Saya memiliki aplikasi OAUTH2 tempat titik akhir oauth2 diamankan oleh Spring Security, sehingga beberapa halaman dilindungi oleh login berbasis formulir.
Sebelumnya jika saya menekan salah satu URL ini, saya dialihkan dengan benar ke halaman login.
Saya baru saja memutakhirkan dari Spring Boot 1.5.16 ke Spring Boot 2.0.6. menghasilkan peningkatan melalui dependensi Spring Security dari 4.2.8 ke 5.0.9
Sekarang jika saya menekan URL di mana saya tidak masuk, saya hanya mendapatkan halaman seperti ini:
<oauth>
<error_description>
Full authentication is required to access this resource
</error_description>
<error>unauthorized</error>
</oauth>
Terlebih lagi jika saya mencoba dan menekan halaman login saya tidak berwenang untuk itu. Adakah yang tahu apa penyebabnya? Filter pesanan mungkin?
Seperti inilah konfigurasi keamanan saya:
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final AuthenticationManager authenticationManager;
private final Environment environment;
@Autowired
public SecurityConfig(AuthenticationManager authenticationManager, Environment environment) {
this.authenticationManager = authenticationManager;
this.environment = environment;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().
headers().frameOptions().disable().and()
.formLogin().loginPage("/login").permitAll()
.and()
.requestMatchers().antMatchers("/login", "/logout", "/oauth/authorize", "/oauth/confirm_access")
.and()
.authorizeRequests().anyRequest().authenticated();
}
}
dan ini adalah rantai filter yang dibuat:
2018-10-19 15:22:10.865 INFO 19012 --- [ restartedMain] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: OrRequestMatcher [requestMatchers=[Ant [pattern='/oauth/token'], Ant [pattern='/oauth/token_key'], Ant [pattern='/oauth/check_token']]], [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@737f44b6, org.springframework.security.web.context.SecurityContextPersistenceFilter@61f7a8e9, org.springframework.security.web.header.HeaderWriterFilter@139be706, org.springframework.security.web.authentication.logout.LogoutFilter@60b40eca, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@7467a12, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@4fd13263, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@1d003890, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@6e762f08, org.springframework.security.web.session.SessionManagementFilter@13f07542, org.springframework.security.web.access.ExceptionTranslationFilter@2e2ecd3a, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@65db717c]
2018-10-19 15:22:10.880 INFO 19012 --- [ restartedMain] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration$NotOAuthRequestMatcher@4432df93, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@c48f5fc, org.springframework.security.web.context.SecurityContextPersistenceFilter@731455ec, org.springframework.security.web.header.HeaderWriterFilter@67e583c6, org.springframework.security.web.authentication.logout.LogoutFilter@7bc67409, org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter@4c112545, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@16762cc2, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@5dc67679, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@5473e34c, org.springframework.security.web.session.SessionManagementFilter@4e9d0777, org.springframework.security.web.access.ExceptionTranslationFilter@750210bc, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@d7ab665]
2018-10-19 15:22:10.895 INFO 19012 --- [ restartedMain] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: OrRequestMatcher [requestMatchers=[Ant [pattern='/login'], Ant [pattern='/logout'], Ant [pattern='/oauth/authorize'], Ant [pattern='/oauth/confirm_access']]], [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@22671580, org.springframework.security.web.context.SecurityContextPersistenceFilter@412e0841, org.springframework.security.web.header.HeaderWriterFilter@60f6611f, org.springframework.security.web.authentication.logout.LogoutFilter@24ec00c6, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@1531681a, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@242e419a, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@77833299, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2ea3b229, org.springframework.security.web.session.SessionManagementFilter@38fd683f, org.springframework.security.web.access.ExceptionTranslationFilter@7e4364ca, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@63dad600]
201