spring-security Spring Boot :使用Google Oauth保护某些端点

8fsztsew  于 2022-11-11  发布在  Spring
关注(0)|答案(1)|浏览(177)

我尝试将Google SSO与Sping Boot 应用程序一起使用。
我添加了以下依赖项:

<dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-oauth2-client</artifactId>
        </dependency>

和这些属性:

spring.security.oauth2.client.registration.google.client-id=...
spring.security.oauth2.client.registration.google.client-secret=...

当我尝试使用一个端点时,我被重定向到Google登录屏幕,然后我就可以在服务器端检索用户ID了。
现在,当我尝试删除公共端点(特别是Swagger)的身份验证时,我会这样做:

@Configuration
public class SecurityConfiguration {

        @Bean
        public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                http
                        .authorizeHttpRequests((authz) -> authz
                                .mvcMatchers("/foo",
                                        "/bar",
                                        "/v3/api-docs/**",
                                        "/swagger-ui/**",
                                        "/swagger-ui.html")
                                .permitAll()
                                .anyRequest().authenticated())
                        .oauth2Client();
                return http.csrf().disable().build();
        }

}

然后我可以访问公共端点,但是对于受保护的端点,我得到了一个HTTP 403,而没有被重定向到登录页面!我的写作可能不正确,大多数文档都使用了过时的WebSecurityConfigurerAdapter
在我的理解中,我应该在调用一个安全端点之前从Google获得一个令牌。我如何在Swagger中添加一个“使用Google登录”按钮,并使用该令牌调用一个安全端点?
日志上说:

2022-08-07 11:10:52.122 DEBUG 2830 --- [nio-8080-exec-7] o.a.coyote.http11.Http11InputBuffer      : Before fill(): parsingHeader: [true], parsingRequestLine: [true], parsingRequestLinePhase: [0], parsingRequestLineStart: [0], byteBuffer.position(): [0], byteBuffer.limit(): [0], end: [613]
2022-08-07 11:10:52.122 DEBUG 2830 --- [nio-8080-exec-7] o.a.tomcat.util.net.SocketWrapperBase    : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@1a16ddaf:org.apache.tomcat.util.net.NioChannel@14d1309d:java.nio.channels.SocketChannel[connected local=/[0:0:0:0:0:0:0:1]:8080 remote=/[0:0:0:0:0:0:0:1]:50920]], Read from buffer: [0]
2022-08-07 11:10:52.122 DEBUG 2830 --- [nio-8080-exec-7] org.apache.tomcat.util.net.NioEndpoint   : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@1a16ddaf:org.apache.tomcat.util.net.NioChannel@14d1309d:java.nio.channels.SocketChannel[connected local=/[0:0:0:0:0:0:0:1]:8080 remote=/[0:0:0:0:0:0:0:1]:50920]], Read direct from socket: [613]
2022-08-07 11:10:52.122 DEBUG 2830 --- [nio-8080-exec-7] o.a.coyote.http11.Http11InputBuffer      : Received [GET /foo/ HTTP/1.1
Host: localhost:8080
Connection: keep-alive
sec-ch-ua: ".Not/A)Brand";v="99", "Google Chrome";v="103", "Chromium";v="103"
accept: */*
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
sec-ch-ua-platform: "macOS"
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:8080/swagger-ui/index.html
Accept-Encoding: gzip, deflate, br
Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: JSESSIONID=D2C74B3FC7E65CB64D4E6BD87B1172E2

