如何解决springboot2集成oauth2踩坑的问题

如何解决springboot2集成oauth2踩坑的问题，相信很多没有经验的人对此束手无策，为此本文总结了问题出现的原因和解决方法，通过这篇文章希望你能解决这个问题。

刚开始用springboot1.5集成oauth3没问题，现在升级成springboot2.1踩了不少坑，下面列举下：

问题一

Possible CSRF detected - state parameter was required but no state could be found

客户端代码

@EnableOAuth3Sso@Configurationpublic class UiSecurityConfig extends WebSecurityConfigurerAdapter {    @Override    public void configure(HttpSecurity http) throws Exception {        http.antMatcher("/**")                .authorizeRequests()                .antMatchers("/", "/login**")                .permitAll()                .anyRequest()                .authenticated();    }}

在获取到code后一直停留在登陆页面上 在网上找了下有以下方案： 1、配置server.servlet.session.cookie.name=UPSESSIONID 但是这个试了没效果 2、设置code策略authCodeProvider.setStateMandatory(false); 这里改动了很多代码

@Configuration@EnableOAuth3Client@EnableGlobalMethodSecurity(prePostEnabled=true)//开启@PreAuthorize注解public class SecurityConfig extends WebSecurityConfigurerAdapter {    @Autowired    private OAuth3ClientContext oauth3ClientContext;    @Override    protected void configure(HttpSecurity http) throws Exception {//        // @formatter:off        http.authorizeRequests()                .anyRequest().authenticated().and()                .formLogin().loginPage("/login").permitAll().and()                .exceptionHandling().and()                .logout().logoutSuccessUrl("/login").permitAll()                .and().headers().frameOptions().sameOrigin()                .and().csrf()                .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()                .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);//这里需要配置在basic前    }    @Bean    public FilterRegistrationBean oauth3ClientFilterRegistration(OAuth3ClientContextFilter filter) {        FilterRegistrationBean registration = new FilterRegistrationBean();        registration.setFilter(filter);        registration.setOrder(-100);        return registration;    }    @Bean    @ConfigurationProperties("security.oauth3")    public ClientResources trina() {        return new ClientResources();    }    private Filter ssoFilter() {        CompositeFilter filter = new CompositeFilter();        List filters = new ArrayList();        filters.add(ssoFilter(trina(), "/login"));        filter.setFilters(filters);        return filter;    }    private Filter ssoFilter(ClientResources client, String path) {        OAuth3ClientAuthenticationProcessingFilter oAuth3ClientAuthenticationFilter = new OAuth3ClientAuthenticationProcessingFilter(                path);        OAuth3RestTemplate oAuth3RestTemplate = new OAuth3RestTemplate(client.getClient(), this.oauth3ClientContext);        oAuth3ClientAuthenticationFilter.setRestTemplate(oAuth3RestTemplate);        AuthorizationCodeAccessTokenProvider authCodeProvider = new AuthorizationCodeAccessTokenProvider();        authCodeProvider.setStateMandatory(false);        AccessTokenProviderChain provider = new AccessTokenProviderChain(                Arrays.asList(authCodeProvider));        oAuth3RestTemplate.setAccessTokenProvider(provider);        UserInfoTokenServices tokenServices = new UserInfoTokenServices(client.getResource().getUserInfoUri(),                client.getClient().getClientId());        tokenServices.setRestTemplate(oAuth3RestTemplate);        oAuth3ClientAuthenticationFilter.setTokenServices(tokenServices);        return oAuth3ClientAuthenticationFilter;    }}class ClientResources {    @NestedConfigurationProperty    private AuthorizationCodeResourceDetails client = new AuthorizationCodeResourceDetails();    @NestedConfigurationProperty    private ResourceServerProperties resource = new ResourceServerProperties();    public AuthorizationCodeResourceDetails getClient() {        return client;    }    public ResourceServerProperties getResource() {        return resource;    }}

修改后访问呢连接，登陆后成功跳转到指定页面。

看完上述内容，你们掌握如何解决springboot2集成oauth2踩坑的问题的方法了吗？如果还想学到更多技能或想了解更多相关内容，欢迎关注行业资讯频道，感谢各位的阅读！