英文:
required a single bean, but 2 were found in Resource Server with OAuth2
问题
我已经实现了一个资源服务器来验证令牌并允许访问受保护的资源。当我实现ResourceServerConfig类并运行它时,出现了以下错误:
Method springSecurityFilterChain in org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration required a single bean, but 2 were found:
- tokenServices: defined by method 'tokenServices' in class path resource [com/benz/resource/api/config/ResourceServerConfig.class]
- remoteTokenServices: defined by method 'remoteTokenServices' in class path resource [org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfiguration$RemoteTokenServicesConfiguration$TokenInfoServicesConfiguration.class]
ResoourceServerConfig 类
@Configuration
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Value("${security.key.public-key}")
private Resource publicKey;
private TokenStore tokenStore;
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.tokenStore(tokenStore());
}
@Bean
public DefaultTokenServices tokenServices(TokenStore tokenStore) {
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setTokenStore(tokenStore);
return tokenServices;
}
@Bean
public TokenStore tokenStore() throws Exception {
if (tokenStore == null)
tokenStore = new JwtTokenStore(tokenConverter());
return tokenStore;
}
private JwtAccessTokenConverter tokenConverter() throws Exception {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setVerifierKey(getPublicKeyAsString());
return converter;
}
private String getPublicKeyAsString() throws Exception {
return IOUtils.toString(publicKey.getInputStream(), UTF_8);
}
}
但在这种情况下,我无法使用@Primary或@Qualifier注释为特定的bean实例提供优先级。我需要在配置类运行时同时执行两个bean实例,如何在不使用@Primary或@Qualifier注释的情况下实现?
英文:
I have implemented a resource server to verify the token and allow access to the protected resource.When I implement the ResourceServerConfig class and run it then the following error has occurred
Method springSecurityFilterChain in org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration required a single bean, but 2 were found:
- tokenServices: defined by method 'tokenServices' in class path resource [com/benz/resource/api/config/ResourceServerConfig.class]
- remoteTokenServices: defined by method 'remoteTokenServices' in class path resource [org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerTokenServicesConfiguration$RemoteTokenServicesConfiguration$TokenInfoServicesConfiguration.class]
ResoourceServerConfig class
@Configuration
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Value("${security.key.public-key}")
private Resource publicKey;
private TokenStore tokenStore;
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.tokenStore(tokenStore());
}
@Bean
public DefaultTokenServices tokenServices(TokenStore tokenStore)
{
DefaultTokenServices tokenServices=new DefaultTokenServices();
tokenServices.setTokenStore(tokenStore);
return tokenServices;
}
@Bean
public TokenStore tokenStore() throws Exception
{
if(tokenStore==null)
tokenStore=new JwtTokenStore(tokenConverter());
return tokenStore;
}
private JwtAccessTokenConverter tokenConverter() throws Exception
{
JwtAccessTokenConverter converter=new JwtAccessTokenConverter();
converter.setVerifierKey(getPublicKeyAsString());
return converter;
}
private String getPublicKeyAsString() throws Exception
{
return IOUtils.toString(publicKey.getInputStream(),UTF_8);
}
}
But in this case, I can not use @Primary or @Qualifier annotation to provide priority for a particular bean instance. I need to execute both the bean instances when the config class is running and how can i do it without using @Primary or @Qualifier annotation?
答案1
得分: 1
从错误堆栈中看,似乎您正在自动注入RemoteTokenServices。它用于查询/check_token端点,以获取访问令牌的内容(作用域、权限等)。这个类的自动自动装配可能是由于使用了security.oauth2.*属性。您可以通过使用prefer-token-info: false来禁用它。
public class RemoteTokenServices implements ResourceServerTokenServices {}
public class DefaultTokenServices implements AuthorizationServerTokenServices, ResourceServerTokenServices,
ConsumerTokenServices, InitializingBean {}
这两个类都实现了ResourceServerTokenServices,因此在没有问题的情况下,可以使用DefaultTokenServices来替代RemoteTokenServices。关于ResourceServer如何处理security.oauth2.*属性,可以在这里查看:https://docs.spring.io/spring-security-oauth2-boot/docs/2.0.0.RC2/reference/htmlsingle/#boot-features-security-oauth2-resource-server
英文:
From the error stack, it seems that you are having RemoteTokenServices injected automatically. It is used to query the /check_token endpoint to obtain the contents of an access token(scopes, authority... etc). The automatic auto-wiring of this class may be due to the use of security.oauth2.* properties. It can be disabled by using prefer-token-info: false.
public class RemoteTokenServices implements ResourceServerTokenServices {}
public class DefaultTokenServices implements AuthorizationServerTokenServices, ResourceServerTokenServices,
ConsumerTokenServices, InitializingBean {}
Both classes implement ResourceServerTokenServices, so DefaultTokenServices could be used instead of RemoteTokenServices without an issue. check here for how ResourceServer handles security.oauth2.* properties: https://docs.spring.io/spring-security-oauth2-boot/docs/2.0.0.RC2/reference/htmlsingle/#boot-features-security-oauth2-resource-server
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论