OAuth2 není přístupný z naparování

hlasů
0

Začínám 401 při pokusu o přístup k protokolu OAuth2 z naparování. To je v pořádku, pokud Swagger se nastavuje v jednom projektu a běží na stejném portu. Ale když jsem se nastavit si vykračovat v jiném projektu s jiném portu, pak to dává 401.

OAuth2 je přístupný a pracuje dobře s Pošťák. Nejsem schopen zjistit, proč to dává 401 z jiného portu. Ověřil jsem příchozí / odchozí pravidla běží portu. Je nějaká jiná konfigurace nutná pro přístup k OAuth z jiného serveru nebo v přístavu?

Projekt OAuth2 je nakonfigurován na adrese http: // localhost: 8090 / SpringBoot projekt je nakonfigurován na adrese http: // localhost: 8888 / odkud OAuth2 dává 401.

WebSecurityConfiguration

@Configuration
@EnableWebSecurity
public class CustomWebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Lazy
    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Autowired
    public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {
        auth
                .userDetailsService(userDetailsService)
                .passwordEncoder(passwordEncoder);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers(HttpMethod.OPTIONS).permitAll()
                .antMatchers(/oauth/**).permitAll()
                .antMatchers(/login).permitAll()
                .anyRequest().authenticated()
                .and()
                .httpBasic()
                .and()
                .csrf().disable();
    }
    /*
     * https://github.com/spring-projects/spring-boot/issues/11136
     * Expose it manually (there is bug)
     *
     * */


    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}

AuthorizationServerConfig:

@Configuration
@EnableAuthorizationServer
public class CustomAuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    private static final String CLIENT_ID = client;
    private static final String CLIENT_SECRET = secret;
    private static final String GRANT_TYPE_PASSWORD = password;
    private static final String GRANT_TYPE_CLIENT_CREDENTIALS = client_credentials;
    private static final String GRANT_TYPE_REFRESH_TOKEN = refresh_token;
    private static final String GRANT_TYPE_AUTH_CODE = authorization_code;

    private static final String SCOPE_READ = read;
    private static final String SCOPE_WRITE = write;
    private static final String SCOPE_TRUST = trust;

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private CustomUserDetailService userDetailsService;
    @Autowired
    private PasswordEncoder passwordEncoder;

    @Value(${config.oauth2.tokenTimeout})
    private int ACCESS_TOKEN_VALIDITY_SECONDS;

    @Value(${config.oauth2.tokenTimeout})
    private int REFRESH_TOKEN_VALIDITY_SECONDS;

    @Value(${config.oauth2.privateKey})
    private String privateKey;

    @Value(${config.oauth2.publicKey})
    private String publicKey;

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients
                .inMemory()
                .withClient(CLIENT_ID)
                .authorizedGrantTypes(GRANT_TYPE_CLIENT_CREDENTIALS, GRANT_TYPE_PASSWORD, GRANT_TYPE_REFRESH_TOKEN, GRANT_TYPE_AUTH_CODE)
                .authorities(ROLE_CLIENT, ROLE_TRUSTED_CLIENT)
                .scopes(SCOPE_READ, SCOPE_WRITE, SCOPE_TRUST)
                .resourceIds(oauth2-resource)
                .accessTokenValiditySeconds(ACCESS_TOKEN_VALIDITY_SECONDS)
                .refreshTokenValiditySeconds(REFRESH_TOKEN_VALIDITY_SECONDS)
                .secret(passwordEncoder.encode(CLIENT_SECRET));
    }


    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.authenticationManager(authenticationManager)
                .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST)
                .tokenStore(tokenStore())
                .userDetailsService(userDetailsService)
                .tokenServices(tokenServices())
                .accessTokenConverter(accessTokenConverter());
    }

    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        converter.setSigningKey(privateKey);

        return converter;
    }

    @Bean
    public JwtTokenStore tokenStore() {
        return new JwtTokenStore(accessTokenConverter());
    }

    @Bean
    @Primary
    public DefaultTokenServices tokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        defaultTokenServices.setSupportRefreshToken(true);
        defaultTokenServices.setTokenEnhancer(accessTokenConverter());
        return defaultTokenServices;
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security.checkTokenAccess(isAuthenticated())
                .tokenKeyAccess(permitAll());
    }
}

WebSecureConfigurerAdapter:

@Configuration
@EnableResourceServer
public class CustomResourceConfig extends ResourceServerConfigurerAdapter {    
    @Value(${config.oauth2.publicKey})
    private String publicKey;

    @Value(${config.oauth2.privateKey})
    private String privateKey;

    @Value(${config.oauth2.resource.id})
    private String resourceId;

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .authorizeRequests()
                .antMatchers(HttpMethod.OPTIONS).authenticated()
                .antMatchers(HttpMethod.OPTIONS).permitAll()
                .antMatchers(/, /home, /register, /login).permitAll()
                .antMatchers(/oauth/**).authenticated();

    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources
                .resourceId(resourceId)
                .tokenServices(tokenServices())
                .tokenStore(tokenStore());
    }

    @Bean
    @Primary
    public DefaultTokenServices tokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        defaultTokenServices.setSupportRefreshToken(true);
        defaultTokenServices.setTokenEnhancer(accessTokenConverter());
        return defaultTokenServices;
    }


    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        converter.setSigningKey(privateKey);
        return converter;
    }

    @Bean
    public JwtTokenStore tokenStore() {
        return new JwtTokenStore(accessTokenConverter());
    }
}
Položena 20/10/2018 v 14:03
zdroj uživatelem
V jiných jazycích...                            


1 odpovědí

hlasů
0

V konfiguraci Swagger, OAuth bezpečnostní schéma by mělo být správně inicializován při tvorbě Docket instance. Zde Access Token URI je něco jako: http: // localhost: 8080 / api / OAuth / tokenu

@Value("${config.oauth2.accessTokenUri}")
private String accessTokenUri;


@Bean
public Docket productApi() {
return new Docket(DocumentationType.SWAGGER_2)
                .select().apis(RequestHandlerSelectors.basePackage("com.authentication")).paths(regex("/.*"))
                .paths(PathSelectors.any())
                .build()
                .securityContexts(Collections.singletonList(securityContext()))
                .securitySchemes(Arrays.asList(securitySchema()))
                .apiInfo(apiInfo());
}
private OAuth securitySchema() {

    List<AuthorizationScope> authorizationScopeList = newArrayList();
    authorizationScopeList.add(new AuthorizationScope("read", "read all"));
    authorizationScopeList.add(new AuthorizationScope("write", "access all"));

    List<GrantType> grantTypes = newArrayList();
    GrantType passwordCredentialsGrant = new ResourceOwnerPasswordCredentialsGrant(accessTokenUri);
    grantTypes.add(passwordCredentialsGrant);

    return new OAuth("oauth2", authorizationScopeList, grantTypes);
}

private SecurityContext securityContext() {
    return SecurityContext.builder().securityReferences(defaultAuth())
            .build();
}
Odpovězeno 01/10/2019 v 11:56
zdroj uživatelem

Cookies help us deliver our services. By using our services, you agree to our use of cookies. Learn more