使用 oauth2 提供身份验证时从 swagger 响应中获取 401 错误状态
Getting 401 error status from swagger response when providing authentication using oauth2
我正在尝试在我的 application.I 中使用 spring security 和 oauth2.0 设置 swagger 已经创建了为此所需的所有文件,我能够获得 access_token 并且在尝试使用 postman.
时也能够 authenticate 使用 token
但现在我需要使用 swagger 做同样的事情,我的状态是 401
error: "Auth ErrorTypeError: Failed to fetch" 大摇大摆。
另外,当我点击验证按钮时,我得到了方法类型选项。
我在我的应用程序中使用了 cors 过滤器并删除了 HttpMethod.options 的安全性。
为什么会出现这个错误?我错过了什么?
authorazation server code:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().and().cors().and()
.authorizeRequests()
.antMatchers("/login","/logout.do").permitAll()
.antMatchers(HttpMethod.OPTIONS,
"/oauth/token").permitAll()
// .antMatchers("/**").authenticated()
.anyRequest().authenticated()
.and()
.formLogin()
.loginProcessingUrl("/login.do")
.usernameParameter("username")
.passwordParameter("password")
.loginPage("/login")
.and()
.logout()
.logoutRequestMatcher(new
AntPathRequestMatcher("/logout.do"))
.and()
.userDetailsService(userDetailsServiceBean());
}
资源服务器:
@Override
public void configure(HttpSecurity http) throws Exception{
http
.csrf().disable().authorizeRequests().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources", "/configuration/security",
"/swagger-ui.html", "/webjars/**", "/swagger-resources/configuration/ui", "/swagger-ui.html",
"/swagger-resources/configuration/security")
.permitAll();
http.csrf().and()
//.addFilterBefore(new CORSFilter(), ChannelProcessingFilter.class)
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/oauth/token").permitAll()
.antMatchers(HttpMethod.GET, "/**").access("#oauth2.hasScope('read')")
.antMatchers(HttpMethod.POST, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.PATCH, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.PUT, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.DELETE, "/**").access("#oauth2.hasScope('write')");
}
招摇配置:
@Bean
public Docket edstrumentsApi() {
List<ResponseMessage> list = new ArrayList<>();
list.add(new ResponseMessageBuilder().code(500).message("500 message")
.responseModel(new ModelRef("Result")).build());
list.add(new ResponseMessageBuilder().code(401).message("Unauthorized")
.responseModel(new ModelRef("Result")).build());
list.add(new ResponseMessageBuilder().code(406).message("Not Acceptable")
.responseModel(new ModelRef("Result")).build());
return new Docket(DocumentationType.SWAGGER_2)
.select().apis(RequestHandlerSelectors.basePackage("backend"))
.paths(PathSelectors.any())
.build()
.directModelSubstitute(LocalDate.class, String.class)
.genericModelSubstitutes(ResponseEntity.class)
.securitySchemes(Collections.singletonList(securitySchema()))
.securityContexts(Collections.singletonList(securityContext())).pathMapping("/")
.useDefaultResponseMessages(false).apiInfo(apiInfo()).globalResponseMessage(RequestMethod.GET, list)
.globalResponseMessage(RequestMethod.POST, list)
.apiInfo(apiInfo());
}
@Bean
public OAuth securitySchema() {
List<AuthorizationScope> authorizationScopeList = new ArrayList();
authorizationScopeList.add(new AuthorizationScope(Constants.SCOPE_READ, "read all"));
authorizationScopeList.add(new AuthorizationScope(Constants.SCOPE_TRUST, "trust all"));
authorizationScopeList.add(new AuthorizationScope(Constants.SCOPE_WRITE, "access all"));
List<GrantType> grantTypes = new ArrayList();
GrantType creGrant = new ResourceOwnerPasswordCredentialsGrant( "http://localhost:8081/oauth/token");
grantTypes.add(creGrant);
return new OAuth("oauth2schema", authorizationScopeList, grantTypes);
}
是的,我找到了错误的原因。
我在资源端而不是授权服务器创建 cors 过滤器。
这就是我无法在服务器上获取选项请求的原因。
我正在尝试在我的 application.I 中使用 spring security 和 oauth2.0 设置 swagger 已经创建了为此所需的所有文件,我能够获得 access_token 并且在尝试使用 postman.
