u013236844
logeed1
采纳率25%
2019-07-30 14:55 阅读 3.0k

Spring security Oauth2 自定义拦截器如何在验证token之前执行?

20

想通过拦截器的方式把所有的请求 带一个token过去 然后再去验证。
现在问题是没有等到我的拦截器执行就报401了 无权限了。


@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
@Order(-1)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {


    @Autowired
    private SuccessAuthenticationSuccessHandler successAuthenticationSuccessHandler;
    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        // 设置默认的加密方式
        return new BCryptPasswordEncoder();
    }


    @Bean
    @Override
    public UserDetailsService userDetailsService() {
        return new UserDetailsServiceImpl();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        // 使用自定义认证与授权
        auth.userDetailsService(userDetailsService());
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        // 将 check_token 暴露出去,否则资源服务器访问时报 403 错误

        web.ignoring().antMatchers("/oauth/check_token");

    }
    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {

        return super.authenticationManagerBean();

    }


    @Override
    protected void configure(HttpSecurity http) throws Exception {
                //自定义TokenFilter 不执行为什么?
        http.addFilterAt(new TokenFilter(), FilterSecurityInterceptor.class);
        http.requestMatchers().antMatchers(HttpMethod.OPTIONS, "/oauth/token")
                .and()
                .cors()
                .and()
                .csrf().disable();


    }



@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
    @Autowired
    private AdminPermissionRepository adminPermissionRepository;
    @Autowired
    private SuccessAuthenticationSuccessHandler successAuthenticationSuccessHandler;
    @Override
    public void configure(HttpSecurity http) throws Exception {
        List<AdminPermission> permissions = adminPermissionRepository.findAll();
        http .headers().frameOptions().sameOrigin();
        http
                .exceptionHandling()
                .and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
                 .antMatchers("/","/login","/static/**","/assets/**").permitAll();

            permissions.forEach(permission->{
                try {
                    http.authorizeRequests().antMatchers(permission.getUrl()).hasAuthority(permission.getNameEn());
                } catch (Exception e) {
                    e.printStackTrace();
                }
            });


    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        super.configure(resources);
    }

}

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

1条回答 默认 最新

相关推荐