我下面来自Dave Syer基本春天启动的OAuth2例如:https://github.com/dsyer/sparklr-boot/blob/master/src/main/java/demo/Application.java如何让Spring引导和的OAuth2例如使用其他的密码授予证书不是默认
@Configuration
@ComponentScan
@EnableAutoConfiguration
@RestController
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
@RequestMapping("/")
public String home() {
return "Hello World";
}
@Configuration
@EnableResourceServer
protected static class ResourceServer extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
// Just for laughs, apply OAuth protection to only 2 resources
.requestMatchers().antMatchers("/","/admin/beans").and()
.authorizeRequests()
.anyRequest().access("#oauth2.hasScope('read')");
// @formatter:on
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId("sparklr");
}
}
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// @formatter:off
clients.inMemory()
.withClient("my-trusted-client")
.authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")
.authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
.scopes("read", "write", "trust")
.resourceIds("sparklr")
.accessTokenValiditySeconds(60)
.and()
.withClient("my-client-with-registered-redirect")
.authorizedGrantTypes("authorization_code")
.authorities("ROLE_CLIENT")
.scopes("read", "trust")
.resourceIds("sparklr")
.redirectUris("http://anywhere?key=value")
.and()
.withClient("my-client-with-secret")
.authorizedGrantTypes("client_credentials", "password")
.authorities("ROLE_CLIENT")
.scopes("read")
.resourceIds("sparklr")
.secret("secret");
// @formatter:on
}
}
}
的例子都非常好,这两种类型的授权,但密码授权使用Spring Boot默认安全用户(在启动过程中回显为“使用默认安全密码:927ca0a0-634a-4671-bd1c-1323a866618a”)。
我的问题是你如何覆盖默认的用户帐户,实际上依赖WebSecurityConfig?我已经添加了这样一个部分:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
protected static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder authManagerBuilder)
throws Exception {
authManagerBuilder.inMemoryAuthentication().withUser("user")
.password("password").roles("USER");
}
}
但它似乎并没有重写默认的Spring用户/密码,即使文档建议它应该。
我错过了什么让它工作?
没有它不应该,除非你加上'@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)'它。您可以通过设置属性'security.user.name'和'security.user.password'来设置application.properties文件中的默认用户名/密码。有关更多属性,请参见[参考指南](http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html)。 – 2014-10-29 07:05:11
这里有一个更好的示例(更新):https://github.com/spring-projects/spring-security-oauth/blob/master/tests/annotation/jdbc/src/main/java/demo/Application的.java#L81。这个'authenticationManager'方法是2.0.4快照中的新覆盖(如果你想在2.0.3中使用它,请查看实现)。 – 2014-10-29 08:03:53
@DaveSyer样本没有运行我,“创建名称为'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration'的错误' – 2015-01-08 03:57:26