Spring Boot OAuth2 错误“访问此资源需要完全身份验证”

【问题标题】:SpringBoot OAuth2 error "Full authentication is required to access this resource"Spring Boot OAuth2 错误“访问此资源需要完全身份验证”
【发布时间】:2020-10-25 13:35:05
【问题描述】:

我正在尝试实现 OAuth2 - SpringBoot 身份验证。

我已经用permitAll()配置了一个路径,但是即使配置了,还是报错

{
    "error": "unauthorized",
    "error_description": "Full authentication is required to access this resource"
}

我正在使用邮递员进行测试,并且只是尝试获取数据库中的所有用户。当我打电话时,控件不会到达 RestController。我只想获取用户列表并提供 permitAll()。

有人可以帮忙吗? 我在下面发布代码。

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

  @Autowired
  DataSource dataSource;

  @Bean
  public BCryptPasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
  }

  @Override
  public void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().authorizeRequests().
        antMatchers(HttpMethod.POST, "/api/**").permitAll().
        antMatchers(HttpMethod.POST,"/admin/**").hasAnyRole("ADMIN").
        anyRequest().authenticated();

  }

  @Override
  public void configure(AuthenticationManagerBuilder builder) throws Exception{
    builder.jdbcAuthentication().dataSource(dataSource)
        .usersByUsernameQuery("select usrnam,usrpwd, case when usrsta='A' then true else false end from chsusrmst where usrnam=?")
        .authoritiesByUsernameQuery("select usrnam,usrtyp from chsusrmst where usrnam=?");
  }
}

@RestController
@RequestMapping("/api")
public class UserController {

    @Autowired
    private BCryptPasswordEncoder passwordEncoder;

    @Autowired
    private UserRepository userRepository;


    @PostMapping("/user/register")
    public String register(@RequestBody User user) {

        String encodedPassword = passwordEncoder.encode(user.getUserPassword());
        user.setUserPassword(encodedPassword);
        userRepository.save(user);
        return "User created";
    }

    @PostMapping("/admin/findUser")
    public User findUser(@RequestBody User user) {

        return userRepository.findByUserName(user.getUserName());
    }

    @PostMapping("/user/findAllUsers")
    public List<User> findAllUsers() {

        return userRepository.findAll();
    }
}

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    private final AuthenticationManager authenticationManager;
    private final PasswordEncoder passwordEncoder;
    private final UserDetailsService userDetailsService;

    @Value("${jwt.clientId:client}")
    private String clientId;

    @Value("${jwt.client-secret:secret}")
    private String clientSecret;

    @Value("${jwt.signing-key:123}")
    private String jwtSigningKey;

    @Value("${jwt.accessTokenValidititySeconds:43200}") // 12 hours
    private int accessTokenValiditySeconds;

    @Value("${jwt.authorizedGrantTypes:password,authorization_code,refresh_token}")
    private String[] authorizedGrantTypes;

    @Value("${jwt.refreshTokenValiditySeconds:2592000}") // 30 days
    private int refreshTokenValiditySeconds;

    public AuthorizationServerConfig(AuthenticationManager authenticationManager, PasswordEncoder passwordEncoder, UserDetailsService userDetailsService) {
        this.authenticationManager = authenticationManager;
        this.passwordEncoder = passwordEncoder;
        this.userDetailsService = userDetailsService;
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                .withClient(clientId)
                .secret(passwordEncoder.encode(clientSecret))
                .accessTokenValiditySeconds(accessTokenValiditySeconds)
                .refreshTokenValiditySeconds(refreshTokenValiditySeconds)
                .authorizedGrantTypes(authorizedGrantTypes)
                .scopes("read", "write")
                .resourceIds("api");
    }
    

    @Override
    public void configure(final AuthorizationServerEndpointsConfigurer endpoints) {
        endpoints
                .accessTokenConverter(accessTokenConverter())
                .userDetailsService(userDetailsService)
                .authenticationManager(authenticationManager);
    }

    @Bean
    JwtAccessTokenConverter accessTokenConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        return converter;
    }
}

@Configuration
@EnableResourceServer
public class ResourceServer extends ResourceServerConfigurerAdapter {

   

    @Override
    public void configure(ResourceServerSecurityConfigurer serverSecurityConfigurer) {
        serverSecurityConfigurer.resourceId("api");
    }
}

【问题讨论】:

  • 没有授权服务器和资源服务器类,它对我有用。你能分享你的 github repo,这样我就可以轻松地在本地设置整个项目?

标签: spring-boot authentication oauth-2.0 authorization


【解决方案1】:

感谢您的考虑。我发现了这个问题。资源服务器中缺少 HttpSecurity 配置,已通过添加以下部分解决。

http
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .antMatcher("/**")
            .authorizeRequests()
            .antMatchers("/user**").permitAll()
            .antMatchers("/user/**").permitAll()
            .antMatchers("/admin**").hasAuthority("ADMIN")
            .antMatchers("/api/**").authenticated()
            .anyRequest().authenticated();

【讨论】:

    猜你喜欢
    • 2018-09-11
    • 2020-11-21
    • 2016-10-03
    • 2015-01-08
    • 2019-01-01
    • 1970-01-01
    • 2016-11-11
    • 2020-03-30
    • 2022-01-03
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode