spring-security - 使用 WebSecurityConfigurerAdapter 向任何人授权注册页面
问题描述
如果我使用令牌,我可以很好地访问用户页面 http://localhost:8901/auth/user。
但是,如果我尝试仅获取任何人都可以访问的注册/注册“api调用”:“访问此资源需要完全身份验证”。
我尝试了以下
httpSecurity
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/registration")
.permitAll()
.and()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.httpBasic();
然后尝试查看是否可以启用所有功能,但仍会出现相同的错误:
httpSecurity
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/**").permitAll()
.and()
.httpBasic();
我的一些课程
@Configuration
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
@Bean
public UserDetailsService userDetailsServiceBean() throws Exception {
return super.userDetailsServiceBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user1").password("{noop}password1").roles("USER")
.and()
.withUser("user2").password("{noop}password2").roles("USER", "ADMIN");
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception
{
httpSecurity
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/**").permitAll()
.and()
.httpBasic();
}
}
应用程序.yml 文件
#Setting the logging levels for the service
logging:
level:
com.netflix: DEBUG
org.springframework.web: DEBUG
com.test: DEBUG
eureka:
instance:
preferIpAddress: true
client:
service-url:
default-zone: http://localhost:8761/eureka/
register-with-eureka: true
fetch-registry: true
ribbon:
eureka:
enabled: true
server:
port: 8901
servlet:
context-path: /auth
bootstrap.yml 文件:
spring:
application:
name: authenticationservice
profiles:
active:
default
cloud:
config:
enabled: true
主班
@SpringBootApplication
@RestController
@EnableOAuth2Client
@EnableResourceServer
@EnableAuthorizationServer
public class Application {
private static final Logger logger = LoggerFactory.getLogger(Application.class);
@Autowired
private UserRepository userRepository;
@RequestMapping(value = { "/user" }, produces = "application/json")
public Map<String, Object> user(OAuth2Authentication user) {
Map<String, Object> userInfo = new HashMap<>();
userInfo.put("user", user.getUserAuthentication().getPrincipal());
userInfo.put("authorities", AuthorityUtils.authorityListToSet(user.getUserAuthentication().getAuthorities()));
return userInfo;
}
@RequestMapping(value = {"/validate"}, produces = "application/json")
public User validate(OAuth2Authentication user)
{
return userRepository.findByUserName(user.getName());
}
@PostMapping("/registration")
@ResponseStatus(code = HttpStatus.CREATED)
public void register(@RequestBody UserRegistrationDetails userRegDetails) {
logger.debug("Entering the register method");
if (StringUtils.isEmpty(userRegDetails.getUserName()) || EmailValidator.emailValidator(userRegDetails.getUserName()) == false)
{
throw new InvalidException("Invalid email provided");
}
User existingUser = userRepository.findByUserName(userRegDetails.getUserName());
if (existingUser != null)
throw new InvalidException("The User already exists");
if (EmailValidator.emailValidator(userRegDetails.getPassword()))
throw new InvalidException("The provided password is invalid");
User user = User.UserBuilder
.builder()
.withEnabled(true)
.withUserName(userRegDetails.getUserName()).withPassword(userRegDetails.getPassword())
.withEnabled(false)
.withAuthorizationCode("SOMECODE")
.withApplicationId(userRegDetails.getApplicationId())
.build();
userRepository.save(user);
}
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
编辑,添加 OAuth2Config
@Configuration
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private DatabaseUserRegistrationDetailsService userRegistrationDetailsService;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("test")
.secret("{noop}somesecret")
.authorizedGrantTypes("refresh_token", "password", "client_credentials")
.scopes("webclient", "mobileclient");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authenticationManager(authenticationManager)
.userDetailsService(userRegistrationDetailsService);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.checkTokenAccess("permitAll()");
}
}
解决方案
您的调用似乎触发了代码的资源服务器部分。那就是需要一个授权令牌。像这样配置异常:
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/registration")
.permitAll();
}
}
您可以从主类中删除 @EnableResourceServer。
推荐阅读
- python - 具有较低的Python拆分方法
- c# - 如何防止 .NET Core 中的 MySqlConnector 类出现错误 CS0433?
- angular - ngrx 效果 - 两个 http api 效果相同
- oracle - 在连接和脚本执行后回到以前的 sql plus 会话可能吗?
- node.js - 使用 Nodejs 使用大对象 Postgres 存储文件
- git - 尝试更改旧提交消息时出错
- sql - 为什么我的 SQL 查询没有在休眠中返回任何结果?
- prometheus - 如何按值过滤即时向量然后在 promQL 中取范围?
- android - com.google.gson.JsonSyntaxException: java.lang.IllegalStateException: 预期 BEGIN_OBJECT 但在第 1 行第 3 列路径 $[0] 处为 BEGIN_ARRAY
- python - 在白天和晚上重新采样 DataFrame