时间戳

首页 > 解决方案 > Spring Security OAuth2 SSO 未经授权的 401 错误

spring - Spring Security OAuth2 SSO 未经授权的 401 错误

问题描述

我对 Spring Security 和 OAuth2 SSO 尤其陌生。

我目前正在尝试使用此示例 Spring Boot OAuth2 教程进行测试和学习: https ://spring.io/guides/tutorials/spring-boot-oauth2/

我可以使用类似的 application.yml 设置登录,如下所示:

security:
 oauth2:
  client:
   clientId: 233668646673605
   clientSecret: 33b17e044ee6a4fa383f46ec6e28ea1d
   accessTokenUri: https://graph.facebook.com/oauth/access_token
   userAuthorizationUri: https://www.facebook.com/dialog/oauth
   tokenName: oauth_token
   authenticationScheme: query
   clientAuthenticationScheme: form
resource:
  userInfoUri: https://graph.facebook.com/me

这是我的 pom.xml:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>2.1.3.RELEASE</version>
    <relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.sao.social.apps</groupId>
<artifactId>SocialApplication</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>SocialApplication</name>
<description>OAuth2 Login With Spring Boot</description>

<properties>
    <java.version>1.8</java.version>
</properties>

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-test</artifactId>
        <scope>test</scope>
    </dependency>
            <dependency>
            <groupId>org.springframework.security.oauth.boot</groupId>
            <artifactId>spring-security-oauth2-autoconfigure</artifactId>
            <version>2.1.1.RELEASE</version>
            </dependency>
            <dependency>
            <groupId>org.webjars</groupId>
            <artifactId>jquery</artifactId>
            <version>2.1.1</version>
    </dependency>
    <dependency>
            <groupId>org.webjars</groupId>
            <artifactId>bootstrap</artifactId>
            <version>3.2.0</version>
    </dependency>
    <dependency>
            <groupId>org.webjars</groupId>
            <artifactId>webjars-locator-core</artifactId>
    </dependency>
    <dependency>
        <groupId>org.webjars</groupId>
        <artifactId>js-cookie</artifactId>
        <version>2.1.0</version>
    </dependency>
</dependencies>

<build>
    <plugins>
        <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
        </plugin>
    </plugins>
</build>

这是启用了 OAuth2SSO 以及安全和休息控制器的主类:

@SpringBootApplication
    @EnableOAuth2Sso
    @RestController
    public class SocialApplication extends WebSecurityConfigurerAdapter  {
    @RequestMapping("/user")
       public Principal user(Principal principal) {
       return principal;
      }
      @Override
      protected void configure(HttpSecurity httpSec) throws Exception{
         httpSec
         .antMatcher("/**")
         .authorizeRequests()
              .antMatchers("/", "/login**", "/webjars/**", "/error**")
              .permitAll()
         .anyRequest()
              .authenticated()
              .and().logout().logoutSuccessUrl("/").permitAll()
        .and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
  }
   public static void main(String[] args) {
        SpringApplication.run(SocialApplication.class, args);
    }

}

最后是视图:index.html:

<!doctype html>
<html lang="en">
<head>
    <meta charset="utf-8"/>
    <meta http-equiv="X-UA-Compatible" content="IE=edge"/>
    <title>Demo</title>
    <meta name="description" content=""/>
    <meta name="viewport" content="width=device-width"/>
    <base href="/"/>
    <link rel="stylesheet" type="text/css" href="/webjars/bootstrap/css/bootstrap.min.css"/>
    <script type="text/javascript" src="/webjars/jquery/jquery.min.js"></script>
    <script type="text/javascript" src="/webjars/bootstrap/js/bootstrap.min.js"></script>
</head>
<body>
<div class="container">
    <h1>Login</h1>
        <div class="container unauthenticated">
    With Facebook: <a href="/login">click here</a>
</div>
    <div class="container authenticated" style="display:none">
        Logged in as: <span id="user"></span>
    </div>
</div>

 <script type="text/javascript">
    $.get("/user", function(data) {
        $("#user").html(data.userAuthentication.details.name);
        $(".unauthenticated").hide();
        $(".authenticated").show();
    });
</script>
</body>
</html>

我的主要挑战是我可以使用 Facebook(在这种情况下为授权服务器)登录,但是当我被重定向到 localhost:8080/login 时,我总是从 spring 收到401 未经授权的错误,而不是向我显示成功验证的用户名和在 view-index.html 中按预期登录。我还需要在 Facebook 上设置什么,还是在 Spring 上遗漏了什么?

谢谢!

标签: springspring-bootspring-securityoauth-2.0single-sign-on

解决方案

确保 SocialApplication 类的包与其他包处于同一级别,您的主类的 @SpringBootApplication 注解可能没有扫描其组件。

这对我来说是一个解决方案。

推荐阅读