是赵敢敢啊
2021-08-16 22:23
采纳率: 100%
浏览 83
已结题

Nginx配置反向代理,后端Security项目认证失败

问题描述:
前端是用Vue写的,后端是SpringSecurity + Oauth2写的
img
Nginx配置如下
img
后端的Security配置如下,其实这个东西我也不是很明白,

package com.eleven.config;

import io.swagger.models.HttpMethod;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * @author zhaojinhui
 * @date 2021/3/13 14:15
 * @apiNote
 */
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService)
                .passwordEncoder(passwordEncoder);
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        super.configure(web);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf()
                .disable()
                .cors()
                .and()
                .authorizeRequests()
                .antMatchers("/oauth/**","/login/**","logout/**","/common/**", "options","/try/**","/user/updatePwd","/index.html","/index.htm").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin().permitAll()
        ;
    }
}

Oauth的资源配置这样的是

package com.eleven.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;

/**
 * @author zhaojinhui
 * @date 2021/3/13 14:22
 * @apiNote 授权服务配置类
 * @EnableAuthorizationServer 表示这是一个授权服务器配置类
 */
@Configuration
@EnableAuthorizationServer
public class AuthorizationServer extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    @Qualifier("redisTokenStore")
    private TokenStore tokenStore;

    @Value("${oauth2.clientId}")
    private String clientId;
    @Value("${oauth2.secret}")
    private String secret;

    @Bean
    public DefaultTokenServices tokenServices(){
        DefaultTokenServices services = new DefaultTokenServices();
        services.setTokenStore(tokenStore);
        //开启支持 refreshToken
        services.setSupportRefreshToken(true);
        //复用refreshToken
        services.setReuseRefreshToken(true);
        //token有效期 30分钟
        services.setAccessTokenValiditySeconds(30 * 60);
        // refreshToken有效期7天
        services.setRefreshTokenValiditySeconds(7 * 24 * 60 * 60);
        return services;
    }

    /**
     * 密码模式
     * @param endpoints
     * @throws Exception
     */
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints
                //自定义登录逻辑
                .userDetailsService(userDetailsService)
                // 授权管理器
                .authenticationManager(authenticationManager)
                //token存储位置
                .tokenStore(tokenStore)
                .tokenServices(tokenServices());
        ;

    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        // 使用内存认证模式
        clients.inMemory()
                // clientId
                .withClient(clientId)
                // client密码
                .secret(passwordEncoder.encode(secret))
                // 认证成功之后的重定向地址,获取授权码
                .redirectUris("http://www.baidu.com")
                // 授权范围
                .scopes("all")
                // 授权类型
                .authorizedGrantTypes("authorization_code","password","refresh_token");
    }
}
package com.eleven.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;

/**
 * @author zhaojinhui
 * @date 2021/3/13 14:39
 * @apiNote 资源服务器配置
 */
@Configuration
@EnableResourceServer
public class ResourceConfig extends ResourceServerConfigurerAdapter {

    @Autowired
    private RedisConnectionFactory redisConnectionFactory;

    @Autowired
    @Qualifier("redisTokenStore")
    private TokenStore tokenStore;

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/oauth/**",
                        "/login/**",
                        "/register/**",
                        "/logout/**",
                        "/common/**",
                        "/swagger-ui/**",
                        "/swagger-resources/**",
                        "/v2/**",
                        "/user/updatePwd",
                        "/index.html",
                        "/index.htm")
                .permitAll()
                .anyRequest().authenticated()
                .and()
        ;

    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.stateless(true);
        resources.tokenStore(tokenStore);
    }

}

Nginx 访问之后就出现了 Full authentication is required to access this resourceunauthorized
网上都说是Security认证失败了,也不知道怎么解决,有人知道的话告知一下。谢谢!

  • 收藏

2条回答 默认 最新

  • 已采纳

    这个要后台配合,设置用户菜单,权限,角色等进行登录合法性验证。

    已采纳该答案
    打赏 评论
  • 是赵敢敢啊 2021-08-17 00:05

    真是尴尬
    已解决, 手残了把前端打包好的文件夹传上去之后,
    nginx.conf 里边的 root文件加写错了

    server{
      location{
        # 这里写成了 dest;
        root  dist;
      }
    }
    
    打赏 评论

相关推荐 更多相似问题