]
2022-08-07 11:10:52.123 DEBUG 2830 --- [nio-8080-exec-7] o.a.t.util.http.Rfc6265CookieProcessor   : Cookies: Parsing b[]: JSESSIONID=D2C74B3FC7E65CB64D4E6BD87B1172E2
2022-08-07 11:10:52.123 DEBUG 2830 --- [nio-8080-exec-7] o.a.catalina.connector.CoyoteAdapter     :  Requested cookie session id is D2C74B3FC7E65CB64D4E6BD87B1172E2
2022-08-07 11:10:52.123 DEBUG 2830 --- [nio-8080-exec-7] o.a.c.authenticator.AuthenticatorBase    : Security checking request GET /foo/
2022-08-07 11:10:52.124 DEBUG 2830 --- [nio-8080-exec-7] org.apache.catalina.realm.RealmBase      :   No applicable constraints defined
2022-08-07 11:10:52.124 DEBUG 2830 --- [nio-8080-exec-7] o.a.c.authenticator.AuthenticatorBase    : Not subject to any constraint
2022-08-07 11:10:52.124 DEBUG 2830 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Securing GET /foo/
2022-08-07 11:10:52.124 DEBUG 2830 --- [nio-8080-exec-7] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2022-08-07 11:10:52.124 DEBUG 2830 --- [nio-8080-exec-7] o.s.s.w.s.HttpSessionRequestCache        : Loaded matching saved request http://localhost:8080/foo/
2022-08-07 11:10:52.127 DEBUG 2830 --- [nio-8080-exec-7] o.s.s.w.a.AnonymousAuthenticationFilter  : Set SecurityContextHolder to anonymous SecurityContext
2022-08-07 11:10:52.128 DEBUG 2830 --- [nio-8080-exec-7] org.apache.tomcat.util.http.Parameters   : Set encoding to UTF-8
2022-08-07 11:10:52.128 DEBUG 2830 --- [nio-8080-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to tools.t.s.FooController#helloWorld()
2022-08-07 11:10:52.129 DEBUG 2830 --- [nio-8080-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to tools.t.s.FooController#helloWorld()
2022-08-07 11:10:52.129 DEBUG 2830 --- [nio-8080-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to tools.t.s.FooController#helloWorld()
2022-08-07 11:10:52.129 DEBUG 2830 --- [nio-8080-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to tools.t.s.FooController#helloWorld()
2022-08-07 11:10:52.129 DEBUG 2830 --- [nio-8080-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to tools.t.s.FooController#helloWorld()
2022-08-07 11:10:52.129 DEBUG 2830 --- [nio-8080-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to tools.t.s.FooController#helloWorld()
2022-08-07 11:10:52.129 DEBUG 2830 --- [nio-8080-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to tools.t.s.FooController#helloWorld()
2022-08-07 11:10:52.130 DEBUG 2830 --- [nio-8080-exec-7] o.s.s.w.s.HttpSessionRequestCache        : Saved request http://localhost:8080/foo/ to session
2022-08-07 11:10:52.130 DEBUG 2830 --- [nio-8080-exec-7] o.s.s.w.a.Http403ForbiddenEntryPoint     : Pre-authenticated entry point called. Rejecting access
2022-08-07 11:10:52.130 DEBUG 2830 --- [nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-08-07 11:10:52.130 DEBUG 2830 --- [nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-08-07 11:10:52.131 DEBUG 2830 --- [nio-8080-exec-7] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2022-08-07 11:10:52.131 DEBUG 2830 --- [nio-8080-exec-7] o.a.c.c.C.[Tomcat].[localhost]           : Processing ErrorPage[errorCode=0, location=/error]
2022-08-07 11:10:52.131 DEBUG 2830 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Securing GET /error
2022-08-07 11:10:52.131 DEBUG 2830 --- [nio-8080-exec-7] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2022-08-07 11:10:52.131 DEBUG 2830 --- [nio-8080-exec-7] o.s.s.w.a.AnonymousAuthenticationFilter  : Set SecurityContextHolder to anonymous SecurityContext
2022-08-07 11:10:52.131 DEBUG 2830 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : Secured GET /error
2022-08-07 11:10:52.132 DEBUG 2830 --- [nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2022-08-07 11:10:52.132 DEBUG 2830 --- [nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2022-08-07 11:10:52.132 DEBUG 2830 --- [nio-8080-exec-7] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2022-08-07 11:10:52.132 DEBUG 2830 --- [nio-8080-exec-7] o.a.c.c.C.[.[.[/].[dispatcherServlet]    :  Disabling the response for further output
2022-08-07 11:10:52.133 DEBUG 2830 --- [nio-8080-exec-7] o.a.coyote.http11.Http11InputBuffer      : Before fill(): parsingHeader: [true], parsingRequestLine: [true], parsingRequestLinePhase: [0], parsingRequestLineStart: [0], byteBuffer.position(): [0], byteBuffer.limit(): [0], end: [613]
2022-08-07 11:10:52.133 DEBUG 2830 --- [nio-8080-exec-7] o.a.tomcat.util.net.SocketWrapperBase    : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@1a16ddaf:org.apache.tomcat.util.net.NioChannel@14d1309d:java.nio.channels.SocketChannel[connected local=/[0:0:0:0:0:0:0:1]:8080 remote=/[0:0:0:0:0:0:0:1]:50920]], Read from buffer: [0]
2022-08-07 11:10:52.133 DEBUG 2830 --- [nio-8080-exec-7] org.apache.tomcat.util.net.NioEndpoint   : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@1a16ddaf:org.apache.tomcat.util.net.NioChannel@14d1309d:java.nio.channels.SocketChannel[connected local=/[0:0:0:0:0:0:0:1]:8080 remote=/[0:0:0:0:0:0:0:1]:50920]], Read direct from socket: [0]
2022-08-07 11:10:52.133 DEBUG 2830 --- [nio-8080-exec-7] o.a.coyote.http11.Http11InputBuffer      : Received []
2022-08-07 11:10:52.133 DEBUG 2830 --- [nio-8080-exec-7] o.apache.coyote.http11.Http11Processor   : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@1a16ddaf:org.apache.tomcat.util.net.NioChannel@14d1309d:java.nio.channels.SocketChannel[connected local=/[0:0:0:0:0:0:0:1]:8080 remote=/[0:0:0:0:0:0:0:1]:50920]], Status in: [OPEN_READ], State out: [OPEN]
2022-08-07 11:10:52.133 DEBUG 2830 --- [nio-8080-exec-7] org.apache.tomcat.util.net.NioEndpoint   : Registered read interest for [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@1a16ddaf:org.apache.tomcat.util.net.NioChannel@14d1309d:java.nio.channels.SocketChannel[connected local=/[0:0:0:0:0:0:0:1]:8080 remote=/[0:0:0:0:0:0:0:1]:50920]]
2022-08-07 11:11:10.393 DEBUG 2830 --- [l-1 housekeeper] com.zaxxer.hikari.pool.HikariPool        : HikariPool-1 - Pool stats (total=10, active=0, idle=10, waiting=0)
2022-08-07 11:11:10.393 DEBUG 2830 --- [l-1 housekeeper] com.zaxxer.hikari.pool.HikariPool        : HikariPool-1 - Fill pool skipped, pool is at sufficient level.
pxq42qpu

pxq42qpu1#

我已经将.oauth2Client();更改为.oauth2Login();,它工作正常。

相关问题