Spring Oauth2 CORS - PullRequest
       4

Spring Oauth2 CORS

0 голосов
/ 16 февраля 2020

Я пытаюсь вызвать службу входа в приложение Angular, но я застрял с ошибкой CORS. Я уже добавил конфигурацию cors в WebSecurityConfigurerAdapter. Я уже попробовал некоторые конфигурации, подобные приведенным ниже. На почтальоне все работает хорошо.

AuthorizationServerConfigurerAdapter

            import java.util.Arrays;
            import java.util.Collections;
            import java.util.List;
            import javax.servlet.http.HttpServletRequest;
            import javax.servlet.http.HttpServletResponse;
            import javax.sql.DataSource;
            import org.springframework.beans.factory.annotation.Autowired;
            import org.springframework.beans.factory.annotation.Qualifier;
            import org.springframework.context.annotation.Bean;
            import org.springframework.context.annotation.Configuration;
            import org.springframework.security.authentication.AuthenticationManager;
            import org.springframework.security.core.userdetails.UserDetailsService;
            import org.springframework.security.crypto.password.PasswordEncoder;
            import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
            import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
            import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
            import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
            import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
            import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
            import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
            import org.springframework.security.oauth2.provider.token.DefaultUserAuthenticationConverter;
            import org.springframework.security.oauth2.provider.token.TokenEnhancer;
            import org.springframework.security.oauth2.provider.token.TokenEnhancerChain;
            import org.springframework.security.oauth2.provider.token.TokenStore;
            import org.springframework.security.oauth2.provider.token.UserAuthenticationConverter;
            import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
            import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
            import org.springframework.web.cors.CorsConfiguration;
            import org.springframework.web.cors.CorsConfigurationSource;
            import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
            import org.springframework.web.servlet.config.annotation.CorsRegistry;
            import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

            @Configuration
            @EnableAuthorizationServer
            public class OAuth2AuthorizationServer extends AuthorizationServerConfigurerAdapter {

              @Autowired
              @Qualifier("dataSource")
              private DataSource dataSource;

              @Autowired private AuthenticationManager authenticationManager;
              @Autowired private UserDetailsService userDetailsService;
              @Autowired private PasswordEncoder oauthClientPasswordEncoder;


              @Bean
              JwtAccessTokenConverter accessTokenConverter() {
                JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
                ((DefaultAccessTokenConverter) converter.getAccessTokenConverter())
                    .setUserTokenConverter(userAuthenticationConverter());

                return converter;
              }

              @Bean
              public TokenEnhancer tokenEnhancer() {
                return new CustomTokenEnhancer();
              }

              @Bean
              public TokenStore tokenStore() {
                return new JwtTokenStore(accessTokenConverter());
              }

              @Bean
              public OAuth2AccessDeniedHandler oauthAccessDeniedHandler() {
                return new OAuth2AccessDeniedHandler();
              }

              @Override
              public void configure(AuthorizationServerSecurityConfigurer oauthServer) {

                oauthServer
                    .tokenKeyAccess("permitAll()")
                    .checkTokenAccess("isAuthenticated()")
                    .passwordEncoder(oauthClientPasswordEncoder);
              }

              @Override
              public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
                clients.jdbc(dataSource);
              }

              @Bean
              public UserAuthenticationConverter userAuthenticationConverter() {
                DefaultUserAuthenticationConverter defaultUserAuthenticationConverter =
                    new DefaultUserAuthenticationConverter();
                defaultUserAuthenticationConverter.setUserDetailsService(userDetailsService);
                return defaultUserAuthenticationConverter;
              }


              @Override
              public void configure(final AuthorizationServerEndpointsConfigurer endpoints) {
                TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
                tokenEnhancerChain.setTokenEnhancers(
                    List.of(new CustomTokenEnhancer(), accessTokenConverter()));


                endpoints
                    .accessTokenConverter(accessTokenConverter())
                    .userDetailsService(userDetailsService)
                    .authenticationManager(authenticationManager)
                    .tokenEnhancer(tokenEnhancerChain);
              }

