环境:Sping Boot 2.3.1、Java 11
我已经尝试了一些东西(也与spring的sample-app进行了比较),但到目前为止,我还没有成功地创建一个需要ReactiveClientRegistrationRepository的WebClient。
我在启动spring-boot应用程序时遇到以下异常:
required a bean of type 'org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository'我理解spring-boot-autoconigure的方式应该使用ReactiveOAuth2ClientAutoConfiguration,因为在yml-file中给出了所需的属性。
下面是一些代码片段,如果缺少一些东西,我可以提供更多的信息来获取整个上下文
主类
@Slf4j
@SpringBootApplication
@EnableConfigurationProperties(MyAppConfigurationProperties.class)
public class MyApp{
public static void main(final String[] args) {
SpringApplication.run(MyApp.class, args);
}
}配置:
@Configuration
//@Import(ReactiveOAuth2ClientAutoConfiguration.class) // in the test it works with this, but should not be required: spring-boot-autoconfigure
public class MyRestClientConfig {
@Bean
WebClient myWebClient(WebClient.Builder builder, ReactiveClientRegistrationRepository clientRegistrations) {
//content not relevant to this problem
}
}安全配置
@EnableGlobalMethodSecurity(securedEnabled = true)
@EnableWebSecurity
@EnableWebFluxSecurity
public class SecurityConfig {
}application.yml
spring:
security:
oauth2:
client:
registration:
providerid:
authorization-grant-type: "client_credentials"
client-id: "myClientId"
client-secret: "mySecret"
user-info-authentication-method: header
provider:
providerid:
token-uri: "working token-uri"我尝试了不同的依赖项,所以有些可能不是必需的。实际上需要哪些依赖项?
pom.xml
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-autoconfigure</artifactId>
</dependency>
<!-- <dependency>-->
<!-- <groupId>org.springframework.security.oauth.boot</groupId>-->
<!-- <artifactId>spring-security-oauth2-autoconfigure</artifactId>-->
<!-- </dependency>-->
<!-- <dependency>-->
<!-- <groupId>org.springframework.security.oauth</groupId>-->
<!-- <artifactId>spring-security-oauth2</artifactId>-->
<!-- </dependency>-->
<!-- <dependency>-->
<!-- <groupId>org.springframework.boot</groupId>-->
<!-- <artifactId>spring-boot-starter-oauth2-client</artifactId>-->
<!-- </dependency>-->
<!-- <dependency>-->
<!-- <groupId>org.springframework.security</groupId>-->
<!-- <artifactId>spring-security-oauth2-core</artifactId>-->
<!-- </dependency>-->
<!-- <dependency>-->
<!-- <groupId>org.springframework.security</groupId>-->
<!-- <artifactId>spring-security-oauth2-jose</artifactId>-->
<!-- </dependency>-->
<!-- <dependency>-->
<!-- <groupId>org.springframework.boot</groupId>-->
<!-- <artifactId>spring-boot-starter-webflux</artifactId>-->
<!-- </dependency>-->在集成测试中,启动Spring-Boot-Application
@EnableConfigurationProperties
@Import(ReactiveOAuth2ClientAutoConfiguration.class) // in the test it works with this, but should not be required: spring-boot-autoconfigure, can be omitted if added in MyRestClientConfig
@ComponentScan(basePackages = "com.mycompany")
public class ManualClientTester {
}**编辑1:**自动配置的正匹配调试
在测试它的工作位置:
============================
CONDITIONS EVALUATION REPORT
============================
Positive matches:
-----------------
ReactiveOAuth2ClientAutoConfiguration matched:
- @ConditionalOnClass found required classes 'reactor.core.publisher.Flux', 'org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity', 'org.springframework.security.oauth2.client.registration.ClientRegistration' (OnClassCondition)
- NoneNestedConditions 0 matched 1 did not; NestedCondition on ReactiveOAuth2ClientAutoConfiguration.NonServletApplicationCondition.ServletApplicationCondition not a servlet web application (ReactiveOAuth2ClientAutoConfiguration.NonServletApplicationCondition)
ReactiveOAuth2ClientConfigurations.ReactiveClientRegistrationRepositoryConfiguration matched:
- OAuth2 Clients Configured Condition found registered clients myClientId (ClientsConfiguredCondition)
- @ConditionalOnMissingBean (types: org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository; SearchStrategy: all) did not find any beans (OnBeanCondition)
ReactiveOAuth2ClientConfigurations.ReactiveOAuth2ClientConfiguration matched:
- @ConditionalOnBean (types: org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository; SearchStrategy: all) found bean 'clientRegistrationRepository' (OnBeanCondition)
