我创建了一个简单的授权服务器,但无法配置它.
>启动两个应用程序(8080用于auth服务器,9999用于客户端).
>转到localhost:9999 / client并重定向到localhost:8080 / login(按预期方式).
>使用用户/用户填写登录表单.
>重定向到localhost:9999 / client(按预期方式),但有Hello,null而不是Hello,用户.
但是,如果我直接访问localhost:8080 / me,我有{“name”:“user”}.如何检索Hello,用户?
授权服务器
@RestController @EnableAuthorizationServer @SpringBootApplication public class Application extends WebSecurityConfigurerAdapter { public static void main(String[] args) { SpringApplication.run(Application.class,args); } @GetMapping({ "/user","/me" }) public Map<String,String> user(Principal principal) { return Collections.singletonMap("name",principal == null ? "null" : principal.getName()); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication() .withUser("user").password("user").authorities(AuthorityUtils.NO_AUTHORITIES); } @Override protected void configure(HttpSecurity http) throws Exception { http.formLogin(); } }
应用程序的属性
security: oauth2: client: client-id: clientid client-secret: clientsecret scope: read,write auto-approve-scopes: '.*'
客户
@Configuration @EnableAutoConfiguration @EnableOAuth2Sso @RestController public class Client { @GetMapping("/") public String home(Principal principal) { return "Hello," + principal.getName(); } public static void main(String[] args) { new SpringApplicationBuilder(Client.class) .properties("spring.config.name=client").run(args); } }
客户的财产
server: port: 9999 context-path: /client security: oauth2: client: client-id: clientid client-secret: clientsecret access-token-uri: http://localhost:8080/oauth/token user-authorization-uri: http://localhost:8080/oauth/authorize resource: user-info-uri: http://localhost:8080/me
更新:
当所有工作都下载时我下载了a tutorial,但它有ssoFilter仅用于OAuth2身份验证.我只想用loginForm配置它.
我还在GitHub上分享了一个临时的example.我认为用它来查找问题会更容易.
解决方法
存在不同的端口9999 8080,当它从与第一资源本身服务的域或端口不同的域或端口请求资源时,这将导致跨源HTTP请求.
有关HTTP access control (CORS)的更多详细信息
官方春季网站Enabling Cross Origin Requests for a RESTful Web Service上有一个很好的例子
我建议只需通过实现Filter接口就可以在您的应用上进行CORS过滤.
@Component @Order(Ordered.HIGHEST_PRECEDENCE) public class CorsFilter implements Filter { public CorsFilter() { } @Override public void doFilter(ServletRequest req,ServletResponse res,FilterChain chain) throws IOException,ServletException { HttpServletResponse response = (HttpServletResponse) res; HttpServletRequest request = (HttpServletRequest) req; response.setHeader("Access-Control-Allow-Origin","*"); //for production add only origins which should be allowed to access now for demo purposes this accepts all. response.setHeader("Access-Control-Allow-Methods","POST,GET,OPTIONS,DELETE"); //i would reduce this method list if not all methods used this is added just for demo purposes response.setHeader("Access-Control-Max-Age","3600"); response.setHeader("Access-Control-Allow-Headers","x-requested-with,authorization"); if ("OPTIONS".equalsIgnoreCase(request.getMethod())) { response.setStatus(HttpServletResponse.SC_OK); } else { chain.doFilter(req,res); } } @Override public void init(FilterConfig filterConfig) { } @Override public void destroy() { } }
如果您使用的是spring boot app,请务必在组件扫描中包含新过滤器所在的包.
如果您使用’web.xml’进行配置:
然后添加过滤器
<filter> <filter-name>CORS</filter-name> <filter-class>com.mycompany.CorsFilter</filter-class> </filter>
选项在servlet上添加映射
<filter-mapping> <filter-name>CORS</filter-name> <servlet-name>MyServlet</servlet-name> </filter-mapping>
选项B为所有应用添加过滤器:
<filter-mapping> <filter-name>CORS</filter-name> <url-pattern>/*</url-pattern> <!--this will add cors on all apps--> </filter-mapping>
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。