建等效配置的仅Spring Boot方式是什么?

What is the spring-boot only way to create equivalent configuration?

public static void main(String[] args) {
    SpringApplication.run(MainAppApplication.class, args);
}

...

@Component
public static class LoginConfigurer extends OAuth2SsoConfigurerAdapter  {

    @Override
    public void match(RequestMatchers matchers) {
        matchers.antMatchers("/dashboard/**");
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.antMatcher("/dashboard/**").authorizeRequests().anyRequest()
        .authenticated().and().csrf()
        .csrfTokenRepository(csrfTokenRepository()).and()
        .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
    }

    private Filter csrfHeaderFilter() {
        return new OncePerRequestFilter() {
    ...
        };
    }

    ...

}

推荐答案

您只需要使用org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter并仔细使用此注释org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso

You just have to use org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter and carefully use this annotation org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso

我写得很仔细，因为它的行为取决于您添加它的位置.如javadoc中所述:

I've written carefully because its behaviour depends on where you add it. As stated in the javadoc:

启用OAuth2单点登录(SSO).如果用户提供了一个现有的WebSecurityConfigurerAdapter并用@ EnableOAuth2Sso进行了注释，则可以通过添加身份验证筛选器和身份验证入口点来对其进行增强.如果用户只有@ EnableOAuth2Sso而不是WebSecurityConfigurerAdapter上的用户，则将添加一个具有所有路径安全且顺序使其使其在Spring Boot中默认HTTP Basic安全链之前的命令.

Enable OAuth2 Single Sign On (SSO). If there is an existing WebSecurityConfigurerAdapter provided by the user and annotated with @EnableOAuth2Sso, it is enhanced by adding an authentication filter and an authentication entry point. If the user only has @EnableOAuth2Sso but not on a WebSecurityConfigurerAdapter then one is added with all paths secured and with an order that puts it ahead of the default HTTP Basic security chain in Spring Boot.

希望有帮助！

这篇关于如何通过Spring-boot 1.3.0.RC1为oauth2提供自定义安全配置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！