首页新闻找找看学习计划

集成spring security oauth导致无法正常登录

0
悬赏园豆:50 [待解决问题]

  项目中本来是集成了springMVC + springSecurity进行业务的权限管理。后来需要增加一些供其他项目对接的接口,于是在原有基础上又集成了spring-security-oauth来对开放的接口进行保护。集成之后原来登录功能总是登录失败。

  跟踪源码发现登录时DaoAuthenticationProvider里面的userDetailsService 是 InMemoryClientDetailsService 而不是 InMemoryUserDetailsManager。因此找不到对应的用户导致失败。请问要怎样配置才能解决这个问题?我用的是xml的配置方式,不是javaConfig方式。还有我使用的版本如下(都是比较新的):

  • spring:4.3.14
  • spring-security:4.1.5
  • spring-security-oauth:2.2.0

完整的配置如下:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:o="http://www.springframework.org/schema/security/oauth2"
    xmlns:sec="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.1.xsd
        http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd">

    <mvc:annotation-driven />
    <mvc:default-servlet-handler />

    <bean id="tokenStore"
        class="org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore">
    </bean>

    <bean id="tokenService"
        class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
        <property name="tokenStore" ref="tokenStore"></property>
        <property name="supportRefreshToken" value="true"></property>
    </bean>

    <sec:authentication-manager id="oauth2AuthenticationManager">
        <sec:authentication-provider
            user-service-ref="clientDetailsUserService" />
    </sec:authentication-manager>

    <sec:authentication-manager alias="authenticationManager">
        <sec:authentication-provider
            user-service-ref="userService">
        </sec:authentication-provider>
    </sec:authentication-manager>


    <sec:user-service id="userService">
        <sec:user name="admin" password="admin" authorities="Role_ADMIN,ROLE_USER" />
        <sec:user name="user" password="user" authorities="ROLE_USER" />
        <sec:user name="client" password="client" authorities="ROLE_CLIENT" />
    </sec:user-service>

    <bean id="clientDetailsUserService"
        class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
        <constructor-arg ref="clientDetailsService"></constructor-arg>
    </bean>

    <o:client-details-service id="clientDetailsService">
        <o:client client-id="c1" secret="c1" scope="read,write,trust"
            resource-ids="apiResource" authorized-grant-types="password,refresh_token,client_credentials" />
        <o:client client-id="c2" secret="c2" resource-ids="device-resource"
            authorities="ROLE_Mobile" scope="read,write" autoapprove="true"
            authorized-grant-types="password,refresh_token,client_credentials" />
    </o:client-details-service>

    <bean id="authenticationEntryPoint"
        class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint" />

    <bean id="oauth2AccessDeniedHandler"
        class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />

    <bean id="oauthUserApprovalHandler"
        class="org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler">
    </bean>

    <bean id="oauth2AccessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
        <constructor-arg>
            <list>
                <bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter"></bean>
                <bean class="org.springframework.security.access.vote.RoleVoter"></bean>
                <bean class="org.springframework.security.access.vote.AuthenticatedVoter"></bean>
            </list>
        </constructor-arg>
    </bean>

    <bean id="clientCredentialsTokenEndpointFilter"
        class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
        <property name="authenticationManager" ref="oauth2AuthenticationManager" />
    </bean>

    <o:authorization-server token-services-ref="tokenService"
        client-details-service-ref="clientDetailsService"
        user-approval-handler-ref="oauthUserApprovalHandler">
        <o:authorization-code
            authorization-code-services-ref="authorizationCodeServices" disabled="true" />
        <o:implicit disabled="true" />
        <o:refresh-token />
        <o:client-credentials />
        <o:password />
    </o:authorization-server>

    <o:resource-server id="apiResourceServerFilter"
        resource-id="apiResource" token-services-ref="tokenService" />

    <sec:http pattern="/assets/**" security="none" />
    <sec:http pattern="/login.jsp*" security="none" />

    <sec:http pattern="/oauth/token" create-session="stateless"
        authentication-manager-ref="oauth2AuthenticationManager"
        entry-point-ref="authenticationEntryPoint">
        <sec:intercept-url pattern="/oath/token" access="IS_AUTHENTICATED_FULLY" />
        <sec:anonymous enabled="false" />
        <sec:http-basic entry-point-ref="authenticationEntryPoint" />
        <sec:custom-filter ref="clientCredentialsTokenEndpointFilter"
            before="BASIC_AUTH_FILTER" />
        <sec:access-denied-handler ref="oauth2AccessDeniedHandler" />
        <sec:csrf disabled="true" />
    </sec:http>

    <sec:http pattern="/api/**" use-expressions="false"
        create-session="never" entry-point-ref="authenticationEntryPoint"
        access-decision-manager-ref="oauth2AccessDecisionManager">
        <sec:intercept-url pattern="/api/**" access="ROLE_CLIENT" />
        <sec:anonymous enabled="false" />
        <sec:custom-filter ref="apiResourceServerFilter"
            before="PRE_AUTH_FILTER" />
        <sec:access-denied-handler ref="oauth2AccessDeniedHandler" />
        <sec:csrf disabled="true" />
    </sec:http>

    <sec:http use-expressions="false">
        <sec:intercept-url pattern="/oauth/**" access="ROLE_CLIENT" />
        <sec:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
        <sec:access-denied-handler error-page="/403.jsp" />
        <sec:form-login login-page="/login.jsp"
            login-processing-url="/login" username-parameter="username"
            password-parameter="password" default-target-url="/home"
            authentication-failure-url="/login.jsp?error=true" />
        <sec:logout logout-success-url="/login.jsp" />
        <sec:csrf disabled="true" />
    </sec:http>

</beans>
JeremyYu的主页 JeremyYu | 初学一级 | 园豆:152
提问于:2018-03-30 18:48
< >
分享
清除回答草稿
   您需要登录以后才能回答,未注册用户请先注册