我创建了一个简单的授权服务器,但无法配置它.
>启动两个应用程序(8080用于auth服务器,9999用于客户端).
>转到localhost:9999 / client并重定向到localhost:8080 / login(按预期方式).
>使用用户/用户填写登录表单.
>重定向到localhost:9999 / client(按预期方式),但有Hello,null而不是Hello,用户.
但是,如果我直接访问localhost:8080 / me,我有{“name”:“user”}.如何检索Hello,用户?
授权服务器
@RestController
@EnableAuthorizationServer
@SpringBootApplication
public class Application extends WebSecurityConfigurerAdapter {
public static void main(String[] args) {
SpringApplication.run(Application.class,args);
}
@GetMapping({ "/user","/me" })
public Map<String,String> user(Principal principal) {
return Collections.singletonMap("name",principal == null ? "null" : principal.getName());
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("user").authorities(AuthorityUtils.NO_AUTHORITIES);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin();
}
}
应用程序的属性
security:
oauth2:
client:
client-id: clientid
client-secret: clientsecret
scope: read,write
auto-approve-scopes: '.*'
客户
@Configuration
@EnableAutoConfiguration
@EnableOAuth2Sso
@RestController
public class Client {
@GetMapping("/")
public String home(Principal principal) {
return "Hello," + principal.getName();
}
public static void main(String[] args) {
new SpringApplicationBuilder(Client.class)
.properties("spring.config.name=client").run(args);
}
}
客户的财产
server:
port: 9999
context-path: /client
security:
oauth2:
client:
client-id: clientid
client-secret: clientsecret
access-token-uri: http://localhost:8080/oauth/token
user-authorization-uri: http://localhost:8080/oauth/authorize
resource:
user-info-uri: http://localhost:8080/me
更新:
当所有工作都下载时我下载了a tutorial,但它有ssoFilter仅用于OAuth2身份验证.我只想用loginForm配置它.
我还在GitHub上分享了一个临时的example.我认为用它来查找问题会更容易.
解决方法
存在不同的端口9999 8080,当它从与第一资源本身服务的域或端口不同的域或端口请求资源时,这将导致跨源HTTP请求.
有关HTTP access control (CORS)的更多详细信息
官方春季网站Enabling Cross Origin Requests for a RESTful Web Service上有一个很好的例子
我建议只需通过实现Filter接口就可以在您的应用上进行CORS过滤.
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class CorsFilter implements Filter {
public CorsFilter() {
}
@Override
public void doFilter(ServletRequest req,ServletResponse res,FilterChain chain) throws IOException,ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin","*"); //for production add only origins which should be allowed to access now for demo purposes this accepts all.
response.setHeader("Access-Control-Allow-Methods","POST,GET,OPTIONS,DELETE"); //i would reduce this method list if not all methods used this is added just for demo purposes
response.setHeader("Access-Control-Max-Age","3600");
response.setHeader("Access-Control-Allow-Headers","x-requested-with,authorization");
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req,res);
}
}
@Override
public void init(FilterConfig filterConfig) {
}
@Override
public void destroy() {
}
}
如果您使用的是spring boot app,请务必在组件扫描中包含新过滤器所在的包.
如果您使用’web.xml’进行配置:
然后添加过滤器
<filter>
<filter-name>CORS</filter-name>
<filter-class>com.mycompany.CorsFilter</filter-class>
</filter>
选项在servlet上添加映射
<filter-mapping>
<filter-name>CORS</filter-name>
<servlet-name>MyServlet</servlet-name>
</filter-mapping>
选项B为所有应用添加过滤器:
<filter-mapping>
<filter-name>CORS</filter-name>
<url-pattern>/*</url-pattern> <!--this will add cors on all apps-->
</filter-mapping>
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。