我试图在简单的Spring Boot + Spring OAuth应用程序上获得OAuth 1(3条腿),仅作为消费者。
我一直在尝试将tonr示例移植到spring-security-oauth存储库(https://github.com/spring- projects/spring-security-oauth)上,以使用Java配置而不是XML。
但是,我得到:
java.lang.NullPointerException: null at org.springframework.security.oauth.consumer.filter.OAuthConsumerProcessingFilter.doFilter(OAuthConsumerProcessingFilter.java:87) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:102) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.boot.actuate.autoconfigure.MetricFilterAutoConfiguration$MetricsFilter.doFilterInternal(MetricFilterAutoConfiguration.java:90) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:516) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1086) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:659) at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:223) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1558) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1515) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745)
…可能是因为OAuthConsumerContextFilter设置不正确。
我尝试<oauth:consumer>如下配置零件:
<oauth:consumer>
@Bean public OAuthConsumerProcessingFilter oAuthConsumerProcessingFilter() { OAuthConsumerProcessingFilter result = new OAuthConsumerProcessingFilter(); result.setProtectedResourceDetailsService(protectedResourceDetailsService()); final LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> map = new LinkedHashMap<>(); map.put(new RegexRequestMatcher("/sparklr/*", null), Collections.singletonList(ConsumerSecurityConfig.PERMIT_ALL_ATTRIBUTE)); result.setObjectDefinitionSource(new DefaultFilterInvocationSecurityMetadataSource(map)); return result; } @Bean public ProtectedResourceDetailsService protectedResourceDetailsService() { return (String id) -> { switch (id) { case "sparklrPhotos": sparklrProtectedResourceDetails(); break; } throw new RuntimeException("Error"); }; } @Bean public OAuthConsumerContextFilter oAuthConsumerContextFilter() { final CoreOAuthConsumerSupport consumerSupport = new CoreOAuthConsumerSupport(); consumerSupport.setProtectedResourceDetailsService(protectedResourceDetailsService()); final OAuthConsumerContextFilter filter = new OAuthConsumerContextFilter(); filter.setConsumerSupport(consumerSupport); return filter; }
…但显然缺少某些东西。我什至一直删除了,switch并始终返回相同的受保护资源详细信息,但这并没有改变我没有上下文的事实。
switch
我应该怎么做才能使这项工作?让我知道是否需要显示代码的其他部分。
更新:我添加了Consumer Context过滤器,但是我认为它没有被应用,因为我得到了同样的错误
为了将Spring Security与Java Config结合使用,您必须在内部具有这样的SecurityConfig文件(摘自http://projects.spring.io/spring- security-oauth/docs/oauth2.html)
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests().antMatchers("/login").permitAll().and() // default protection for all resources (including /oauth/authorize) .authorizeRequests() .anyRequest().hasRole("USER") // ... more configuration, e.g. for form login }
您还可以在该位置使用 http.addFilterAfter(oAuthConsumerContextFilter(), AnonymousAuthenticationFilter.class);
http.addFilterAfter(oAuthConsumerContextFilter(), AnonymousAuthenticationFilter.class);
您的代码的问题在于,在创建Authetication之前正在执行过滤器。
所以我猜两个过滤器都应该至少在AnonymousAuthenticationFilter.class之后
您可以在此处找到过滤器列表:http : //docs.spring.io/spring-security/site/docs/3.1.x/reference/springsecurity- single.html#filter-stack
这为我工作:
http .addFilterAfter(oAuthConsumerContextFilter(), SwitchUserFilter.class) .addFilterAfter(oAuthConsumerProcessingFilter(), OAuthConsumerContextFilter.class)
