以下是 Spring Boot 的示例:来自 GitHub 的示例代码 https://github.com/spring-projects/spring-boot/tree/master/spring-boot-samples/spring-boot-sample-jersey一切似乎都工作正常。
但是,当我在项目中集成 Spring Boot Security OAuth2 时,我的 OAuth2 端点停止工作。日志中有一条警告:
2017-05-04 08:56:24.109 WARN 2827 --- [nio-8080-exec-1] o.glassfish.jersey.servlet.WebComponent : A servlet request to the URI http://127.0.0.1:8080/oauth/token contains form parameters in the request body but the request body has been consumed by the servlet or a servlet filter accessing the request parameters. Only resource methods using @FormParam will work as expected. Resource methods consuming the request body by other means will not work as expected.
这让我想到即使我没有注册端点,Jersey 也会捕获它并处理正文,从而使 Spring MVC 无法接受请求......
我的泽西岛配置是:
@Component
public class JerseyConfig extends ResourceConfig {
public JerseyConfig() {
register(InfoController.class);
}
}
我的信息控制器非常简单:
@Component
@Path("/me")
@Produces("application/json")
public class InfoController {
@GET
public String meAction() {
return "Hi";
}
}
最后,我试图拨打的电话导致日志中出现警告:
curl -X POST -u CLIENT_APPLICATION:123456789 http://127.0.0.1:8080/oauth/token -H "Accept: application/json" -d "password=aaa&username=aa&grant_type=password&client_id=CLIENT_APPLICATION"
这两个项目之间是否存在已知的不兼容性(spring-boot-starter-jersey
and spring-security-oauth2
从这个意义上说?
删除 Jersey 配置使其一切正常,但我需要在我的控制器上使用它。
我的 OAuth2 配置是:
@Configuration
public class OAuth2ServerConfiguration {
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.resourceId("OAuth2 Server");
}
@Override
public void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/oauth/token").permitAll()
.antMatchers("/*").authenticated();
// @formatter:on
}
}
}
然后是安全配置本身:
@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
private final ApiUserDetailsService userDetailsService;
@Autowired
public WebSecurityConfiguration(ApiUserDetailsService userDetailsService) {
this.userDetailsService = userDetailsService;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
提前致谢!