"Full authentication is required to access this resource" 当 Auth Server 和 Resource 服务器在 Spring Boot 中的同一服务器时
Getting "Full authentication is required to access this resource" when Auth Server and Resource server in same server in Spring Boot
我将授权服务器和资源服务器放在同一台服务器上。下面是我的安全配置,
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableResourceServer
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("userDetailsService")
private UserDetailsService userDetailsService;
@Override
public void configure(HttpSecurity http) throws Exception {
http.formLogin().and().httpBasic().disable().anonymous().disable().authorizeRequests().anyRequest()
.authenticated();
}
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
我正在尝试实施 'authorization_code' 授权类型并收到错误。密码授予类型没有问题
如果我有单独的资源服务器,它工作正常,但当我都在同一台服务器上时,它永远不会工作。基本上,当我没有“@EnableResourceServer”注释时,OAuth 登录页面可以完美显示。但是当我有注释时出现 "Full authentication is required to access this resource" 错误。我尝试了多种配置以允许“/login”URL。但没有运气。
制作一个 ResourceServerConfiguration 像这样的东西:
@Configuration
@EnableResourceServer
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {
private static final String RESOURCE_ID = "restservice";
@Autowired
DataSource dataSource;
@Autowired
@Qualifier("oauthTokenStore")
private TokenStore tokenStore;
@Override
public void configure(@NotNull ResourceServerSecurityConfigurer resources) {
resources.resourceId(RESOURCE_ID);
}
@Override
public void configure(@NotNull HttpSecurity http) throws Exception {
http
.requestMatchers()
.antMatchers("/**")
.and()
.authorizeRequests()
.antMatchers("/**").access("#oauth2.hasScope('read')")
.and()
.exceptionHandling()
.accessDeniedHandler(new OAuth2AccessDeniedHandler());
}
}
我将授权服务器和资源服务器放在同一台服务器上。下面是我的安全配置,
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableResourceServer
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("userDetailsService")
private UserDetailsService userDetailsService;
@Override
public void configure(HttpSecurity http) throws Exception {
http.formLogin().and().httpBasic().disable().anonymous().disable().authorizeRequests().anyRequest()
.authenticated();
}
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
我正在尝试实施 'authorization_code' 授权类型并收到错误。密码授予类型没有问题
如果我有单独的资源服务器,它工作正常,但当我都在同一台服务器上时,它永远不会工作。基本上,当我没有“@EnableResourceServer”注释时,OAuth 登录页面可以完美显示。但是当我有注释时出现 "Full authentication is required to access this resource" 错误。我尝试了多种配置以允许“/login”URL。但没有运气。
制作一个 ResourceServerConfiguration 像这样的东西:
@Configuration
@EnableResourceServer
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {
private static final String RESOURCE_ID = "restservice";
@Autowired
DataSource dataSource;
@Autowired
@Qualifier("oauthTokenStore")
private TokenStore tokenStore;
@Override
public void configure(@NotNull ResourceServerSecurityConfigurer resources) {
resources.resourceId(RESOURCE_ID);
}
@Override
public void configure(@NotNull HttpSecurity http) throws Exception {
http
.requestMatchers()
.antMatchers("/**")
.and()
.authorizeRequests()
.antMatchers("/**").access("#oauth2.hasScope('read')")
.and()
.exceptionHandling()
.accessDeniedHandler(new OAuth2AccessDeniedHandler());
}
}