Spring Security Resource Server在添加自定义SecurityFilterChain时给出401

我正在使用Spring Boot运行一个示例资源服务器,当我在不添加自定义SecurityFilterChain bean的情况下运行它时,一切都很好。当我提供一个自定义的SecurityFilterChain时,它会给出401,有时会给出403。

这是我的Gradle文件:

plugins {
    java
    id("org.springframework.boot") version "3.2.0"
    id("io.spring.dependency-management") version "1.1.4"
}

group = "com.resource.server"
version = "0.0.1-SNAPSHOT"

java {
    sourceCompatibility = JavaVersion.VERSION_17
}

repositories {
    mavenCentral()
}

dependencies {  
    implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server")
    implementation("org.springframework.boot:spring-boot-starter-web")
    testImplementation("org.springframework.boot:spring-boot-starter-test")
}

tasks.withType<Test> {
    useJUnitPlatform()
}

以下是我的application.properties中的内容:

spring.security.oauth2.resourceserver.jwt.issuer-uri=https://mydomain.auth0.com/
spring.security.oauth2.resourceserver.jwt.issuer-audience=aud-name

这是我的SecurityFilterChain类

package com.resource.server.resourceserver;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;

import static org.springframework.security.config.Customizer.withDefaults;

@Configuration
public class SecurityConfiguration {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
                .authorizeHttpRequests((authz) -> authz
                        .anyRequest().authenticated()
                )
                .httpBasic(withDefaults());
        return http.build();
    }

}

以下是我用来测试应用程序的基本控制器:

package com.resource.server.resourceserver;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class HelloController {
    @RequestMapping("/hello")
    public String sayHi(){
        return "Hi";
    }
}

以下是我在日志中得到的内容:

2023-12-21T08:13:55.404+02:00  INFO 181669 --- [nio-8082-exec-1] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'
2023-12-21T08:13:55.405+02:00  INFO 181669 --- [nio-8082-exec-1] o.s.web.servlet.DispatcherServlet        : Completed initialization in 1 ms
2023-12-21T08:13:55.408+02:00 DEBUG 181669 --- [nio-8082-exec-1] o.s.security.web.FilterChainProxy        : Securing GET /
2023-12-21T08:13:55.409+02:00  WARN 181669 --- [nio-8082-exec-1] o.s.w.s.h.HandlerMappingIntrospector     : Cache miss for REQUEST dispatch to '/' (previous null). Performing CorsConfiguration lookup. This is logged once only at WARN level, and every time at TRACE.
2023-12-21T08:13:55.414+02:00 DEBUG 181669 --- [nio-8082-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter  : Set SecurityContextHolder to anonymous SecurityContext
2023-12-21T08:13:55.420+02:00 DEBUG 181669 --- [nio-8082-exec-1] o.s.s.w.s.HttpSessionRequestCache        : Saved request http://localhost:8082/?continue to session
2023-12-21T08:13:55.420+02:00 DEBUG 181669 --- [nio-8082-exec-1] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]
2023-12-21T08:13:55.420+02:00 DEBUG 181669 --- [nio-8082-exec-1] s.w.a.DelegatingAuthenticationEntryPoint : No match found. Using default entry point org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint@6dd20239
2023-12-21T08:13:55.422+02:00 DEBUG 181669 --- [nio-8082-exec-1] o.s.security.web.FilterChainProxy        : Securing GET /error
2023-12-21T08:13:55.422+02:00 DEBUG 181669 --- [nio-8082-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter  : Set SecurityContextHolder to anonymous SecurityContext
2023-12-21T08:13:55.422+02:00 DEBUG 181669 --- [nio-8082-exec-1] o.s.s.w.s.HttpSessionRequestCache        : Saved request http://localhost:8082/error?continue to session
2023-12-21T08:13:55.422+02:00 DEBUG 181669 --- [nio-8082-exec-1] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]
2023-12-21T08:13:55.423+02:00 DEBUG 181669 --- [nio-8082-exec-1] s.w.a.DelegatingAuthenticationEntryPoint : No match found. Using default entry point org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint@6dd20239

我尝试了一些教程,并尝试从头开始。我也试过在谷歌上搜索日志错误消息,但没有发现任何真正有意义的东西。

我做了这个更新,它帮助修复了它-代码来自这里: https://docs.spring.io/spring-security/reference/servlet/oauth2/resource-server/jwt.html . 不过,我不太明白最初版本的问题是什么。如果有人能帮我理解,那就太好了

@Configuration
@EnableWebSecurity
public class DirectlyConfiguredJwkSetUri {
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .authorizeHttpRequests(authorize -> authorize
                .anyRequest().authenticated()
            )
            .oauth2ResourceServer(oauth2 -> oauth2
                .jwt(jwt -> jwt
                    .jwkSetUri("https://idp.example.com/.well-known/jwks.json")
                )
            );
        return http.build();
    }
}```