Spring Security 弹出oauth2:授权服务安全设置

svujldwt  于 12个月前  发布在  Spring
关注(0)|答案(1)|浏览(169)

我已经部署了一个authorization server
另一方面,我有一个服务正在使用spring-security-oauth2-client依赖项,以便从以前部署的authorization server中获取令牌。
authorization-server非常简单。我的意思是,它有任何配置类,只有下一个配置:

logging:
  level:
    org.springframework.security: trace

spring:
  security:
    oauth2:
      authorizationserver:
        client:
          oidc-client:
            registration:
              client-id: "rdocelec"
              client-secret: "{noop}xxx"
              client-authentication-methods:
                - "client_secret_basic"
              authorization-grant-types:
                - "client_credentials"
              scopes:
                - "api"
            require-authorization-consent: true

字符串
然而,当我的service启动并试图获取oauth2授权服务器openid配置时,我得到了未经验证的响应:

  • _/.well-known/openid-configuration
  • _/.well-known/oauth-authorization-server
HTTP GET http://oauthz:8080/.well-known/openid-configuration
Accept=[application/json, application/cbor, application/*+json]
sun.net.www.MessageHeader@20395afe5 pairs: {GET /.well-known/openid-configuration HTTP/1.1: null}{Accept: application/json, application/cbor, application/*+json}{User-Agent: Java/11.0.21}{Host: oauthz:8080}{Connection: keep-alive}
sun.net.www.MessageHeader@4b1339bf16 pairs: {null: HTTP/1.1 401}{Vary: Origin}{Vary: Access-Control-Request-Method}{Vary: Access-Control-Request-Headers}{WWW-Authenticate: Basic realm="Realm"}{X-Content-Type-Options: nosniff}{X-XSS-Protection: 0}{Cache-Control: no-cache, no-store, max-age=0, must-revalidate}{Pragma: no-cache}{Expires: 0}{X-Frame-Options: DENY}{WWW-Authenticate: Basic realm="Realm"}{Content-Length: 0}{Date: Thu, 16 Nov 2023 10:34:41 GMT}{Keep-Alive: timeout=60}{Connection: keep-alive}
Response 401 UNAUTHORIZED
HTTP GET http://oauthz:8080/.well-known/openid-configuration
Accept=[application/json, application/cbor, application/*+json]
sun.net.www.MessageHeader@451f08ea5 pairs: {GET /.well-known/openid-configuration HTTP/1.1: null}{Accept: application/json, application/cbor, application/*+json}{User-Agent: Java/11.0.21}{Host: oauthz:8080}{Connection: keep-alive}
sun.net.www.MessageHeader@dcf495c16 pairs: {null: HTTP/1.1 401}{Vary: Origin}{Vary: Access-Control-Request-Method}{Vary: Access-Control-Request-Headers}{WWW-Authenticate: Basic realm="Realm"}{X-Content-Type-Options: nosniff}{X-XSS-Protection: 0}{Cache-Control: no-cache, no-store, max-age=0, must-revalidate}{Pragma: no-cache}{Expires: 0}{X-Frame-Options: DENY}{WWW-Authenticate: Basic realm="Realm"}{Content-Length: 0}{Date: Thu, 16 Nov 2023 10:34:41 GMT}{Keep-Alive: timeout=60}{Connection: keep-alive}
Response 401 UNAUTHORIZED
HTTP GET http://oauthz:8080/.well-known/oauth-authorization-server
Accept=[application/json, application/cbor, application/*+json]
sun.net.www.MessageHeader@60610a2b5 pairs: {GET /.well-known/oauth-authorization-server HTTP/1.1: null}{Accept: application/json, application/cbor, application/*+json}{User-Agent: Java/11.0.21}{Host: oauthz:8080}{Connection: keep-alive}
sun.net.www.MessageHeader@420dee8216 pairs: {null: HTTP/1.1 401}{Vary: Origin}{Vary: Access-Control-Request-Method}{Vary: Access-Control-Request-Headers}{WWW-Authenticate: Basic realm="Realm"}{X-Content-Type-Options: nosniff}{X-XSS-Protection: 0}{Cache-Control: no-cache, no-store, max-age=0, must-revalidate}{Pragma: no-cache}{Expires: 0}{X-Frame-Options: DENY}{WWW-Authenticate: Basic realm="Realm"}{Content-Length: 0}{Date: Thu, 16 Nov 2023 10:34:41 GMT}{Keep-Alive: timeout=60}{Connection: keep-alive}
Response 401 UNAUTHORIZED


authorization service pom.xml是:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>3.1.0</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>net.gencat.transversal.espaidoc</groupId>
    <artifactId>oautz</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>oauthz</name>
    <description>Oauth Authorization server</description>
    <properties>
        <java.version>17</java.version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-oauth2-authorization-server</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-actuator</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <build>
    <finalName>oauthz</finalName>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>


在本地,这个问题不会出现。我的意思是,我用http://localhost:8080引用我的authorization service
我已经将上述服务部署到我们的测试环境中。Tehre,我的authorization service使用http://oauthz:8080引用。
我想我需要允许一些东西进入我的authorization service,但我不太清楚我需要改变什么。

r1zk6ea1

r1zk6ea11#

你必须有一个作用域openid才能使用Openid。

scopes:
   - "api"
   - openid

字符串

相关问题