集成spring security oauth导致无法正常登录
0
悬赏园豆:50
[待解决问题]
项目中本来是集成了springMVC + springSecurity进行业务的权限管理。后来需要增加一些供其他项目对接的接口,于是在原有基础上又集成了spring-security-oauth来对开放的接口进行保护。集成之后原来登录功能总是登录失败。
跟踪源码发现登录时DaoAuthenticationProvider里面的userDetailsService 是 InMemoryClientDetailsService 而不是 InMemoryUserDetailsManager。因此找不到对应的用户导致失败。请问要怎样配置才能解决这个问题?我用的是xml的配置方式,不是javaConfig方式。还有我使用的版本如下(都是比较新的):
- spring:4.3.14
- spring-security:4.1.5
- spring-security-oauth:2.2.0
完整的配置如下:
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:o="http://www.springframework.org/schema/security/oauth2" xmlns:sec="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.1.xsd http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd"> <mvc:annotation-driven /> <mvc:default-servlet-handler /> <bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore"> </bean> <bean id="tokenService" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices"> <property name="tokenStore" ref="tokenStore"></property> <property name="supportRefreshToken" value="true"></property> </bean> <sec:authentication-manager id="oauth2AuthenticationManager"> <sec:authentication-provider user-service-ref="clientDetailsUserService" /> </sec:authentication-manager> <sec:authentication-manager alias="authenticationManager"> <sec:authentication-provider user-service-ref="userService"> </sec:authentication-provider> </sec:authentication-manager> <sec:user-service id="userService"> <sec:user name="admin" password="admin" authorities="Role_ADMIN,ROLE_USER" /> <sec:user name="user" password="user" authorities="ROLE_USER" /> <sec:user name="client" password="client" authorities="ROLE_CLIENT" /> </sec:user-service> <bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService"> <constructor-arg ref="clientDetailsService"></constructor-arg> </bean> <o:client-details-service id="clientDetailsService"> <o:client client-id="c1" secret="c1" scope="read,write,trust" resource-ids="apiResource" authorized-grant-types="password,refresh_token,client_credentials" /> <o:client client-id="c2" secret="c2" resource-ids="device-resource" authorities="ROLE_Mobile" scope="read,write" autoapprove="true" authorized-grant-types="password,refresh_token,client_credentials" /> </o:client-details-service> <bean id="authenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint" /> <bean id="oauth2AccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" /> <bean id="oauthUserApprovalHandler" class="org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler"> </bean> <bean id="oauth2AccessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased"> <constructor-arg> <list> <bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter"></bean> <bean class="org.springframework.security.access.vote.RoleVoter"></bean> <bean class="org.springframework.security.access.vote.AuthenticatedVoter"></bean> </list> </constructor-arg> </bean> <bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter"> <property name="authenticationManager" ref="oauth2AuthenticationManager" /> </bean> <o:authorization-server token-services-ref="tokenService" client-details-service-ref="clientDetailsService" user-approval-handler-ref="oauthUserApprovalHandler"> <o:authorization-code authorization-code-services-ref="authorizationCodeServices" disabled="true" /> <o:implicit disabled="true" /> <o:refresh-token /> <o:client-credentials /> <o:password /> </o:authorization-server> <o:resource-server id="apiResourceServerFilter" resource-id="apiResource" token-services-ref="tokenService" /> <sec:http pattern="/assets/**" security="none" /> <sec:http pattern="/login.jsp*" security="none" /> <sec:http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="oauth2AuthenticationManager" entry-point-ref="authenticationEntryPoint"> <sec:intercept-url pattern="/oath/token" access="IS_AUTHENTICATED_FULLY" /> <sec:anonymous enabled="false" /> <sec:http-basic entry-point-ref="authenticationEntryPoint" /> <sec:custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" /> <sec:access-denied-handler ref="oauth2AccessDeniedHandler" /> <sec:csrf disabled="true" /> </sec:http> <sec:http pattern="/api/**" use-expressions="false" create-session="never" entry-point-ref="authenticationEntryPoint" access-decision-manager-ref="oauth2AccessDecisionManager"> <sec:intercept-url pattern="/api/**" access="ROLE_CLIENT" /> <sec:anonymous enabled="false" /> <sec:custom-filter ref="apiResourceServerFilter" before="PRE_AUTH_FILTER" /> <sec:access-denied-handler ref="oauth2AccessDeniedHandler" /> <sec:csrf disabled="true" /> </sec:http> <sec:http use-expressions="false"> <sec:intercept-url pattern="/oauth/**" access="ROLE_CLIENT" /> <sec:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" /> <sec:access-denied-handler error-page="/403.jsp" /> <sec:form-login login-page="/login.jsp" login-processing-url="/login" username-parameter="username" password-parameter="password" default-target-url="/home" authentication-failure-url="/login.jsp?error=true" /> <sec:logout logout-success-url="/login.jsp" /> <sec:csrf disabled="true" /> </sec:http> </beans>
