本文介紹了使用Spring安全刷新令牌調(diào)用失敗,需要OAuth2,錯誤為:UserDetailsService的處理方法,對大家解決問題具有一定的參考價值,需要的朋友們下面隨著小編來一起學(xué)習(xí)吧!
問題描述
我正在使用Spring Security OAuth2進(jìn)行授權(quán)。當(dāng)嘗試刷新令牌時,我得到一個錯誤:UserDetailsService is required(有趣的是,我只在Unix機(jī)器上得到這個錯誤,而不是在Windows上)。我使用的是Spring OAuth2 2.0.7版。
由于某種原因,DefaultTokenService中的AuthenticationManager不是空的,它會嘗試對用戶進(jìn)行身份驗證,以檢查他是否仍然存在。我認(rèn)為它被初始化是因為一些Spring安全與Spring OAuth2配置問題。
我沒有使用任何自定義UserDetailsService,因此在這一點上它不應(yīng)該對用戶進(jìn)行身份驗證。然而,當(dāng)我調(diào)試它時,我發(fā)現(xiàn)它試圖使用WebSecurityConfigurerAdapter中的一個,結(jié)果出現(xiàn)了這個錯誤。即使我提供了我的定制虛擬UserDetailsService,它也沒有使用那個虛擬對象,而是嘗試使用另一個為空的虛擬對象。我是不是漏掉了什么?我找不到為什么會發(fā)生這種情況?
這是我的OAuth2配置
@Configuration
@EnableAuthorizationServer
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private MySpringTokenStore tokenStore;
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private MyClientDetailsServiceImpl clientDetailsService;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(tokenStore);
endpoints.authenticationManager(authenticationManager)
.approvalStoreDisabled();
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.withClientDetails(clientDetailsService);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.allowFormAuthenticationForClients();
}
@Bean
public TokenStore tokenStore() {
return new InMemoryTokenStore();
}
}
這是我的Spring安全配置
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/myRest/events/**", "/events/**", "/events", "/myRest/events").permitAll()
.antMatchers("/login.jsp", "/login").permitAll()
.and()
.csrf().requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize")).disable()
.csrf().requireCsrfProtectionMatcher(new AntPathRequestMatcher("/myRest/events")).disable()
.sessionManagement().sessionFixation().none();
// @formatter:on
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/index*", "/myRest/events/**", "/events/**", "/myRest/events", "/events", "/swagger/**", "/kibana/**",
"/elastic/**", "/version/**", "/api-docs/**", "/js/**", "/oauth/uncache_approvals", "/oauth/cache_approvals");
}
}
推薦答案
授權(quán)服務(wù)器終結(jié)點需要UserDetailsService。在OAuth2Config類中配置用戶詳細(xì)信息服務(wù),如下所示:
@Autowired
private UserDetailsService userDetailsService;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(tokenStore);
endpoints.userDetailsService(userDetailsService);
endpoints.authenticationManager(authenticationManager)
.approvalStoreDisabled();
}
您也可以在WebSecurityConfigurerAdapter中配置:
@Autowired
private AuthorizationServerEndpointsConfiguration endpoints;
@Override
protected void configure(HttpSecurity http) throws Exception {
if (!endpoints.getEndpointsConfigurer().isUserDetailsServiceOverride()) {
UserDetailsService userDetailsService = http.getSharedObject(UserDetailsService.class);
endpoints.getEndpointsConfigurer().userDetailsService(userDetailsService);
}
// @formatter:off
http
.authorizeRequests()
.antMatchers("/myRest/events/**", "/events/**", "/events", "/myRest/events").permitAll()
.antMatchers("/login.jsp", "/login").permitAll()
.and()
.csrf().requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize")).disable()
.csrf().requireCsrfProtectionMatcher(new AntPathRequestMatcher("/myRest/events")).disable()
.sessionManagement().sessionFixation().none();
// @formatter:on
}
這篇關(guān)于使用Spring安全刷新令牌調(diào)用失敗,需要OAuth2,錯誤為:UserDetailsService的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,
