更新时间:2023-11-22 15:55:46
Spring Security建立在过滤器链的有序列表上,对于每个请求,具有匹配路径的第一个请求将处理身份验证.您的组合应用程序中有3个过滤器链,一个由@EnableAuthorizationServer
创建(默认顺序= 0),一个由@EnableResourceServer
创建(默认顺序= 3)和一个由MyStaysureSecurityConfiguration
创建(同时也包含顺序) = 0).不允许有2个具有相同顺序的过滤器,因此您需要重新排列它们,并为它们提供适合您的用例的请求匹配器.也许您仍然不需要@EnableAuthorizationServer
(问题尚不清楚)?无论如何,这都很简单-您有2个选择(大约):
Spring Security is built on an ordered list of filter chains, and for each request the first one with a matching path handles the authentication. You have 3 filter chains in your combined app, one created by @EnableAuthorizationServer
(with default order=0), one created by @EnableResourceServer
(with default order=3), and one created by your MyStaysureSecurityConfiguration
(also with order=0). You aren't allowed to have 2 filters with the same order so you need to re-arrange them and give them request matchers that make sense for your use case. Maybe you didn't need the @EnableAuthorizationServer
anyway (it was unclear from the question)? In any case it is pretty simple - you have 2 choices (roughly):
从您的MyStaysureSecurityConfiguration
中的请求匹配器中排除oauth2资源,并允许它们由资源服务器过滤器进行处理.
exclude the oauth2 resources from the request matchers in your MyStaysureSecurityConfiguration
and allow them to be handled by the resource server filter.
将资源服务器过滤器重新排序为较低的顺序,并为其提供仅与oauth2资源匹配的请求匹配器.
re-order the resource server filter to a lower order and give it a request matcher that only matches the oauth2 resources.