ReactiveOAuth2ClientConfigurations.ReactiveOAuth2ClientConfiguration#authorizedClientRepository matched:
- @ConditionalOnMissingBean (types: org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository; SearchStrategy: all) did not find any beans (OnBeanCondition)
ReactiveOAuth2ClientConfigurations.ReactiveOAuth2ClientConfiguration#authorizedClientService matched:
- @ConditionalOnMissingBean (types: org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService; SearchStrategy: all) did not find any beans (OnBeanCondition)启动Sping Boot 应用程序时:
============================
CONDITIONS EVALUATION REPORT
============================
Negative matches:
-----------------
ReactiveOAuth2ClientAutoConfiguration:
Did not match:
- NoneNestedConditions 1 matched 0 did not; NestedCondition on ReactiveOAuth2ClientAutoConfiguration.NonServletApplicationCondition.ServletApplicationCondition found 'session' scope (ReactiveOAuth2ClientAutoConfiguration.NonServletApplicationCondition)
Matched:
- @ConditionalOnClass found required classes 'reactor.core.publisher.Flux', 'org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity', 'org.springframework.security.oauth2.client.registration.ClientRegistration' (OnClassCondition)**编辑2:**按照建议更改后,我现在有以下内容:
@EnableReactiveMethodSecurity
@EnableWebFluxSecurity
public class SecurityConfig {
}pom.xml
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
</dependency>此外,所有使用的spring-projects版本:
<spring-amqp.version>2.2.7.RELEASE</spring-amqp.version>
<spring-batch.version>4.2.4.RELEASE</spring-batch.version>
<spring-boot.version>2.3.1.RELEASE</spring-boot.version>
<spring-data-releasetrain.version>Neumann-SR1</spring-data-releasetrain.version>
<spring-framework.version>5.2.7.RELEASE</spring-framework.version>
<spring-hateoas.version>1.1.0.RELEASE</spring-hateoas.version>
<spring-integration.version>5.3.1.RELEASE</spring-integration.version>
<spring-kafka.version>2.5.2.RELEASE</spring-kafka.version>
<spring-ldap.version>2.3.3.RELEASE</spring-ldap.version>
<spring-restdocs.version>2.0.4.RELEASE</spring-restdocs.version>
<spring-retry.version>1.2.5.RELEASE</spring-retry.version>
<spring-security.version>5.3.3.RELEASE</spring-security.version>
<spring-session-bom.version>Dragonfruit-RELEASE</spring-session-bom.version>
<spring-ws.version>3.0.9.RELEASE</spring-ws.version>
<spring.boot.version>2.3.1.RELEASE</spring.boot.version>
<spring.cloud.version>Hoxton.SR5</spring.cloud.version>问题依然存在。
8条答案
按热度按时间d6kp6zgx1#
我遇到了同样的问题,注意到应用程序创建了一个
ClientRegistrationRepository,而不是ReactiveClientRegistrationRepository。在Sping Boot 中的某个地方添加了@EnableWebSecurity(在本例中我们需要@EnableWebFluxSecurity)。为了解决这个问题,我添加了以下属性:
spring.main.web-application-type: reactive如果您还使用
@SpringBootTest来测试您的应用程序,您还需要在其中添加该属性。或通过将Web环境设置为
NONE之所以会出现这种情况,在这个答案中也有解释:Error when using @EnableWebFluxSecurity in springboot
juud5qan2#
我仍然对我的解决方案不满意,但我最终做了以下操作:
我将spring-properties用于OAuth,然后基于这些属性创建
ReactiveClientRegistrationRepository。dpiehjr43#
工作方式:
属性:
编辑:
在 return 语句之前添加以下内容:
并将 return 语句中的 filter 替换为:
slsn1g294#
我通过写这段代码解决了这个问题
j13ufse25#
更新:
看起来“user-info-authentication-method”(
userInfoAuthenticationMethod)是Provider的一部分,而不是Registration。请把双引号也去掉。还有一个建议-为了避免可能的冲突/不兼容的依赖,请像这样使用
dependency management,并尝试使用所有的spring Boot 启动器。例如,spring security库是spring-boot-starter-oauth2-client和spring-boot-starter-oauth2-resource-server的一部分:只有这两个依赖项可以完成这项工作:(从Gradle文件中选取,请将其更改为POM等效文件)
对于测试,您可能需要以下内容:
你不应该把这两个东西混在一起:
如果您的应用程序是被动式的,那么只需使用
@EnableWebFluxSecurity即可。对于
@EnableGlobalMethodSecurity(securedEnabled = true),这被描述为here,并且建议删除它并使用这个:h79rfbju6#
如果没有stacktrace,很难提供相关答案。
似乎Sping Boot 不能从你的属性文件创建
ReactiveClientRegistrationRepository。尝试在客户端上添加提供程序属性。
2izufjch7#
需要显式定义ReactiveClientRepositoryRegistration Bean。您可以参考spring文档https://docs.spring.io/spring-security/reference/reactive/oauth2/login/core.html#webflux-oauth2-login-register-reactiveclientregistrationrepository-bean
ffvjumwh8#
在我的例子中,我想在Sping Boot Servlet堆栈中使用WebClient,而WebClient应该使用Client Credentials来访问外部服务中的受保护资源。https://docs.spring.io/spring-security/site/docs/5.1.1.RELEASE/reference/html/servlet-webclient.html帮助我配置Web客户端,使其在servlet堆栈中正确工作:)