Spring Security OAuth2:多个 ResourceServerConfiguration 不起作用 [英] Spring Security OAuth2: multiple ResourceServerConfiguration not working
问题描述
Spring 启动版本:1.5.8.RELEASESpring云版本:Edgware.RELEASE(使用zuul)
Spring boot version: 1.5.8.RELEASE Spring cloud version: Edgware.RELEASE (using zuul)
尝试配置多个资源,并按照这个例子在github上,不能让它工作.
Trying to configure multiple resources and, following this example in github, can't make it work.
我的代码是:
class ResourceServerConfigurationFactory
{
static ResourceServerConfiguration criarResourceServerConfiguration(String resourceId, int order,
HttpSecurityConfigurer configurer)
{
ResourceServerConfiguration resource = new ResourceServerConfiguration()
{
// Switch off the Spring Boot @Autowired configurers
public void setConfigurers(List<ResourceServerConfigurer> configurers)
{
super.setConfigurers(configurers);
}
};
resource.setConfigurers(Arrays.<ResourceServerConfigurer>asList(new ResourceServerConfigurerAdapter()
{
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception
{
resources.resourceId(resourceId);
}
@Override
public void configure(HttpSecurity http) throws Exception
{
configurer.configure(http);
}
}));
resource.setOrder(order);
return resource;
}
}
interface HttpSecurityConfigurer
{
public void configure(HttpSecurity http) throws Exception;
}
还有我的配置:
@Configuration
public class OAuthResourceConfiguration
{
@Bean
protected ResourceServerConfiguration usuarioResources()
{
return ResourceServerConfigurationFactory.criarResourceServerConfiguration("usuario", -10,
http -> http.antMatcher("/user").authorizeRequests().anyRequest().permitAll());
}
@Bean
protected ResourceServerConfiguration funcaoResources()
{
return ResourceServerConfigurationFactory.criarResourceServerConfiguration("funcao", -20,
http -> http.antMatcher("/ws").authorizeRequests().anyRequest().permitAll());
}
}
最后是 Spring boot 应用程序:
Finally, the Spring boot application:
@SpringBootApplication
@EnableResourceServer
@EnableZuulProxy
public class ApiGatewayApplication {
public static void main(String[] args) {
SpringApplication.run(ApiGatewayApplication.class, args);
}
}
事实:
- Spring 实例化了两个 ResourceServerConfiguration bean;
- 只有更高阶的 bean 才能工作(/user 端点没问题,/ws 端点不断询问身份验证)
- 在 spring 日志中,我可以看到只使用了/user ant 匹配器./ws 被完全忽略.
怎么了?
推荐答案
问题与我创建的 Factory 类有关.
The problem was related to the Factory class I created.
lambda + 匿名类的组合产生了某种问题(我无法理解),把事情搞砸了.
The combination of lambda + anonymous class created some kind of problem (that I was not able to understand) that screwed up things.
在@Configuration 类中将两个配置器声明为 Bean 解决了问题.
Declaring both Configurers as Beans in the @Configuration class resolved the problem.
这篇关于Spring Security OAuth2:多个 ResourceServerConfiguration 不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!