authenticate 使用 token
但现在我需要使用 swagger 做同样的事情,我的状态是 401
error: "Auth ErrorTypeError: Failed to fetch" 大摇大摆。
另外,当我点击验证按钮时,我得到了方法类型选项。
我在我的应用程序中使用了 cors 过滤器并删除了 HttpMethod.options 的安全性。
为什么会出现这个错误?我错过了什么?
authorazation server code:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().and().cors().and()
.authorizeRequests()
.antMatchers("/login","/logout.do").permitAll()
.antMatchers(HttpMethod.OPTIONS,
"/oauth/token").permitAll()
// .antMatchers("/**").authenticated()
.anyRequest().authenticated()
.and()
.formLogin()
.loginProcessingUrl("/login.do")
.usernameParameter("username")
.passwordParameter("password")
.loginPage("/login")
.and()
.logout()
.logoutRequestMatcher(new
AntPathRequestMatcher("/logout.do"))
.and()
.userDetailsService(userDetailsServiceBean());
}
资源服务器:
@Override
public void configure(HttpSecurity http) throws Exception{
http
.csrf().disable().authorizeRequests().antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources", "/configuration/security",
"/swagger-ui.html", "/webjars/**", "/swagger-resources/configuration/ui", "/swagger-ui.html",
"/swagger-resources/configuration/security")
.permitAll();
http.csrf().and()
//.addFilterBefore(new CORSFilter(), ChannelProcessingFilter.class)
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/oauth/token").permitAll()
.antMatchers(HttpMethod.GET, "/**").access("#oauth2.hasScope('read')")
.antMatchers(HttpMethod.POST, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.PATCH, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.PUT, "/**").access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.DELETE, "/**").access("#oauth2.hasScope('write')");
}
招摇配置:
@Bean
public Docket edstrumentsApi() {
List<ResponseMessage> list = new ArrayList<>();
list.add(new ResponseMessageBuilder().code(500).message("500 message")
.responseModel(new ModelRef("Result")).build());
list.add(new ResponseMessageBuilder().code(401).message("Unauthorized")
.responseModel(new ModelRef("Result")).build());
list.add(new ResponseMessageBuilder().code(406).message("Not Acceptable")
.responseModel(new ModelRef("Result")).build());
return new Docket(DocumentationType.SWAGGER_2)
.select().apis(RequestHandlerSelectors.basePackage("backend"))
.paths(PathSelectors.any())
.build()
.directModelSubstitute(LocalDate.class, String.class)
.genericModelSubstitutes(ResponseEntity.class)
.securitySchemes(Collections.singletonList(securitySchema()))
.securityContexts(Collections.singletonList(securityContext())).pathMapping("/")
.useDefaultResponseMessages(false).apiInfo(apiInfo()).globalResponseMessage(RequestMethod.GET, list)
.globalResponseMessage(RequestMethod.POST, list)
.apiInfo(apiInfo());
}
@Bean
public OAuth securitySchema() {
List<AuthorizationScope> authorizationScopeList = new ArrayList();
authorizationScopeList.add(new AuthorizationScope(Constants.SCOPE_READ, "read all"));
authorizationScopeList.add(new AuthorizationScope(Constants.SCOPE_TRUST, "trust all"));
authorizationScopeList.add(new AuthorizationScope(Constants.SCOPE_WRITE, "access all"));
List<GrantType> grantTypes = new ArrayList();
GrantType creGrant = new ResourceOwnerPasswordCredentialsGrant( "http://localhost:8081/oauth/token");
grantTypes.add(creGrant);
return new OAuth("oauth2schema", authorizationScopeList, grantTypes);
}
是的,我找到了错误的原因。 我在资源端而不是授权服务器创建 cors 过滤器。
这就是我无法在服务器上获取选项请求的原因。