我正在尝试使用spring配置oauth2 opaque token授权。
根据官方Spring文档:
如果应用程序没有公开SecurityFilterChain bean,那么Sping Boot 将公开上面的默认bean。
当我尝试在没有任何授权令牌的情况下到达端点时,我能够到达它。
我需要手动添加securityfilterchain:
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(authorize -> authorize
.anyRequest().authenticated()
)
.oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken);
return http.build();
}另一方面,文档说明:
如果应用程序没有公开OpaqueTokenIntrospector bean,那么Sping Boot 将公开上述默认bean。
然而,当我开始服务时,我得到:
***************************
APPLICATION FAILED TO START
***************************
Description:
Method filterChain in slab.tsystems.multipart.commonsupload.config.SecurityConfiguration required a bean of type 'org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector' that could not be found.
Action:
Consider defining a bean of type 'org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector' in your configuration.我的相关依赖项:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-resource-server</artifactId>
</dependency>
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>oauth2-oidc-sdk</artifactId>
<version>10.7.2</version>
<scope>runtime</scope>
</dependency>为什么不应用默认行为?
1条答案
按热度按时间wwwo4jvm1#
正如Spring OAuth2 Resource Server文档中所解释的,您应该声明一个
Bean返回introspector或创建一个CustomOpaqueTokenIntrospector。Bean:或者,如果你想自定义token introspection端点响应,你可以创建一个实现
OpaqueTokenIntrospector接口的CustomOpaqueTokenIntrospector。然后像这样传递给配置: