一个应用程序中的Spring Security OAuth2和FormLogin

您需要为基于表单的登录和“资源服务器安全性”表单REST端点配置Web安全性

这是一个工作配置，该配置使用单点登录并单独部署了Authorization Server。

@Configuration@EnableOAuth2Sso@EnableWebSecurityprotected static class ResourceConfiguration extends WebSecurityConfigurerAdapter {    @Value("${sso.url}")    private String ssoUrl;    @Autowired    private  RedisConnectionFactory redisConnectionFactory;    @Bean    protected TokenStore tokenStore() {        return new RedisTokenStore(redisConnectionFactory);    }    @Bean    @Primary    protected ResourceServerTokenServices tokenServices() {        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();        defaultTokenServices.setTokenStore(tokenStore());        defaultTokenServices.setSupportRefreshToken(true);        return defaultTokenServices;    }    @Override    @Bean    public AuthenticationManager authenticationManagerBean() throws Exception {        OAuth2AuthenticationManager authenticationManager = new OAuth2AuthenticationManager();        authenticationManager.setTokenServices(tokenServices());        return authenticationManager;    }    @Override    protected void configure(HttpSecurity http) throws Exception {   http.requestMatchers()        .and().authorizeRequests() .antMatchers("/").permitAll() .antMatchers(HttpMethod.GET, "/static/**").permitAll() .antMatchers(HttpMethod.GET, "/profile/**").permitAll() .antMatchers(HttpMethod.GET, "/services/**").permitAll() .anyRequest().authenticated()        .and().logout()     .invalidateHttpSession(true)     .logoutSuccessUrl(ssoUrl+"/logout")     .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))     .deletecookies("JSESSIONID").invalidateHttpSession(true)     .permitAll();    }}@Configuration@EnableResourceServer@Order(1)protected static class ResourceServerConfig extends ResourceServerConfigurerAdapter {    @Override    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {        resources.resourceId("resource-id");    }    @Override    public void configure(HttpSecurity http) throws Exception {        http.requestMatcher(new OAuthRequestedMatcher()) .authorizeRequests().anyRequest().fullyAuthenticated();    }}private static class OAuthRequestedMatcher implements RequestMatcher {    public boolean matches(HttpServletRequest request) {        String auth = request.getHeader("Authorization");        boolean haveOauth2Token = (auth != null) && auth.startsWith("Bearer");        boolean haveAccessToken = request.getParameter("access_token")!=null;        return haveOauth2Token || haveAccessToken;    }}