java - 找不到 ResourceServerTokenServices 的 Bean - Spring-Security-Oauth2

标签 java spring rest oauth-2.0 spring-boot

我正在使用 spring-boot 构建一个示例项目,只是为了了解一些相关知识。
具体来说,我正在尝试集成 spring-security-oauth2 模块来保护我的休息服务。 我遵循了这个示例项目,它显示了一个非常简单的内存登录系统:https://github.com/royclarkson/spring-rest-service-oauth
它有效,这很好。
无论如何,当我尝试将它集成到我的应用程序中时,我收到以下异常:

...    
Caused by: java.lang.IllegalStateException: Could not wire ResourceServerTokenServices: please create a bean definition and mark it as @Primary.
        at org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration.resolveTokenServices(ResourceServerConfiguration.java:170) ~[spring-security-oauth2-2.0.4.RELEASE.jar:na]
        at org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration.configure(ResourceServerConfiguration.java:140) ~[spring-security-oauth2-2.0.4.RELEASE.jar:na]
        at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.getHttp(WebSecurityConfigurerAdapter.java:199) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:283) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:68) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration$$EnhancerByCGLIB$$71f30f65.init(<generated>) ~[spring-core-4.0.1.RELEASE.jar:na]
        at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:367) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:320) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:39) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:92) ~[spring-security-config-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerByCGLIB$$373175f.CGLIB$springSecurityFilterChain$3(<generated>) ~[spring-core-4.0.1.RELEASE.jar:3.2.5.RELEASE]
        at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerByCGLIB$$373175f$$FastClassByCGLIB$$ffddf00e.invoke(<generated>) ~[spring-core-4.0.1.RELEASE.jar:3.2.5.RELEASE]
        at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228) ~[spring-core-4.0.1.RELEASE.jar:4.0.1.RELEASE]
        at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:326) ~[spring-context-4.0.1.RELEASE.jar:4.0.1.RELEASE]
        at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerByCGLIB$$373175f.springSecurityFilterChain(<generated>) ~[spring-core-4.0.1.RELEASE.jar:3.2.5.RELEASE]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0]
        at java.lang.reflect.Method.invoke(Method.java:483) ~[na:1.8.0]
        at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:166) ~[spring-beans-4.0.1.RELEASE.jar:4.0.1.RELEASE]
        ... 27 common frames omitted

据我所知,ResourceServerTokenServices 的 DefaultTokenServices 实现应该可以使用,无需进一步实现(至少对于这个简单的场景)。我错了吗?

以下片段是我的 oauth 配置类:

授权服务器配置:

@Configuration @EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

    private TokenStore tokenStore = new InMemoryTokenStore();

    @Inject
    @Qualifier("authenticationManagerBean")
    private AuthenticationManager authenticationManager;

    @Inject
    private ResourceIdProvider resourceIdProvider;

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints
            .tokenStore(tokenStore)
            .authenticationManager(authenticationManager);
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients
            .inMemory()
            .withClient("clientapp")
            .authorizedGrantTypes("password", "refresh_token")
            .authorities("USER")
            .scopes("read", "write")
            .resourceIds(this.resourceIdProvider.getResourceId())
            .secret("123456");
    }

    @Bean
    public ResourceServerTokenServices tokenServices() {
        DefaultTokenServices tokenServices = new DefaultTokenServices();
        tokenServices.setSupportRefreshToken(true);
        tokenServices.setTokenStore(this.tokenStore);
        return tokenServices;
    } }

ResourceServerConfigurationImpl:

@Configuration @EnableResourceServer
public class ResourceServerConfigurationImpl extends ResourceServerConfigurerAdapter {

    @Inject
    private ResourceIdProvider resourceIdProvider;

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.resourceId(this.resourceIdProvider.getResourceId());
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
            .antMatchers("/rest/user")
            .authenticated();
    } }

InMemoryWebSecurity配置:

@Configuration @EnableWebSecurity
public class InMemoryWebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
            .withUser("roy")
            .password("spring")
            .roles("USER");
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

}

有人可以帮我让它运行吗?
如果您需要更多代码,请告诉我。
提前致谢!

最佳答案

错误消息中有提示(将您的 token 服务标记为@Primary)。那应该有效。另外(我认为)您可以将 TokenStore 注入(inject)到 ResourceServerConfigurer 中,并与上下文的其余部分共享它。

关于java - 找不到 ResourceServerTokenServices 的 Bean - Spring-Security-Oauth2,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27079121/

上一篇:java - 比较器实现

下一篇:Java,理解

相关文章:

java - 使用java程序进行版本控制,使用DOS命令

java - 第二个 main() 类看不到在第一个 main() 类中初始化的变量

Java swing,在我的绘图组件中创建一个按钮

java - 如何使用 Gradle 创建 Google App Engine 项目

java - 收到http错误后如何在Spring Integration中访问自定义 header

java - 需要在服务器上部署Web应用程序

spring - 如何使用自定义注释 @Foo 找到所有 bean?

json - 无法反序列化模型实例。*来自START_ARRAY token \n,位于

java - 泽西客户端 IPv6

session - REST - 复杂的应用程序

©2024 IT工具网  联系我们