            }

ResourceServerConfigurerAdapter

            import org.springframework.context.annotation.Bean;
            import org.springframework.context.annotation.Configuration;
            import org.springframework.security.config.annotation.web.builders.HttpSecurity;
            import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
            import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
            import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
            import org.springframework.web.cors.CorsConfiguration;
            import org.springframework.web.cors.CorsConfigurationSource;
            import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

            import java.util.Arrays;

            @Configuration
            @EnableResourceServer
            public class OAuth2ResourceServer extends ResourceServerConfigurerAdapter {
              private static final String SECURED_PATTERN = "/secured/**";
              private static final String SECURED_READ_SCOPE = "#oauth2.hasScope('read')";
              private static final String SECURED_WRITE_SCOPE = "#oauth2.hasScope('write')";

              @Override
              public void configure(ResourceServerSecurityConfigurer resources) {
                resources.resourceId("resource-server-rest-api").stateless(false);
              }

              @Override
              public void configure(HttpSecurity http) throws Exception {

                http.cors().and().antMatcher("/api/**")
                        .authorizeRequests()
                        .antMatchers("/**", "/login**", "/error**", "/api/auth/**")
                        .permitAll()
                ;
                http.authorizeRequests().antMatchers("/api/**").authenticated();

              }
              @Bean
              CorsConfigurationSource corsConfigurationSource() {
                CorsConfiguration configuration = new CorsConfiguration();
                configuration.setAllowedOrigins(Arrays.asList("http://localhost:4200/"));
                configuration.setAllowedMethods(Arrays.asList("GET","POST"));
                UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
                source.registerCorsConfiguration("/**", configuration);
                return source;
              }
            }

WebSecurityConfigurerAdapter

            import org.springframework.beans.factory.annotation.Autowired;
            import org.springframework.context.annotation.Bean;
            import org.springframework.context.annotation.Configuration;
            import org.springframework.security.authentication.AuthenticationManager;
            import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
            import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
            import org.springframework.security.config.annotation.web.builders.HttpSecurity;
            import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
            import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
            import org.springframework.security.core.userdetails.UserDetailsService;
            import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
            import org.springframework.security.crypto.password.PasswordEncoder;

            @Configuration
            @EnableWebSecurity
            @EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
            public class Oauth2WebSecurityConfig extends WebSecurityConfigurerAdapter {

              @Autowired private UserDetailsService userDetailsService;
              @Autowired private PasswordEncoder userPasswordEncoder;

              @Override
              @Bean
              public AuthenticationManager authenticationManagerBean() throws Exception {
                return super.authenticationManagerBean();
              }

              @Override
              protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth.userDetailsService(userDetailsService).passwordEncoder(userPasswordEncoder);
              }


              @Override
              protected void configure(HttpSecurity http) throws Exception {


                http.cors().and().antMatcher("/**")
                    .authorizeRequests()
                    .antMatchers("/**", "/login**", "/error**", "/api/auth/**")
                    .permitAll()
                ;

                http.cors().and()
                        .formLogin();
            ;
              }

              @Bean
              public BCryptPasswordEncoder passwordEncoder() {
                return new BCryptPasswordEncoder();
              }
            }

1 Ответ

1 голос
/ 16 февраля 2020

Первым шагом, когда браузер пытается проверить CORS, является отправка дополнительного метода, поэтому вы должны также включить метод OPTIONS, вы настраиваете конфигурацию

@Bean
              CorsConfigurationSource corsConfigurationSource() {
                CorsConfiguration configuration = new CorsConfiguration();
                configuration.setAllowedOrigins(Arrays.asList("http://localhost:4200/"));
                configuration.setAllowedMethods(Arrays.asList("GET","POST","OPTIONS"));
                UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
                source.registerCorsConfiguration("/**", configuration);
                return source;
              }
Добро пожаловать на сайт PullRequest, где вы можете задавать вопросы и получать ответы от других членов сообщества.
...