我有 spring-boot 应用程序,使用 Azure AD 作为 OAuth2 提供程序。这是我的 application.yml
文件:
server:
port: 8080
address: localhost
security:
oauth2:
client:
registration:
azure:
client-id: XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
client-secret: ?h?_XXXXXXXXXXXXXXXXXXXXXXXX
azure:
cosmosdb:
uri: https://myapp.documents.azure.com:443/
key: ${COSMOSDB_KEY}
database: Core
activedirectory:
tenant-id: ${TENANT_ID}
user-group:
allowed-group: user-group
正如您所见,我在开放状态下使用 client-id 和 client-secret (不是通过环境变量),但它仍然不起作用。
这是我的 gradle 构建文件:
plugins {
id 'org.springframework.boot' version '2.2.6.RELEASE'
id 'io.spring.dependency-management' version '1.0.9.RELEASE'
id 'java'
}
group = 'group'
version = '0.0.1-SNAPSHOT'
sourceCompatibility = '11'
configurations {
compileOnly {
extendsFrom annotationProcessor
}
}
repositories {
mavenCentral()
jcenter()
}
ext {
set('azureVersion', "2.2.0")
}
dependencies {
// Web
implementation 'org.modelmapper:modelmapper:2.3.7'
implementation 'org.springframework.boot:spring-boot-starter-web'
// Azure
implementation 'com.microsoft.azure:azure-spring-boot-starter'
implementation 'com.microsoft.azure:azure-cosmosdb-spring-boot-starter'
implementation 'com.microsoft.azure:azure-active-directory-spring-boot-starter'
// OpenAPI
implementation 'org.springdoc:springdoc-openapi-ui:1.3.7'
implementation 'org.springdoc:springdoc-openapi-webmvc-core:1.3.7'
// Security
implementation 'org.springframework.boot:spring-boot-starter-security'
implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
// Lombok
compileOnly 'org.projectlombok:lombok'
annotationProcessor 'org.projectlombok:lombok'
testCompileOnly 'org.projectlombok:lombok'
testAnnotationProcessor 'org.projectlombok:lombok'
// Tests
testImplementation('org.springframework.boot:spring-boot-starter-test') {
exclude group: 'org.junit.vintage', module: 'junit-vintage-engine'
}
testImplementation 'org.springframework.security:spring-security-test'
}
dependencyManagement {
imports {
mavenBom "com.microsoft.azure:azure-spring-boot-bom:${azureVersion}"
}
}
test {
useJUnitPlatform()
}
我的安全配置:
@Slf4j
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) {
web
.ignoring()
.antMatchers("/webjars/**", "/favicon.ico");
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.failureUrl("/login-error")
.permitAll()
.and()
.oauth2Client();
}
}
我在启动过程中收到以下错误:
Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration$EnableWebMvcConfiguration': Unsatisfied dependency expressed through method 'setConfigurers' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.OAuth2ClientConfiguration$OAuth2ClientWebMvcSecurityConfiguration': Unsatisfied dependency expressed through method 'setClientRegistrationRepository' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'clientRegistrationRepository' defined in class path resource [org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2ClientRegistrationRepositoryConfiguration.class]: Unsatisfied dependency expressed through method 'clientRegistrationRepository' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'spring.security.oauth2.client-org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties': Invocation of init method failed; nested exception is java.lang.IllegalStateException: Client id must not be empty.
Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.OAuth2ClientConfiguration$OAuth2ClientWebMvcSecurityConfiguration': Unsatisfied dependency expressed through method 'setClientRegistrationRepository' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'clientRegistrationRepository' defined in class path resource [org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2ClientRegistrationRepositoryConfiguration.class]: Unsatisfied dependency expressed through method 'clientRegistrationRepository' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'spring.security.oauth2.client-org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties': Invocation of init method failed; nested exception is java.lang.IllegalStateException: Client id must not be empty.
Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'clientRegistrationRepository' defined in class path resource [org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2ClientRegistrationRepositoryConfiguration.class]: Unsatisfied dependency expressed through method 'clientRegistrationRepository' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'spring.security.oauth2.client-org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties': Invocation of init method failed; nested exception is java.lang.IllegalStateException: Client id must not be empty.
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'spring.security.oauth2.client-org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties': Invocation of init method failed; nested exception is java.lang.IllegalStateException: Client id must not be empty.
Caused by: java.lang.IllegalStateException: Client id must not be empty.
我在这里缺少什么?
最佳答案
我忘记向 security
属性添加 spring.
前缀。它应该看起来像这样:
security:
oauth2:
client:
registration:
azure:
client-id: XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
client-secret: ?h?_XXXXXXXXXXXXXXXXXXXXXXXX
此外,我的 azure
属性也不正确:我需要使用 allowed-groups
而不是 allowed-group
。
关于azure - 为什么客户端 ID 和客户端 key 没有注入(inject)到 OAuth2ClientProperties 中?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61638235/