Spring Security OAuth2 - @EnableOauth2Sso but accept tokens as authentication, too
I have an application which has @EnableOAuth2Sso on the WebSecurityConfigurerAdapter
After adding @EnableOAuth2Ssothe applica
-
The reason for the exception was the ordering of the filters like @jah said.
What i did to achieve the authentication of requests, containing an access token in the Authorization-Header, is to create a class
ApiTokenAccessFilterwhich extendsOAuth2AuthenticationProcessingFilter. This filter takes aResourceServerTokenServicesconstructor parameter and sets the stateless flag to false.public class ApiTokenAccessFilter extends OAuth2AuthenticationProcessingFilter { public ApiTokenAccessFilter(ResourceServerTokenServices resourceServerTokenServices) { super(); setStateless(false); setAuthenticationManager(oauthAuthenticationManager(resourceServerTokenServices)); } private AuthenticationManager oauthAuthenticationManager(ResourceServerTokenServices tokenServices) { OAuth2AuthenticationManager oauthAuthenticationManager = new OAuth2AuthenticationManager(); oauthAuthenticationManager.setResourceId("oauth2-resource"); oauthAuthenticationManager.setTokenServices(tokenServices); oauthAuthenticationManager.setClientDetailsService(null); return oauthAuthenticationManager; } }In my security config i used this Filter as follows:
@Configuration @EnableOAuth2Sso public class SecurityConfiguration extends WebSecurityConfigurerAdapter { @Autowired private ResourceServerTokenServices tokenServices; @Override public void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .anyRequest() .authenticated() .and() .addFilterBefore(new ApiTokenAccessFilter(tokenServices), AbstractPreAuthenticatedProcessingFilter.class); } }I think this could be easier so i opened an issue on the spring-security-oauth Github repo. I'm not sure whether this solution is the way to go, but i didn't find another alternative.
加载中...
- 热议问题