带有Jersey和Spring Security OAuth2的Spring Boot [英] Spring Boot with Jersey and Spring Security OAuth2
问题描述
以下是从Spring Boot获得的示例:来自GitHub的示例代码一切似乎都正常运行.
Following the sample from Spring Boot: example code from GitHub everything seems to work fine.
但是,当我在项目中集成Spring Boot Security OAuth2时,我的OAuth2端点将停止工作.日志中有一个警告:
But when I integrate Spring Boot Security OAuth2 in the project, my OAuth2 endpoints stop working. There's a warning in the logs:
2017-05-04 08:56:24.109 WARN 2827 --- [nio-8080-exec-1] o.glassfish.jersey.servlet.WebComponent : A servlet request to the URI http://127.0.0.1:8080/oauth/token contains form parameters in the request body but the request body has been consumed by the servlet or a servlet filter accessing the request parameters. Only resource methods using @FormParam will work as expected. Resource methods consuming the request body by other means will not work as expected.
这让我想起,即使我没有注册端点,Jersey也正在捕获它并处理主体,这使Spring MVC无法接受请求...
Which makes me think even though I'm not registering the endpoint, Jersey is capturing it and processing the body, making Spring MVC unable to accept the request...
我的球衣配置为:
@Component
public class JerseyConfig extends ResourceConfig {
public JerseyConfig() {
register(InfoController.class);
}
}
我的信息控制器非常简单:
And my info controller is very simple:
@Component
@Path("/me")
@Produces("application/json")
public class InfoController {
@GET
public String meAction() {
return "Hi";
}
}
最后,我正在尝试拨打的电话并在日志中引起警告:
And finally, the call I'm trying to make and it's causing the warning in the logs:
curl -X POST -u CLIENT_APPLICATION:123456789 http://127.0.0.1:8080/oauth/token -H "Accept: application/json" -d "password=aaa&username=aa&grant_type=password&client_id=CLIENT_APPLICATION"
两个项目之间(在这种意义上,spring-boot-starter-jersey
和spring-security-oauth2
)之间是否存在已知的不兼容性?
Is there a known incompatibility between the two projects (spring-boot-starter-jersey
and spring-security-oauth2
in that sense?
删除Jersey配置可使其全部正常工作,但我需要在控制器上使用它.
Removing the Jersey configuration makes it all work, but I need to use it on my controllers.
我对OAuth2的配置是:
My configuration for OAuth2 is:
@Configuration
public class OAuth2ServerConfiguration {
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.resourceId("OAuth2 Server");
}
@Override
public void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/oauth/token").permitAll()
.antMatchers("/*").authenticated();
// @formatter:on
}
}
}
然后是安全性配置本身:
Then there's the security configuration itself:
@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
private final ApiUserDetailsService userDetailsService;
@Autowired
public WebSecurityConfiguration(ApiUserDetailsService userDetailsService) {
this.userDetailsService = userDetailsService;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
提前谢谢!
推荐答案
似乎泽西岛正在尝试处理OAuth终结点,而不应该这样做.原因是Jersey的默认映射是/*
,这意味着它将处理所有URL的请求.您可以通过以下两种方式进行更改:
It seems that Jersey is trying the handle the OAuth endpoint, which it shouldn't be. The reason is that the default mapping for Jersey is /*
, which means that it will handle requests for all URLs. You can change that in a couple of ways:
-
在
ResourceConfig
子类的顶部添加具有不同映射的@ApplicationPath
Add an
@ApplicationPath
on top of yourResourceConfig
subclass with a different mapping
@Component
@ApplicationPath("/api")
public class JerseyConfig extends ResourceConfig {}
您可以在application.properties
文件中添加映射
You can add the mapping in your application.properties
file
spring.jersey.application-path=/api
这将为您的所有Jersey终结点添加前缀/api
,并且还会导致Jersey不处理所有请求,仅处理以/api
开头的请求.
What this will do is prefix /api
to all your Jersey endpoints, and also cause Jersey not to handle all request, only ones that begin with /api
.
这篇关于带有Jersey和Spring Security OAuth2的Spring Boot的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!