Java – spring cannot configure the authorization server
I created a simple authorization server, but I couldn't configure it
>Start two applications (8080 for auth server and 9999 for client). > Go to localhost: 9999 / client and redirect to localhost: 8080 / login (as expected). > Use user / user to fill in the login form. > Redirect to localhost: 9999 / client (as expected), but have Hello, null instead of Hello, user
However, if I visit localhost: 8080 / me directly, I have {"name": "user"} How do I retrieve Hello, user?
Authorization server
@RestController @EnableAuthorizationServer @SpringBootApplication public class Application extends WebSecurityConfigurerAdapter { public static void main(String[] args) { SpringApplication.run(Application.class,args); } @GetMapping({ "/user","/me" }) public Map<String,String> user(Principal principal) { return Collections.singletonMap("name",principal == null ? "null" : principal.getName()); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication() .withUser("user").password("user").authorities(AuthorityUtils.NO_AUTHORITIES); } @Override protected void configure(HttpSecurity http) throws Exception { http.formLogin(); } }
Application properties
security: oauth2: client: client-id: clientid client-secret: clientsecret scope: read,write auto-approve-scopes: '.*'
customer
@Configuration @EnableAutoConfiguration @EnableOAuth2Sso @RestController public class Client { @GetMapping("/") public String home(Principal principal) { return "Hello," + principal.getName(); } public static void main(String[] args) { new SpringApplicationBuilder(Client.class) .properties("spring.config.name=client").run(args); } }
Customer's property
server: port: 9999 context-path: /client security: oauth2: client: client-id: clientid client-secret: clientsecret access-token-uri: http://localhost:8080/oauth/token user-authorization-uri: http://localhost:8080/oauth/authorize resource: user-info-uri: http://localhost:8080/me
Update: when all the work was downloaded, I downloaded a tutorial, but it has ssofilter for oauth2 authentication only I just want to configure it with loginform I also shared a temporary example on GitHub I think it will be easier to find problems with it
Solution
There are different ports 9999 8080. When it requests resources from a domain or port different from the domain or port served by the first resource itself, this will lead to cross source HTTP requests
More details about HTTP access control (CORS)
There is a good example on the official spring website enabling cross origin requests for a restful web service
I suggest that you only need to implement the filter interface to perform CORS filtering on your application
@Component @Order(Ordered.HIGHEST_PRECEDENCE) public class CorsFilter implements Filter { public CorsFilter() { } @Override public void doFilter(ServletRequest req,ServletResponse res,FilterChain chain) throws IOException,ServletException { HttpServletResponse response = (HttpServletResponse) res; HttpServletRequest request = (HttpServletRequest) req; response.setHeader("Access-Control-Allow-Origin","*"); //for production add only origins which should be allowed to access Now for demo purposes this accepts all. response.setHeader("Access-Control-Allow-Methods","POST,GET,OPTIONS,DELETE"); //i would reduce this method list if not all methods used this is added just for demo purposes response.setHeader("Access-Control-Max-Age","3600"); response.setHeader("Access-Control-Allow-Headers","x-requested-with,authorization"); if ("OPTIONS".equalsIgnoreCase(request.getmethod())) { response.setStatus(HttpServletResponse.SC_OK); } else { chain.doFilter(req,res); } } @Override public void init(FilterConfig filterConfig) { } @Override public void destroy() { } }
If you are using the spring boot app, be sure to include the package where the new filter is located in the component scan
If you use 'web XML 'to configure:
Then add a filter
<filter> <filter-name>CORS</filter-name> <filter-class>com.mycompany.CorsFilter</filter-class> </filter>
Option to add a mapping on the servlet
<filter-mapping> <filter-name>CORS</filter-name> <servlet-name>MyServlet</servlet-name> </filter-mapping>
Option B add filters for all applications:
<filter-mapping> <filter-name>CORS</filter-name> <url-pattern>/*</url-pattern> <!--this will add cors on all apps--> </filter-mapping>