Shulou(Shulou.com)06/02 Report--

How to solve the problem of springboot2 integration oauth2 trampling, I believe that many inexperienced people do not know what to do, so this paper summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

At the beginning, it was no problem to integrate oauth3 with springboot1.5, but now there are a lot of pitfalls in upgrading to springboot2.1. Here's a list:

Question one: Possible CSRF detected-state parameter was required but no state could be found

Client code

@ EnableOAuth3Sso@Configurationpublic class UiSecurityConfig extends WebSecurityConfigurerAdapter {@ Override public void configure (HttpSecurity http) throws Exception {http.antMatcher ("/ *") .a uthorizeRequests () .antMatrices ("/", "/ login**") .permitAll () .anyRequest () .authenticated ();}}

After getting the code, I stayed on the landing page and looked for the following solution on the Internet: 1. Configure server.servlet.session.cookie.name=UPSESSIONID but this did not work. 2. Set the code policy authCodeProvider.setStateMandatory (false); a lot of code has been changed here.

@ Configuration@EnableOAuth3Client@EnableGlobalMethodSecurity (prePostEnabled=true) / / turn on @ PreAuthorize annotation public class SecurityConfig extends WebSecurityConfigurerAdapter {@ Autowired private OAuth3ClientContext oauth3ClientContext @ Override protected void configure (HttpSecurity http) throws Exception {/ @ formatter:off http.authorizeRequests () .anyRequest () .authenticated () .and () .formLogin () .loginPage ("/ login") .permitAll () .and () .accountionHandling () .and () .logout () .logout ("/ login") .permitAll () .and () .headers () .frameOptions () .sameOrigin () .and () .csrf () .csrfTokenRepository (CookieCsrfTokenRepository.withHttpOnlyFalse ()) .and () .addFilterBefore (ssoFilter ()) BasicAuthenticationFilter.class) / / it needs to be configured before basic} @ Bean public FilterRegistrationBean oauth3ClientFilterRegistration (OAuth3ClientContextFilter filter) {FilterRegistrationBean registration = new FilterRegistrationBean (); registration.setFilter (filter); registration.setOrder (- 100); return registration;} @ Bean @ ConfigurationProperties ("security.oauth3") public ClientResources trina () {return new ClientResources ();} private Filter ssoFilter () {CompositeFilter filter = new CompositeFilter () List filters = new ArrayList (); filters.add (ssoFilter (trina (), "/ login")); filter.setFilters (filters); return filter;} private Filter ssoFilter (ClientResources client, String path) {OAuth3ClientAuthenticationProcessingFilter oAuth3ClientAuthenticationFilter = new OAuth3ClientAuthenticationProcessingFilter (path); OAuth3RestTemplate oAuth3RestTemplate = new OAuth3RestTemplate (client.getClient (), this.oauth3ClientContext); oAuth3ClientAuthenticationFilter.setRestTemplate (oAuth3RestTemplate) AuthorizationCodeAccessTokenProvider authCodeProvider = new AuthorizationCodeAccessTokenProvider (); authCodeProvider.setStateMandatory (false); AccessTokenProviderChain provider = new AccessTokenProviderChain (Arrays.asList (authCodeProvider)); oAuth3RestTemplate.setAccessTokenProvider (provider); UserInfoTokenServices tokenServices = new UserInfoTokenServices (client.getResource (). GetUserInfoUri (), client.getClient (). GetClientId ()); tokenServices.setRestTemplate (oAuth3RestTemplate); oAuth3ClientAuthenticationFilter.setTokenServices (tokenServices); return oAuth3ClientAuthenticationFilter } class ClientResources {@ NestedConfigurationProperty private AuthorizationCodeResourceDetails client = new AuthorizationCodeResourceDetails (); @ NestedConfigurationProperty private ResourceServerProperties resource = new ResourceServerProperties (); public AuthorizationCodeResourceDetails getClient () {return client;} public ResourceServerProperties getResource () {return resource;}}

After modification, visit the connection, and successfully jump to the specified page after login.

After reading the above, do you know how to solve the problem of trampling on springboot2 integrated oauth2? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.