Spring 安全 OAuth2:多个 ResourceServerConfiguration 不工作
Spring Security OAuth2: multiple ResourceServerConfiguration not working
Spring 引导版本:1.5.8.RELEASE
Spring云版本:Edgware.RELEASE(使用zuul)
尝试配置多个资源,但在 github 中遵循 this example,无法使其正常工作。
我的代码是:
class ResourceServerConfigurationFactory
{
static ResourceServerConfiguration criarResourceServerConfiguration(String resourceId, int order,
HttpSecurityConfigurer configurer)
{
ResourceServerConfiguration resource = new ResourceServerConfiguration()
{
// Switch off the Spring Boot @Autowired configurers
public void setConfigurers(List<ResourceServerConfigurer> configurers)
{
super.setConfigurers(configurers);
}
};
resource.setConfigurers(Arrays.<ResourceServerConfigurer>asList(new ResourceServerConfigurerAdapter()
{
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception
{
resources.resourceId(resourceId);
}
@Override
public void configure(HttpSecurity http) throws Exception
{
configurer.configure(http);
}
}));
resource.setOrder(order);
return resource;
}
}
interface HttpSecurityConfigurer
{
public void configure(HttpSecurity http) throws Exception;
}
还有我的配置:
@Configuration
public class OAuthResourceConfiguration
{
@Bean
protected ResourceServerConfiguration usuarioResources()
{
return ResourceServerConfigurationFactory.criarResourceServerConfiguration("usuario", -10,
http -> http.antMatcher("/user").authorizeRequests().anyRequest().permitAll());
}
@Bean
protected ResourceServerConfiguration funcaoResources()
{
return ResourceServerConfigurationFactory.criarResourceServerConfiguration("funcao", -20,
http -> http.antMatcher("/ws").authorizeRequests().anyRequest().permitAll());
}
}
最后,Spring 引导应用程序:
@SpringBootApplication
@EnableResourceServer
@EnableZuulProxy
public class ApiGatewayApplication {
public static void main(String[] args) {
SpringApplication.run(ApiGatewayApplication.class, args);
}
}
事实:
- Spring 实例化两个 ResourceServerConfiguration bean;
- 只有更高阶的 bean 工作(/user 端点没问题,/ws 端点不断询问身份验证)
- 在spring 日志中,我可以看到只使用了/user 蚂蚁匹配器。 /ws 被完全忽略。
怎么了?
问题与我创建的工厂class有关。
lambda + 匿名的组合 class 产生了某种问题(我无法理解),把事情搞砸了。
在 @Configuration class 中将两个配置器声明为 Bean 解决了问题。
Spring 引导版本:1.5.8.RELEASE Spring云版本:Edgware.RELEASE(使用zuul)
尝试配置多个资源,但在 github 中遵循 this example,无法使其正常工作。
我的代码是:
class ResourceServerConfigurationFactory
{
static ResourceServerConfiguration criarResourceServerConfiguration(String resourceId, int order,
HttpSecurityConfigurer configurer)
{
ResourceServerConfiguration resource = new ResourceServerConfiguration()
{
// Switch off the Spring Boot @Autowired configurers
public void setConfigurers(List<ResourceServerConfigurer> configurers)
{
super.setConfigurers(configurers);
}
};
resource.setConfigurers(Arrays.<ResourceServerConfigurer>asList(new ResourceServerConfigurerAdapter()
{
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception
{
resources.resourceId(resourceId);
}
@Override
public void configure(HttpSecurity http) throws Exception
{
configurer.configure(http);
}
}));
resource.setOrder(order);
return resource;
}
}
interface HttpSecurityConfigurer
{
public void configure(HttpSecurity http) throws Exception;
}
还有我的配置:
@Configuration
public class OAuthResourceConfiguration
{
@Bean
protected ResourceServerConfiguration usuarioResources()
{
return ResourceServerConfigurationFactory.criarResourceServerConfiguration("usuario", -10,
http -> http.antMatcher("/user").authorizeRequests().anyRequest().permitAll());
}
@Bean
protected ResourceServerConfiguration funcaoResources()
{
return ResourceServerConfigurationFactory.criarResourceServerConfiguration("funcao", -20,
http -> http.antMatcher("/ws").authorizeRequests().anyRequest().permitAll());
}
}
最后,Spring 引导应用程序:
@SpringBootApplication
@EnableResourceServer
@EnableZuulProxy
public class ApiGatewayApplication {
public static void main(String[] args) {
SpringApplication.run(ApiGatewayApplication.class, args);
}
}
事实:
- Spring 实例化两个 ResourceServerConfiguration bean;
- 只有更高阶的 bean 工作(/user 端点没问题,/ws 端点不断询问身份验证)
- 在spring 日志中,我可以看到只使用了/user 蚂蚁匹配器。 /ws 被完全忽略。
怎么了?
问题与我创建的工厂class有关。
lambda + 匿名的组合 class 产生了某种问题(我无法理解),把事情搞砸了。
在 @Configuration class 中将两个配置器声明为 Bean 解决了问题。