WebSecurityConfigurerAdapter 和 ResourceServerConfigurerAdapter 的关系 [英] Relation between WebSecurityConfigurerAdapter and ResourceServerConfigurerAdapter

问题描述

我正在尝试将 Spring OAuth2 集成到 Spring MVC REST 中.大多数 Spring OAuth2 示例，只有 ResourceServerConfigurerAdapter，有些还有 WebSecurityConfigurerAdapter.我不打算将 OAuth 与 Google、Facebook 等集成.我正在尝试为当前基于 Basic 身份验证的 Spring MVC REST 提供基于令牌的身份验证.有人可以向我解释在单个服务器中理解 Spring MVC REST + OAuth 集成需要什么而不是什么或好的资源吗?

I'm trying to integrate Spring OAuth2 into Spring MVC REST. Most of the Spring OAuth2 examples, there is only ResourceServerConfigurerAdapter and some of have WebSecurityConfigurerAdapter as well. I'm not going to integrate OAuth with Google, Facebook, etc. I'm trying to provide a token based authentication for Spring MVC REST which is currently based on Basic Authentication. Can someone exaplin me what is required and not or good resource to understand the Spring MVC REST +OAuth integration in a single server?

目前我的 POC 在没有 WebSecurityConfigurerAdapter 的情况下工作，但使用 ResourceServerConfigurerAdapter 和 AuthorizationServerConfigurerAdapter.看起来 ResourceServerConfigurerAdapter 就足够了.现在我不确定我应该如何处理我现有的 WebSecurityConfigurerAdapter，它在我的 Spring MVC REST 应用程序中运行良好.

Currently my POC works without WebSecurityConfigurerAdapter, but with ResourceServerConfigurerAdapter along with AuthorizationServerConfigurerAdapter. It looks like ResourceServerConfigurerAdapter is enough. Now I'm not sure what should I do to my existing WebSecurityConfigurerAdapter which is working perfectly in my Spring MVC REST application.

推荐答案

这里有一个很好的答案 https://stackoverflow.com/a/28604260，看起来WebSecurityConfigurerAdapter是一个比ResourceServerConfigurerAdapter低级的命令.

Here is a good answer https://stackoverflow.com/a/28604260, it looks like WebSecurityConfigurerAdapter is an order inferior to the ResourceServerConfigurerAdapter.

我有一个 WebSecurityConfigurerAdapter 和一个 ResourceServerConfigurerAdapter，但端点安全配置在 ResourceServerConfigurerAdapter 下:

I have a WebSecurityConfigurerAdapter and a ResourceServerConfigurerAdapter, but the endpoints security configuration is in the ResourceServerConfigurerAdapter under:

public void configure(HttpSecurity http) throws Exception {

我还有以下配置:

security:
    oauth2:
        resource:
            filter-order: 3

否则会忽略端点安全配置(我不知道为什么).

Else the endpoints security configuration is ignored (I don't know why).

这篇关于WebSecurityConfigurerAdapter 和 ResourceServerConfigurerAdapter 的关系的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！