时间戳

首页 > 解决方案 > Spring Security不同版本中SimpleGrantedAuthority问题的序列化和反序列化

spring-boot - Spring Security不同版本中SimpleGrantedAuthority问题的序列化和反序列化

问题描述

Spring Security OAuth2 对一些微服务进行了身份验证。其中一些是 Spring Security 的版本,4.2.3.release其余的是5.1.2.release,授权服务器(UAA)由spring security 5.1.2.release与 Zuul 网关和 OAuth2 客户端相同的保护。授权类型流是authorization_code流。资源服务器配置如下:

@Configuration
@EnableResourceServer
public class OAuth2ResourceConfig extends ResourceServerConfigurerAdapter {

    @Autowired
    private DataSource dataSource;

    @Bean
    @Primary
    public DefaultTokenServices tokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        return defaultTokenServices;
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.tokenStore(tokenStore()).tokenServices(tokenServices());
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/Content/**").permitAll()
                .antMatchers("/j-captcha.jpg*").permitAll()
                .antMatchers("/View/ScriptHeader/**").permitAll()
                .antMatchers("/Scripts/**").permitAll()
                .antMatchers("/download/**").permitAll()
                .antMatchers("/NewTheme/**").permitAll()
                .antMatchers("/ErrorPages/**").permitAll()
                .antMatchers("/api/**").permitAll()
                .antMatchers("/landing/**").permitAll()
                .antMatchers("/h2-console/**").permitAll()
                .antMatchers("/rest/api/**").permitAll()
                .antMatchers("/View/**").authenticated()
                .antMatchers("/rest/**").authenticated();
    }

    @Bean
    public TokenStore tokenStore() {
        return new JdbcTokenStore(dataSource);
    }

}

身份验证和授权后,在 Spring Security 版本为的资源服务器中引发以下异常4.2.3.release

引起:java.io.InvalidClassException:org.springframework.security.core.authority.SimpleGrantedAuthority;本地类不兼容:流 classdesc serialVersionUID = 510,本地类 serialVersionUID = 420 at java.io.ObjectStreamClass.initNonProxy(ObjectStreamClass.java:616) at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1630)

由于这个错误,我在 Spring Security 5.1.2.release 中都看到了 SimpleGrantedAuthority 类的内容,有以下行:

private static final long serialVersionUID = 510L;

和 Spring Security 4.2.3.release,有以下行:

private static final long serialVersionUID = 420L;

由于某些原因,我无法升级4.2.3.release到,5.1.2.release并且由于 UAA检索.PricipalRemoteTokenServicesDefaultTokenServices

如何解决我的问题?

总的来说,克服这个问题的标准方法是什么?

标签: spring-bootspring-securitysingle-sign-onspring-security-oauth2

解决方案

推荐阅读