oauth2-shiro中将authz与resources模块合并到一个项目中如何配置

oauth2-shiro的设计是分模块, 将authz与resources分成不同的子项目来实现. 但现实中有时需要将其合成一个项目, 对于此类场景中,该如何配置security, 具体如下:

1. 在security配置中使用OAuth2CredentialsMatcher类替换authz模块中的HashedCredentialsMatcher与resources模块中的SimpleCredentialsMatcher配置; 具体的配置可参考OAuth2CredentialsMatcher.java类的中注释.

2.在配置ShiroFilterFactoryBean中的filterChainDefinitions的value中添加

/oauth/** = anon

(另外注意合并时的url pattern不要有重复)

配置示例图
OAuth2CredentialsMatcher

注意截图中的OAuth2JdbcRealm只用于resources模块, 在合并后不能使用, 使用其父类MkkJdbcRealm.
http://git.oschina.net/mkk/oauth2-shiro

一条评论

  1. 请问我按照这个方法整合两个项目在oauth_login时报org.apache.shiro.authc.pam.UnsupportedTokenException: Realm [com.monkeyk.os.oauth.shiro.OAuth2JdbcRealm@1bb517c] does not support authentication token [org.apache.shiro.authc.UsernamePasswordToken – test, rememberMe=false]. Please ensure that the appropriate Realm implementation is configured correctly or that the realm accepts AuthenticationTokens of this type.
    org.apache.shiro.authc.pam.UnsupportedTokenException: Realm [com.monkeyk.os.oauth.shiro.OAuth2JdbcRealm@1bb517c] does not support authentication token [org.apache.shiro.authc.UsernamePasswordToken – test, rememberMe=false]. Please ensure that the appropriate Realm implementation is configured correctly or that the realm accepts AuthenticationTokens of this type.
    at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:178)
    at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
    at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
    at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
    at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
    at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
    at com.monkeyk.os.oauth.authorize.AbstractAuthorizeHandler.submitLogin(AbstractAuthorizeHandler.java:150)
    at com.monkeyk.os.oauth.authorize.AbstractAuthorizeHandler.handle(AbstractAuthorizeHandler.java:196)
    at com.monkeyk.os.web.controller.OauthAuthorizeController.authorize(OauthAuthorizeController.java:58)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:601)

    但是我用MkkJdbcRealm就没问题……我是不是哪里配的不对呢

  2. org.apache.shiro.authc.pam.UnsupportedTokenException: Realm [com.monkeyk.os.oauth.shiro.OAuth2JdbcRealm@1bb517c] does not support authentication token [org.apache.shiro.authc.UsernamePasswordToken – test, rememberMe=false]. Please ensure that the appropriate Realm implementation is configured correctly or that the realm accepts AuthenticationTokens of this type.

Leave a Comment.