Spring Security OAuth2:多个 ResourceServerConfiguration 不起作用 [英] Spring Security OAuth2: multiple ResourceServerConfiguration not working

问题描述

Spring 启动版本:1.5.8.RELEASESpring云版本:Edgware.RELEASE(使用zuul)

Spring boot version: 1.5.8.RELEASE Spring cloud version: Edgware.RELEASE (using zuul)

尝试配置多个资源，并按照这个例子在github上，不能让它工作.

Trying to configure multiple resources and, following this example in github, can't make it work.

我的代码是:

class ResourceServerConfigurationFactory
{
    static ResourceServerConfiguration criarResourceServerConfiguration(String resourceId, int order,
            HttpSecurityConfigurer configurer)
    {
        ResourceServerConfiguration resource = new ResourceServerConfiguration()
        {
            // Switch off the Spring Boot @Autowired configurers
            public void setConfigurers(List<ResourceServerConfigurer> configurers)
            {
                super.setConfigurers(configurers);
            }
        };

        resource.setConfigurers(Arrays.<ResourceServerConfigurer>asList(new ResourceServerConfigurerAdapter()
        {
            @Override
            public void configure(ResourceServerSecurityConfigurer resources) throws Exception
            {
                resources.resourceId(resourceId);
            }

            @Override
            public void configure(HttpSecurity http) throws Exception
            {
                configurer.configure(http);
            }
        }));

        resource.setOrder(order);

        return resource;
    }
}

interface HttpSecurityConfigurer
{
    public void configure(HttpSecurity http) throws Exception;
}

还有我的配置:

@Configuration
public class OAuthResourceConfiguration
{
    @Bean
    protected ResourceServerConfiguration usuarioResources()
    {
        return ResourceServerConfigurationFactory.criarResourceServerConfiguration("usuario", -10,
                http -> http.antMatcher("/user").authorizeRequests().anyRequest().permitAll());
    }

    @Bean
    protected ResourceServerConfiguration funcaoResources()
    {
        return ResourceServerConfigurationFactory.criarResourceServerConfiguration("funcao", -20,
                http -> http.antMatcher("/ws").authorizeRequests().anyRequest().permitAll());
    }   
}

最后是 Spring boot 应用程序:

Finally, the Spring boot application:

@SpringBootApplication
@EnableResourceServer
@EnableZuulProxy
public class ApiGatewayApplication {

    public static void main(String[] args) {
        SpringApplication.run(ApiGatewayApplication.class, args);
    }
}

事实:

• Spring 实例化了两个 ResourceServerConfiguration bean；
• 只有更高阶的 bean 才能工作(/user 端点没问题，/ws 端点不断询问身份验证)
• 在 spring 日志中，我可以看到只使用了/user ant 匹配器./ws 被完全忽略.

怎么了?

推荐答案

问题与我创建的 Factory 类有关.

The problem was related to the Factory class I created.

lambda + 匿名类的组合产生了某种问题(我无法理解)，把事情搞砸了.

The combination of lambda + anonymous class created some kind of problem (that I was not able to understand) that screwed up things.

在@Configuration 类中将两个配置器声明为 Bean 解决了问题.

Declaring both Configurers as Beans in the @Configuration class resolved the problem.

这篇关于Spring Security OAuth2:多个 ResourceServerConfiguration 不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！