Welcome to ShenZhenJia Knowledge Sharing Community for programmer and developer-Open, Learning and Share
menu search
person
Welcome To Ask or Share your Answers For Others

Categories

I'm trying to create a corporate starter, based on our company's standards and best practices. Among other things, the starter should include OAuth2 configuration, that is currently causing problems.

Let's take a look at the code.

So, in starter I create a configuration that looks like this:

@Configuration
// @AutoConfigureBefore(OAuth2ResourceServerConfiguration::class)
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Profile("!test")
class ResourceServerConfig(
    @Value("${security.oauth2.resource.id}")
    val resourceId: String,
    val tokenServices: ResourceServerTokenServices
) : ResourceServerConfigurerAdapter() {

    override fun configure(resources: ResourceServerSecurityConfigurer) {
        ...
    }

    override fun configure(http: HttpSecurity) {
        ...
    }
}

So, that's the exact code that is working in multiple projects. Now, in META-INF/spring.factories I add this config to list of autoconfigurations:

org.springframework.boot.autoconfigure.EnableAutoConfiguration=
com.wavesplatform.we.starter.ResourceServerConfig,
... other configurations that works!

In starter's dependencies I declare the following spring libraries among others:

implementation("org.springframework.boot:spring-boot-starter-security")
implementation("org.springframework.cloud:spring-cloud-security")
implementation("org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure:$oauth2SecurityVersion")

Now I declare dependency to the starter - and looks like it should work, but it doesn't.

I'm getting some Autowiring errors, but the root cause of them is obvious in --debug mode:

   OAuth2ResourceServerConfiguration:
      Did not match:
         - @ConditionalOnBean (types: org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration; SearchStrategy: all) did not find any beans of type org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration (OnBeanCondition)
      Matched:
         - @ConditionalOnClass found required classes 'org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer', 'org.springframework.boot.autoconfigure.security.SecurityProperties' (OnClassCondition)
         - @ConditionalOnWebApplication (required) found 'session' scope (OnWebApplicationCondition)
         - OAuth ResourceServer Condition found client-id property (OAuth2ResourceServerConfiguration.ResourceServerCondition)

In short - there is no ResourceServerConfiguration bean in context. Which is extremely strange, because my ResourceServerConfig is annotated with @EnableResourceServer, which in turn is just a meta-annotation for @Import(ResourceServerConfiguration.class)

Also, in --debug, I'm seeing my auto configuration class getting picked up

Unconditional classes:
----------------------

    [corporate-package].starter.ResourceServerConfig

What kind of strange (or not) is that it's listed first in Unconditional classes.

Ok, I've tried to add @EnableResourceServer on application main class - and things got even more weird.

Now my class is loading, and configuration methods are called, but I'm getting the following error:

Can't configure antMatchers after anyRequest

In my ResourceServerConfig configure(http: HttpSecurity) method. Weird' I don't have anyRequest() call here. I've debugged, and found that it's configured by OAuth2ResourceServerConfiguration.ResourceSecurityConfigurer class.

    @Bean
    @ConditionalOnMissingBean(ResourceServerConfigurer.class)
    public ResourceServerConfigurer resourceServer() {
        return new ResourceSecurityConfigurer(this.resource);
    }

What's weird, is that it's created only when no other bean of type ResourceServerConfigurer is created, but my bean is implementing this interface (indirectly, via ResourceServerConfigurerAdapter) and is getting added to the context and gettings invoked.

I've tried adding @AutoConfigureBefore(OAuth2ResourceServerConfiguration::class) on my class, but with no success.

I'm stuck and looks like I fundamentally misunderstand some obvious thing.

Any help on getting OAuth2 configuration to work from custom starter is greatly appreciated! Thanks in advance and merry Xmas!


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
185 views
Welcome To Ask or Share your Answers For Others

1 Answer

等待大神答复

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
Welcome to ShenZhenJia Knowledge Sharing Community for programmer and developer-Open, Learning and Share
...