问题描述
我正在尝试将 Spring OAuth2 集成到 Spring MVC REST 中.大多数 Spring OAuth2 示例,只有 ResourceServerConfigurerAdapter
,有些还有 WebSecurityConfigurerAdapter
.我不打算将 OAuth 与 Google、Facebook 等集成.我正在尝试为当前基于 Basic
身份验证的 Spring MVC REST 提供基于令牌的身份验证.有人可以向我解释在单个服务器中理解 Spring MVC REST + OAuth 集成需要什么而不是什么或好的资源吗?
I'm trying to integrate Spring OAuth2 into Spring MVC REST. Most of the Spring OAuth2 examples, there is only ResourceServerConfigurerAdapter
and some of have WebSecurityConfigurerAdapter
as well. I'm not going to integrate OAuth with Google, Facebook, etc. I'm trying to provide a token based authentication for Spring MVC REST which is currently based on Basic
Authentication. Can someone exaplin me what is required and not or good resource to understand the Spring MVC REST +OAuth integration in a single server?
目前我的 POC 在没有 WebSecurityConfigurerAdapter
的情况下工作,但使用 ResourceServerConfigurerAdapter
和 AuthorizationServerConfigurerAdapter
.看起来 ResourceServerConfigurerAdapter
就足够了.现在我不确定我应该如何处理我现有的 WebSecurityConfigurerAdapter
,它在我的 Spring MVC REST 应用程序中运行良好.
Currently my POC works without WebSecurityConfigurerAdapter
, but with ResourceServerConfigurerAdapter
along with AuthorizationServerConfigurerAdapter
. It looks like ResourceServerConfigurerAdapter
is enough. Now I'm not sure what should I do to my existing WebSecurityConfigurerAdapter
which is working perfectly in my Spring MVC REST application.
推荐答案
这里有一个很好的答案 https://stackoverflow.com/a/28604260,看起来WebSecurityConfigurerAdapter是一个比ResourceServerConfigurerAdapter低级的命令.
Here is a good answer https://stackoverflow.com/a/28604260, it looks like WebSecurityConfigurerAdapter is an order inferior to the ResourceServerConfigurerAdapter.
我有一个 WebSecurityConfigurerAdapter 和一个 ResourceServerConfigurerAdapter,但端点安全配置在 ResourceServerConfigurerAdapter 下:
I have a WebSecurityConfigurerAdapter and a ResourceServerConfigurerAdapter, but the endpoints security configuration is in the ResourceServerConfigurerAdapter under:
public void configure(HttpSecurity http) throws Exception {
我还有以下配置:
security:
oauth2:
resource:
filter-order: 3
否则会忽略端点安全配置(我不知道为什么).
Else the endpoints security configuration is ignored (I don't know why).
这篇关于WebSecurityConfigurerAdapter 和 ResourceServerConfigurerAdapter 的关系的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!