logeed1 2019-07-30 14:55 采纳率: 25%
浏览 4736
已结题

Spring security Oauth2 自定义拦截器如何在验证token之前执行?

想通过拦截器的方式把所有的请求 带一个token过去 然后再去验证。
现在问题是没有等到我的拦截器执行就报401了 无权限了。


@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
@Order(-1)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {


    @Autowired
    private SuccessAuthenticationSuccessHandler successAuthenticationSuccessHandler;
    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        // 设置默认的加密方式
        return new BCryptPasswordEncoder();
    }


    @Bean
    @Override
    public UserDetailsService userDetailsService() {
        return new UserDetailsServiceImpl();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        // 使用自定义认证与授权
        auth.userDetailsService(userDetailsService());
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        // 将 check_token 暴露出去,否则资源服务器访问时报 403 错误

        web.ignoring().antMatchers("/oauth/check_token");

    }
    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {

        return super.authenticationManagerBean();

    }


    @Override
    protected void configure(HttpSecurity http) throws Exception {
                //自定义TokenFilter 不执行为什么?
        http.addFilterAt(new TokenFilter(), FilterSecurityInterceptor.class);
        http.requestMatchers().antMatchers(HttpMethod.OPTIONS, "/oauth/token")
                .and()
                .cors()
                .and()
                .csrf().disable();


    }




@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
    @Autowired
    private AdminPermissionRepository adminPermissionRepository;
    @Autowired
    private SuccessAuthenticationSuccessHandler successAuthenticationSuccessHandler;
    @Override
    public void configure(HttpSecurity http) throws Exception {
        List<AdminPermission> permissions = adminPermissionRepository.findAll();
        http .headers().frameOptions().sameOrigin();
        http
                .exceptionHandling()
                .and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
                 .antMatchers("/","/login","/static/**","/assets/**").permitAll();

            permissions.forEach(permission->{
                try {
                    http.authorizeRequests().antMatchers(permission.getUrl()).hasAuthority(permission.getNameEn());
                } catch (Exception e) {
                    e.printStackTrace();
                }
            });


    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        super.configure(resources);
    }

}
  • 写回答

1条回答

  • threenewbee 2019-07-30 17:55
    关注

    https://blog.csdn.net/weixin_42844971/article/details/89457130

    评论

报告相同问题?

悬赏问题

  • ¥50 易语言把MYSQL数据库中的数据添加至组合框
  • ¥20 求数据集和代码#有偿答复
  • ¥15 关于下拉菜单选项关联的问题
  • ¥20 java-OJ-健康体检
  • ¥15 rs485的上拉下拉,不会对a-b<-200mv有影响吗,就是接受时,对判断逻辑0有影响吗
  • ¥15 使用phpstudy在云服务器上搭建个人网站
  • ¥15 应该如何判断含间隙的曲柄摇杆机构,轴与轴承是否发生了碰撞?
  • ¥15 vue3+express部署到nginx
  • ¥20 搭建pt1000三线制高精度测温电路
  • ¥15 使用Jdk8自带的算法,和Jdk11自带的加密结果会一样吗,不一样的话有什么解决方案,Jdk不能升级的情况