如何解决springboot2集成oauth2踩坑的问题,相信很多没有经验的人对此束手无策,为此本文总结了问题出现的原因和解决方法,通过这篇文章希望你能解决这个问题。
刚开始用springboot1.5集成oauth3没问题,现在升级成springboot2.1踩了不少坑,下面列举下:
Possible CSRF detected - state parameter was required but no state could be found
客户端代码
@EnableOAuth3Sso @Configuration public class UiSecurityConfig extends WebSecurityConfigurerAdapter { @Override public void configure(HttpSecurity http) throws Exception { http.antMatcher("/**") .authorizeRequests() .antMatchers("/", "/login**") .permitAll() .anyRequest() .authenticated(); } }
在获取到code后一直停留在登陆页面上 在网上找了下有以下方案: 1、配置server.servlet.session.cookie.name=UPSESSIONID 但是这个试了没效果 2、设置code策略authCodeProvider.setStateMandatory(false); 这里改动了很多代码
@Configuration @EnableOAuth3Client @EnableGlobalMethodSecurity(prePostEnabled=true)//开启@PreAuthorize注解 public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private OAuth3ClientContext oauth3ClientContext; @Override protected void configure(HttpSecurity http) throws Exception { // // @formatter:off http.authorizeRequests() .anyRequest().authenticated().and() .formLogin().loginPage("/login").permitAll().and() .exceptionHandling().and() .logout().logoutSuccessUrl("/login").permitAll() .and().headers().frameOptions().sameOrigin() .and().csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and() .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);//这里需要配置在basic前 } @Bean public FilterRegistrationBean oauth3ClientFilterRegistration(OAuth3ClientContextFilter filter) { FilterRegistrationBean registration = new FilterRegistrationBean(); registration.setFilter(filter); registration.setOrder(-100); return registration; } @Bean @ConfigurationProperties("security.oauth3") public ClientResources trina() { return new ClientResources(); } private Filter ssoFilter() { CompositeFilter filter = new CompositeFilter(); List<filter> filters = new ArrayList<filter>(); filters.add(ssoFilter(trina(), "/login")); filter.setFilters(filters); return filter; } private Filter ssoFilter(ClientResources client, String path) { OAuth3ClientAuthenticationProcessingFilter oAuth3ClientAuthenticationFilter = new OAuth3ClientAuthenticationProcessingFilter( path); OAuth3RestTemplate oAuth3RestTemplate = new OAuth3RestTemplate(client.getClient(), this.oauth3ClientContext); oAuth3ClientAuthenticationFilter.setRestTemplate(oAuth3RestTemplate); AuthorizationCodeAccessTokenProvider authCodeProvider = new AuthorizationCodeAccessTokenProvider(); authCodeProvider.setStateMandatory(false); AccessTokenProviderChain provider = new AccessTokenProviderChain( Arrays.asList(authCodeProvider)); oAuth3RestTemplate.setAccessTokenProvider(provider); UserInfoTokenServices tokenServices = new UserInfoTokenServices(client.getResource().getUserInfoUri(), client.getClient().getClientId()); tokenServices.setRestTemplate(oAuth3RestTemplate); oAuth3ClientAuthenticationFilter.setTokenServices(tokenServices); return oAuth3ClientAuthenticationFilter; } } class ClientResources { @NestedConfigurationProperty private AuthorizationCodeResourceDetails client = new AuthorizationCodeResourceDetails(); @NestedConfigurationProperty private ResourceServerProperties resource = new ResourceServerProperties(); public AuthorizationCodeResourceDetails getClient() { return client; } public ResourceServerProperties getResource() { return resource; } }
修改后访问呢连接,登陆后成功跳转到指定页面。
看完上述内容,你们掌握如何解决springboot2集成oauth2踩坑的问题的方法了吗?如果还想学到更多技能或想了解更多相关内容,欢迎关注亿速云行业资讯频道,感谢各位的阅读!
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。