问题描述
我尝试使用带有angular2的Oauth2-Authentication访问我的Spring-Boot应用程序。当我使用基本身份验证(包括用户名和密码)向 oauth / token 发送后置请求以获取令牌(在邮递员中很好用)时,我得到了 401未经授权 >。我知道我的浏览器发送了带有OPTIONS方法的预检请求,并且我已经实现了 security-configuration ,因此它应该忽略并允许选项请求,但它不起作用。
I try to access my Spring-Boot-application with Oauth2-Authentication with angular2. When i send a post-request to "oauth/token" with my basic authentication including username and password to get a token, which works fine in postman, i get an 401 Unauthorized. I know that my browser sends a preflight-request with the OPTIONS-method, and i have implemented my security-configuration so that it should ignore and allow the options request, but it doesnt work.
这是我的安全配置:
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class OAuth2SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private ClientDetailsService clientDetailsService;
@Autowired
DataSource dataSource;
@Autowired
public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery(
"select username, password, 1 from users where username = ?")
.authoritiesByUsernameQuery(
"select u.username, r.name from users u, roles r, role_users ru "
+ "where u.username = ? and u.id = ru.users_id and ru.roles_id = r.id ");
auth.inMemoryAuthentication()
.withUser("admin").password("admin").roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.anonymous().disable()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/oauth/token").permitAll();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers(HttpMethod.OPTIONS,"/oauth/token");
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
特别是最后一个配置方法应该允许我访问api并获得令牌。
Especially the last configure-method should allow me to access the api and get a token.
可能是什么问题?谢谢所有帮助。
What could be the problem? Thanks for all help.
推荐答案
我发现了问题....问题出在我身上。
I found the problem....the problem was me.
此代码没有错。我刚启动了错误的服务器(复制项目)。一切正常。
There is nothing wrong on this code. i just started the wrong server (copy project). Everything works fine.
这篇关于未经授权的OPTIONS请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!