用户界面(React JS应用程序)
Gateway(又名OAuth 2.0客户端)
@Configuration
@EnableWebSecurity
public class SecurityConfig {
public interface Jwt2AuthoritiesConverter extends Converter<Jwt, Collection<? extends GrantedAuthority>> {
}
@Bean
Jwt2AuthoritiesConverter authoritiesConverter() {
return jwt -> {
@SuppressWarnings("unchecked")
final Collection<String> roles = (Collection<String>) jwt.getClaims().getOrDefault("roles", List.of());
return roles.stream().map(role -> new SimpleGrantedAuthority(role)).collect(Collectors.toList());
};
}
public interface Jwt2AuthenticationConverter extends Converter<Jwt, AbstractAuthenticationToken> {
}
@Bean
Jwt2AuthenticationConverter authenticationConverter(Jwt2AuthoritiesConverter authoritiesConverter) {
return jwt -> new JwtAuthenticationToken(jwt, authoritiesConverter.convert(jwt));
}
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http,
Converter<Jwt, AbstractAuthenticationToken> authenticationConverter) throws Exception {
http.oauth2ResourceServer(oauth2ResourceServer -> oauth2ResourceServer
.jwt(jwt -> jwt.jwtAuthenticationConverter(authenticationConverter)));
http.csrf(csrf -> csrf.disable());
http.securityMatcher("/")
.authorizeHttpRequests(authorize -> authorize.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.requestMatchers("/lot-games/api/autogen/**").hasRole("ADMIN")
.requestMatchers("/lot-games/api/**").permitAll().anyRequest().authenticated());
return http.build();
}
}
我认为没问题,我只将此代码添加到SecurityConfig网关 - 但是一切都破裂了,我得到了
@Configuration
@EnableWebFluxSecurity
public class SecurityConfig {
@Bean
SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
http.csrf(Customizer.withDefaults());
return http.build();
}
}
or
但是,但是一切都崩溃了,我遇到了一个错误`
@Bean SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { return http.csrf(CsrfSpec::disable).build(); }
本应用程序没有配置的错误视图,因此您正在看到此 作为后备。星期一3月11日19:54:33 MSK 2024 [1DD5AEB3-6]有一个 意外错误(type =找不到,状态= 404)。没有静态资源 OAuth2/授权/lot-games-client-osterorization-code。 org.springframework.web.reactive.resource.noresourcefoundexception: 404 not_found“没有静态资源 oauth2/授权/lot-games-client-osterorization-code org.springframework.web.reeactive.resource.Resourcewebhandler.lambda $ whand $ 1(resourcewebhandler.java:431) 被抑制:堆叠已通过反应堆增强,请参阅 下面的其他信息:在 以下网站: *__检查点⇢ org.springframework.cloud.gateway.filter.weightcalculatorwebfilter [DefaultWebFilterChain] *__检查点⇢logoutwebfilter [DefaultWebFilterChain] *__检查点⇢serverrequestcachewebfilter [DefaultWebFilterChain] *__检查点⇢ SecurityContextServerwebexChangeWebFilter [DefaultWeabfilterChain] *__ checkpoint⇢reactorContextextextwebfilter [defaultwebfilterchain] *__检查点⇢csrfwebfilter [defaultwebfilterchain] *__检查点 ⇢httpheaderwriterwebfilter [defaultwebfilterchain] *__检查点⇢ serverwebexchangereactorcontextwebfilter [defaultwebfilterchain] *__检查点⇢ org.springframework.security.web.server.webfilterchainproxy [DefaultWebFilterChain] *__检查点⇢http get “/oauth2/授权/lot-games-client-oterorization-code” [exceptionhandlingwebhandler]
你可以帮我吗?
当您的
路径时,就会发生这种情况。在您的情况下,有一条线SecurityFilterChain
呼叫不包括
securityMatcher
/oauth2/**
http.securityMatcher("/")
检查是否有帮助。