我有一个带有OAuth2授权和资源服务器的
spring boot设置.用户可以通过向/ oauth / token发出POST请求来获取令牌.到现在为止还挺好.
但是,我不想通过BASIC auth保护/ oauth / token,而是通过自定义安全过滤器.
我尝试了以下内容,但从未调用过DemoAuthenticationFilter:
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
// ...
@Override
public void configure(HttpSecurity http) throws Exception {
// ...
http.addFilterBefore(new DemoAuthenticationFilter(), BasicAuthenticationFilter.class);
http.authorizeRequests().antMatchers("/oauth/token").authenticated();
}
}
此外,如果我尝试将其添加到WebSecurityConfigurerAdapter,则只有在通过OAuth2对请求进行身份验证后才会调用过滤器:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
// ...
@Override
protected void configure(HttpSecurity http) throws Exception {
// ...
http.addFilterBefore(new DemoAuthenticationFilter(), BasicAuthenticationFilter.class);
http.authorizeRequests().antMatchers("/oauth/token").authenticated();
}
}
一些简单的例子如何实现这一点将非常有帮助.谢谢!
| 
转播
