Spring Boot + Spring OAuth Java 配置 [英] Spring Boot + Spring OAuth Java configuration
问题描述
我正在尝试在一个简单的 Spring Boot + Spring OAuth 应用程序上获得 OAuth 1(3 条腿),仅作为消费者.
I'm trying to get OAuth 1 (3 legged) on a simple Spring Boot + Spring OAuth app, only as a consumer.
我一直在尝试将 tonr 示例移植到 spring-security-oauth 存储库 (https://github.com/spring-projects/spring-security-oauth) 使用 Java 配置而不是 XML.
I've been trying to port the tonr sample on the spring-security-oauth repository (https://github.com/spring-projects/spring-security-oauth) to use Java config instead of XML.
但是,我得到:
java.lang.NullPointerException: null
at org.springframework.security.oauth.consumer.filter.OAuthConsumerProcessingFilter.doFilter(OAuthConsumerProcessingFilter.java:87)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:102)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.boot.actuate.autoconfigure.MetricFilterAutoConfiguration$MetricsFilter.doFilterInternal(MetricFilterAutoConfiguration.java:90)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:516)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1086)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:659)
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:223)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1558)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1515)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
...可能是因为 OAuthConsumerContextFilter 没有正确设置.
...probably because the OAuthConsumerContextFilter is not being setup properly.
我尝试按如下方式配置
I tried configuring the <oauth:consumer> part as follows:
@Bean
public OAuthConsumerProcessingFilter oAuthConsumerProcessingFilter()
{
OAuthConsumerProcessingFilter result = new OAuthConsumerProcessingFilter();
result.setProtectedResourceDetailsService(protectedResourceDetailsService());
final LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> map = new LinkedHashMap<>();
map.put(new RegexRequestMatcher("/sparklr/*", null), Collections.singletonList(ConsumerSecurityConfig.PERMIT_ALL_ATTRIBUTE));
result.setObjectDefinitionSource(new DefaultFilterInvocationSecurityMetadataSource(map));
return result;
}
@Bean
public ProtectedResourceDetailsService protectedResourceDetailsService()
{
return (String id) -> {
switch (id) {
case "sparklrPhotos":
sparklrProtectedResourceDetails();
break;
}
throw new RuntimeException("Error");
};
}
@Bean
public OAuthConsumerContextFilter oAuthConsumerContextFilter() {
final CoreOAuthConsumerSupport consumerSupport = new CoreOAuthConsumerSupport();
consumerSupport.setProtectedResourceDetailsService(protectedResourceDetailsService());
final OAuthConsumerContextFilter filter = new OAuthConsumerContextFilter();
filter.setConsumerSupport(consumerSupport);
return filter;
}
...但显然缺少某些东西.我什至删除了 switch 并始终返回相同的受保护资源详细信息,但这并没有改变我没有上下文的事实.
...but obviously something is missing. I even removed the switch and returned the same protected resource details all the time, but that doesn't change the fact that I don't have a context.
我应该怎么做才能完成这项工作?如果我需要显示代码的任何其他部分,请告诉我.
What should I do to make this work? Let me know if I need to show any other part of my code.
更新:我已经添加了消费者上下文过滤器,但我认为它没有被应用,因为我遇到了同样的错误
UPDATE: I've added the Consumer Context filter, but I think it's not being applied, as I get the same error
推荐答案
为了将 Spring Security 与 Java Config 一起使用,您必须拥有包含类似内容的 SecurityConfig 文件(取自 http://projects.spring.io/spring-security-oauth/docs/oauth2.html)
In order to use Spring Security with Java Config you have to have SecurityConfig file with something like this inside (taken from http://projects.spring.io/spring-security-oauth/docs/oauth2.html)
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests().antMatchers("/login").permitAll().and()
// default protection for all resources (including /oauth/authorize)
.authorizeRequests()
.anyRequest().hasRole("USER")
// ... more configuration, e.g. for form login
}
这也是您可以使用 http.addFilterAfter(oAuthConsumerContextFilter(), AnonymousAuthenticationFilter.class);
您的代码的问题在于您的过滤器在创建身份验证之前被执行.
The problem with your code is that your filter is being executed before Authetication created.
所以我猜你的过滤器至少应该在 AnonymousAuthenticationFilter.class 之后
So I guess both of yout filters should be at least after AnonymousAuthenticationFilter.class
您可以在这里找到过滤器列表:http://docs.spring.io/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#filter-stack
You can find list of filters here : http://docs.spring.io/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#filter-stack
这对我有用:
http
.addFilterAfter(oAuthConsumerContextFilter(), SwitchUserFilter.class)
.addFilterAfter(oAuthConsumerProcessingFilter(), OAuthConsumerContextFilter.class)
这篇关于Spring Boot + Spring OAuth Java 配置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
