spring-boot - HttpSecurity 文件没有方法 oauth2Login()
问题描述
我正在做 Spring Security Oauth2。在客户端,我覆盖
configure(HttpSecurity http)
方法并希望使用oauth2Login()
HttpSecurity 文件中的方法。但是HttpSecurity没有这个功能。spring-security-oauth2-client, spring-boot-starter-security and spring-security-oauth2
我已经在 pom.xml 中添加了依赖项。在HttpSecurity
文件中写着“版权所有 2002-2016 原作者或作者”。我该如何更新这个?
@EnableWebSecurity
public class OauthConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/login**")
.permitAll()
.anyRequest()
.authenticated();
}
}
解决方案
请确保您的 spring-boot-starter-parent 版本正确。
下面是一个示例:
pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>your-artifactId</artifactId>
<version>your-version</version>
<packaging>jar</packaging>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.6.RELEASE</version>
<relativePath/>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
</dependency>
<!--if you need to generate token-->
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.5.1</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
<repositories>
<repository>
<id>spring-milestones</id>
<name>Spring Milestones</name>
<url>https://repo.spring.io/milestone</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
</project>
如何配置 WebSecurityConfigurerAdapter 类:
1.使用默认实现:
@Configuration
public class SimpleTestSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.oauth2Login();
}
}
- 为, , , ,定制实现:
loginPage
authorizationEndpoint
TokenEndpoint
redirectionEndpoint
userInfoEndpoint
@Configuration
public class SimpleTestSecurityConfig extends WebSecurityConfigurerAdapter {
private String[] PERMIT_ALL = {"unsecured-endpoint1", "unsecured-endpoint2", "..."};
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers(PERMIT_ALL).permitAll()
.anyRequest().authenticated()
.and()
.oauth2Login()
.loginPage("/login")
.defaultSuccessUrl("/home")
.failureUrl("/error")
.authorizationEndpoint()
.baseUri("/oauth2/authorize-client") //default is "/oauth2/authorization"
.and()
.tokenEndpoint()
.accessTokenResponseClient(accessTokenResponseClient())
.and()
//.redirectionEndpoint()
//.baseUri("/oauth2/redirect") //base for google is "/login/oauth2/code"
//.and()
.userInfoEndpoint().oidcUserService(new OidcUserService(){
@Override
public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException {
return super.loadUser(userRequest);
}
});
}
@Bean
public AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository(){
return new HttpSessionOAuth2AuthorizationRequestRepository();
}
@Bean
public OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient(){
return new NimbusAuthorizationCodeTokenResponseClient();
}
}
- 应用程序.yml:
spring:
security:
oauth2:
client:
registration:
google:
client-id: your-client-id
client-secret: your-client-secret
redirectUriTemplate: "http://localhost:8080/login/oauth2/code/google"
scope:
- email
- profile
推荐阅读
- angular - 无法将 customDirective 与 mat-menu-item 一起使用
- javascript - 滚动时尝试使用jquery使内容淡入
- regex - 在白名单textinputformatter中添加2个十进制正数配置后TextField不接受输入
- java - 如何删除 JAVA 字符串中的“所有换行符”
- java - 使用回收视图和自定义适配器获取值并关闭对话框
- javascript - TinyMCE 的计数器未按预期工作
- node.js - Socket.io 发出不工作(通过访问 URL)
- javascript - 使用 Sheets API 和 GAS 删除无效的命名范围
- javascript - 如何隐藏一个div下面的所有div元素?
- windows - 无法 RDP 进入 Windows?