为了将Spring Security与Java
Config结合使用,您必须在内部具有这样的SecurityConfig文件(摘自http://projects.spring.io/spring-
security-oauth/docs/oauth2.html)
@Overrideprotected void configure(HttpSecurity http) throws Exception { http .authorizeRequests().antMatchers("/login").permitAll().and() // default protection for all resources (including /oauth/authorize) .authorizeRequests() .anyRequest().hasRole("USER") // ... more configuration, e.g. for form login}您还可以在该位置使用
http.addFilterAfter(oAuthConsumerContextFilter(),AnonymousAuthenticationFilter.class);
您的代码的问题在于,在创建Authetication之前正在执行过滤器。
所以我猜两个过滤器都应该至少在AnonymousAuthenticationFilter.class之后
您可以在此处找到过滤器列表:http :
//docs.spring.io/spring-security/site/docs/3.1.x/reference/springsecurity-
single.html#filter-stack
这为我工作:
http.addFilterAfter(oAuthConsumerContextFilter(), SwitchUserFilter.class).addFilterAfter(oAuthConsumerProcessingFilter(), OAuthConsumerContextFilter.class)
