这篇文章差不多两年了.
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth instanceof AnonymousAuthenticationToken) {
if (!resource.isClientOnly()) {
throw new InsufficientAuthenticationException(
"Authentication is required to obtain an access token (anonymous not allowed)");
}
}
你要么
>在OAuth2RestTemplate中使用ClientCredentialsResourceDetails,或
>在使用AuthorizationCodeResourceDetails访问外部资源之前对用户进行身份验证
事实上,在tonr2和sparklr2示例中(我个人觉得这个名字非常混乱),要访问sparklr2上的资源,用户必须首先在tonr2上进行身份验证.如oauth2/tonr所示:
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("marissa").password("wombat").roles("USER").and().withUser("sam")
.password("kangaroo").roles("USER");
}
如果您的用户是匿名用户,您可能需要检查Single Sign On.
对于只想快速尝试Oauth2集成的人,请在您的应用程序中添加基本身份验证:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated().and().httpBasic();
}
application.properties:
spring.security.user.password=password
spring.security.user.name=user
不要忘记在项目中添加spring-boot-starter-security.
例如在gradle中:编译’org.springframework.boot:spring-boot-starter-security’
或者您也可以通过以下方式禁用AnonymousAuthenticationToken:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.anonymous().disable();
}