找不到BearerTokenAccessDeniedHandler类定义

qlvxas9a  于 2022-10-23  发布在  Spring
关注(0)|答案(4)|浏览(177)

然而,当我尝试运行以下代码时,我正在尝试一个使用Spring Boot 2.1.1和SpringSec5作为OAuth2资源服务器的演示项目

ENV

  • Spring Boot 2.1.1版本
  • Spring安全核心5.1.2
  • Java 8
    代码
@RestController
    @SpringBootApplication
   //  @EnableResourceServer
    public class MyApplication {

    public static void main(String[] args) {
        SpringApplication.run(MyApplication.class, args);
    }
    @GetMapping("/hello")
    public String sayHello() {
    return "Hello World";
    }

    @Configuration
    static class MyWebSecurityConfigurerAdapter extends 
    WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests().anyRequest().authenticated()
                .and()
                .oauth2ResourceServer().jwt(); // <--- throws error

        }
      }

    }

这会抛出错误
工厂方法“springSecurityFilterChain”引发异常;嵌套异常为java.lang.NoClassDefFoundError:org/springframework/security/oauth2/server/resource/web/access/BearerTokenAccessDeniedHandler

构建

我的依赖项如下所示

dependencies {

implementation('org.springframework.boot:spring-boot-starter-web')
implementation('org.springframework.boot:spring-boot-starter-security')
implementation(group: 'org.springframework.security.oauth.boot', name: 'spring-security-oauth2-autoconfigure', version: '2.1.1.RELEASE')

implementation(group: 'org.springframework.security.oauth', name: 'spring-security-oauth2', version: '2.3.4.RELEASE')
}
nuypyhwy

nuypyhwy1#

添加spring-boot-starter-oauth2-resource-server依赖项时,异常消失

ycggw6v2

ycggw6v22#

我也是。
但我是在org.springframework.boot:spring-boot-starter-oauth2-resource-server里找到的
顺便说一下,我导入了org.springframework.boot:spring-boot-starter-oauth2-resource-server包并使用:

http
                .authorizeRequests()
                .antMatchers("/**").hasAnyRole("admin")
                .anyRequest().authenticated();
                //.and()
                //.oauth2ResourceServer() don't use it,
                //.jwt();
                // Do not use it, otherwise you must define 
                // jwtDecoderByIssuerUri or jwtDecoderByJwkKeySetUri

如果您想启用oauth2ResourceServer,可能需要等待Spring Security 5.3.x。
可能与next-generation-oauth-2-0-support-with-spring-security有关

bq9c1y66

bq9c1y663#

我把其他答案都改了,但在我的build.gradle文件中用的是“实施”

implementation 'org.springframework.security:spring-security-oauth2-resource-server'

为什么要用“实施”?

  • ‘Compile’配置仍然存在,但不应使用,因为它不会提供‘API’和‘Implementation’配置所提供的保证。*

以上引述自:((https://docs.gradle.org/current/userguide/java_library_plugin.html#sec:java_library_separation))

我的完整文件如下

plugins {
    id 'java'
}

group 'com.mycompany.mything'
version '1.0-SNAPSHOT'

sourceCompatibility = 1.8

repositories {
    mavenCentral()
}

apply plugin: 'org.springframework.boot'
apply plugin: 'io.spring.dependency-management'

dependencies {

implementation 'org.springframework.boot:spring-boot-starter-data-rest'
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'

implementation 'org.springframework.boot:spring-boot-starter-security'
//    implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.springframework.security:spring-security-oauth2-resource-server'
implementation 'org.springframework.security:spring-security-oauth2-jose'
//    implementation 'org.springframework.security:spring-security-config'

}

另请参阅
https://medium.com/mindorks/implementation-vs-api-in-gradle-3-0-494c817a6fa
用于实施与API的讨论

zazmityj

zazmityj4#

我面临着同样的问题,希望我找到的解决方案能帮助一些人。
当您使用Spring-Security-OAuth2并启用资源服务器时,请使用WebSecurityConfigurerAdapter进行端点安全配置并覆盖方法public void configure(HttpSecurity security) throws Exception{}

相关问题