In the beginning, it was no problem to integrate oauth2 with springboot1.5, but now it has been upgraded to springboot2.1
question 1
Possible CSRF detected - state parameter was required but no state could be found
Client code
@EnableOAuth2Sso
@Configuration
public class UiSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**")
.authorizeRequests()
.antMatchers("/", "/login**")
.permitAll()
.anyRequest()
.authenticated();
}
}
After getting the code, stayed on the landing page and found the following solutions on the Internet: 1. Configure server. Servlet. Session. Cookie. Name = upsessionid, but this attempt failed. 2. Set the code policy authcodeprovider. Setstatemandatory (false); A lot of code has been changed here
@Configuration
@EnableOAuth2Client
@EnableGlobalMethodSecurity(prePostEnabled=true)//open @PreAuthorize
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private OAuth2ClientContext oauth2ClientContext;
@Override
protected void configure(HttpSecurity http) throws Exception {
// // @formatter:off
http.authorizeRequests()
.anyRequest().authenticated().and()
.formLogin().loginPage("/login").permitAll().and()
.exceptionHandling().and()
.logout().logoutSuccessUrl("/login").permitAll()
.and().headers().frameOptions().sameOrigin()
.and().csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);//Here it needs to be configured before basic
}
@Bean
public FilterRegistrationBean oauth2ClientFilterRegistration(OAuth2ClientContextFilter filter) {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(filter);
registration.setOrder(-100);
return registration;
}
@Bean
@ConfigurationProperties("security.oauth2")
public ClientResources trina() {
return new ClientResources();
}
private Filter ssoFilter() {
CompositeFilter filter = new CompositeFilter();
List<filter> filters = new ArrayList<filter>();
filters.add(ssoFilter(trina(), "/login"));
filter.setFilters(filters);
return filter;
}
private Filter ssoFilter(ClientResources client, String path) {
OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationFilter = new OAuth2ClientAuthenticationProcessingFilter(
path);
OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(client.getClient(), this.oauth2ClientContext);
oAuth2ClientAuthenticationFilter.setRestTemplate(oAuth2RestTemplate);
AuthorizationCodeAccessTokenProvider authCodeProvider = new AuthorizationCodeAccessTokenProvider();
authCodeProvider.setStateMandatory(false);
AccessTokenProviderChain provider = new AccessTokenProviderChain(
Arrays.asList(authCodeProvider));
oAuth2RestTemplate.setAccessTokenProvider(provider);
UserInfoTokenServices tokenServices = new UserInfoTokenServices(client.getResource().getUserInfoUri(),
client.getClient().getClientId());
tokenServices.setRestTemplate(oAuth2RestTemplate);
oAuth2ClientAuthenticationFilter.setTokenServices(tokenServices);
return oAuth2ClientAuthenticationFilter;
}
}
class ClientResources {
@NestedConfigurationProperty
private AuthorizationCodeResourceDetails client = new AuthorizationCodeResourceDetails();
@NestedConfigurationProperty
private ResourceServerProperties resource = new ResourceServerProperties();
public AuthorizationCodeResourceDetails getClient() {
return client;
}
public ResourceServerProperties getResource() {
return resource;
}
}
Access the connection after modification, and jump to the specified page after login& </ filter>&</ filter>
Similar Posts:
- Error creating bean with name ‘scopedTarget.oauth2ClientContext’: Scope ‘session’ is not active for the current thread;
- [Solved] oauth2(spring security) Error: method_not_allowed(Request method ‘GET’ not supported)
- [Solved] Oauth2(spring security)method_not_allowed(Request method ‘GET’ not supported)
- Request failed with status code 500 & Self referencing loop detected for property ‘xx‘ with type
- [Solved] remote calling three-party interface error: javax.net.ssl.SSLHandshakeException
- Consider defining a bean of type ‘xxx’ in your configuration. Autowired(required=true)
- Accessdeniedhandler configured in spring security does not take effect
- Problems of bad credentials, encoded password does not look like bcrypt in spring-cloud-oauth2 upgrade
- How to Solve Error: Preflight response is not successful
- The solution of “no matching function for call to…” in G + + compilation