我的工作:
我准备Spring Boot oauth2授权服务器有两个流程:
access code(用户)client credentials(服务)
问题
当我用curl得到client credentials流的access token时:
curl --request POST \
-vv \
--url 'http://localhost:9000/oauth/token' \
--header "Authorization: Basic Y2xhc3Nlcy1jYWxlbmRhci1jbGllbnQ6cGFzc3dvcmQ=" \
--header 'content-type: application/x-www-form-urlencoded' \
--data grant_type=client_credentials我被重定向到登录页面。在日志中我看到access denied。
配置
@Configuration(proxyBeanMethods = false)
@EnableWebSecurity
public class AuthorizationServerConfig {
@Bean
@Order(Ordered.HIGHEST_PRECEDENCE)
public SecurityFilterChain authServerSecurityFilterChain(HttpSecurity http) throws Exception {
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
return http.formLogin(Customizer.withDefaults()).build();
}
@Bean
SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests.anyRequest().authenticated()
)
.formLogin(withDefaults());
return http.build();
}
@Bean
public RegisteredClientRepository registeredClientRepository() {
RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
.clientId("classes-calendar-client")
.clientSecret("{noop}password") // FIXME this accepts no password encoding
.clientName("classes-calendar-client")
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
.redirectUri("http://auth-service:8080/login/oauth2/code/classes-calendar-client")
.redirectUri("http://auth-service:8080/authorized")
.scope(OidcScopes.OPENID)
.scope("all")
.build();
return new InMemoryRegisteredClientRepository(registeredClient);
}
@Bean
public JWKSource<SecurityContext> jwkSource() {
RSAKey rsaKey = generateRsa();
JWKSet jwkSet = new JWKSet(rsaKey);
return (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);
}
private static RSAKey generateRsa() {
KeyPair keyPair = generateRsaKey();
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
return new RSAKey.Builder(publicKey)
.privateKey(privateKey)
.keyID(UUID.randomUUID().toString())
.build();
}
private static KeyPair generateRsaKey() {
KeyPair keyPair;
try {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
keyPair = keyPairGenerator.generateKeyPair();
} catch (Exception ex) {
throw new IllegalStateException(ex);
}
return keyPair;
}
@Bean
public ProviderSettings providerSettings() {
return ProviderSettings.builder()
.issuer("http://oauth2-service:9000")
.build();
}
@Bean
InMemoryUserDetailsManager userDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder()
.username("admin")
.password("password")
.roles("ADMIN", "USER")
.build();
UserDetails service = User.withDefaultPasswordEncoder()
.username("service")
.password("password")
.roles("SERVICE")
.build();
return new InMemoryUserDetailsManager(user, service);
}
}日志
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer$$Lambda$617/0x0000000800fadcb8@2c2a027c, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@118dcbbd, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@7d979d34, org.springframework.security.web.context.SecurityContextPersistenceFilter@36aa52d2, org.springframework.security.oauth2.server.authorization.web.ProviderContextFilter@1a47a1e8, org.springframework.security.web.header.HeaderWriterFilter@6cbe7d4d, org.springframework.security.web.csrf.CsrfFilter@141d3d43, org.springframework.security.web.authentication.logout.LogoutFilter@73ae0257, org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationEndpointFilter@3d90eeb3, org.springframework.security.oauth2.server.authorization.oidc.web.OidcProviderConfigurationEndpointFilter@7650ded6, org.springframework.security.oauth2.server.authorization.web.NimbusJwkSetEndpointFilter@1084f78c, org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationServerMetadataEndpointFilter@3df1a1ac, org.springframework.security.oauth2.server.authorization.web.OAuth2ClientAuthenticationFilter@2b38b1f, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@58606c91, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@403c3a01, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@350ec690, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@16a35bd, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@ba17be6, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@49cb1baf, org.springframework.security.web.session.SessionManagementFilter@3679d92e, org.springframework.security.web.access.ExceptionTranslationFilter@3456558, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@261db982, org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter@18a25bbd, org.springframework.security.oauth2.server.authorization.web.OAuth2TokenIntrospectionEndpointFilter@77f905e3, org.springframework.security.oauth2.server.authorization.web.OAuth2TokenRevocationEndpointFilter@1192b58e, org.springframework.security.oauth2.server.authorization.oidc.web.OidcUserInfoEndpointFilter@f5ce0bb]] (1/2)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3e4e8fdf, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@6a1d6ef2, org.springframework.security.web.context.SecurityContextPersistenceFilter@7f973a14, org.springframework.security.web.header.HeaderWriterFilter@2c991465, org.springframework.security.web.csrf.CsrfFilter@2740e316, org.springframework.security.web.authentication.logout.LogoutFilter@1cfc2538, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@42cc183e, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@3451f01d, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@2721044, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@76130a29, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@124d02b2, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@205df5dc, org.springframework.security.web.session.SessionManagementFilter@5fef2aac, org.springframework.security.web.access.ExceptionTranslationFilter@5b5a4aed, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@53e76c11]] (2/2)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Securing POST /oauth/token
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/15)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/15)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Invoking SecurityContextPersistenceFilter (3/15)
--- [nio-9000-exec-1] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
--- [nio-9000-exec-1] w.c.HttpSessionSecurityContextRepository : Created SecurityContextImpl [Null authentication]
--- [nio-9000-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/15)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Invoking CsrfFilter (5/15)
--- [nio-9000-exec-1] o.s.security.web.csrf.CsrfFilter : Invalid CSRF token found for http://localhost:9000/oauth/token
--- [nio-9000-exec-1] o.s.s.w.access.AccessDeniedHandlerImpl : Responding with 403 status code
--- [nio-9000-exec-1] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match request to [Is Secure]
--- [nio-9000-exec-1] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
--- [nio-9000-exec-1] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
--- [nio-9000-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer$$Lambda$617/0x0000000800fadcb8@2c2a027c, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@118dcbbd, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@7d979d34, org.springframework.security.web.context.SecurityContextPersistenceFilter@36aa52d2, org.springframework.security.oauth2.server.authorization.web.ProviderContextFilter@1a47a1e8, org.springframework.security.web.header.HeaderWriterFilter@6cbe7d4d, org.springframework.security.web.csrf.CsrfFilter@141d3d43, org.springframework.security.web.authentication.logout.LogoutFilter@73ae0257, org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationEndpointFilter@3d90eeb3, org.springframework.security.oauth2.server.authorization.oidc.web.OidcProviderConfigurationEndpointFilter@7650ded6, org.springframework.security.oauth2.server.authorization.web.NimbusJwkSetEndpointFilter@1084f78c, org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationServerMetadataEndpointFilter@3df1a1ac, org.springframework.security.oauth2.server.authorization.web.OAuth2ClientAuthenticationFilter@2b38b1f, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@58606c91, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@403c3a01, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@350ec690, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@16a35bd, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@ba17be6, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@49cb1baf, org.springframework.security.web.session.SessionManagementFilter@3679d92e, org.springframework.security.web.access.ExceptionTranslationFilter@3456558, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@261db982, org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter@18a25bbd, org.springframework.security.oauth2.server.authorization.web.OAuth2TokenIntrospectionEndpointFilter@77f905e3, org.springframework.security.oauth2.server.authorization.web.OAuth2TokenRevocationEndpointFilter@1192b58e, org.springframework.security.oauth2.server.authorization.oidc.web.OidcUserInfoEndpointFilter@f5ce0bb]] (1/2)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3e4e8fdf, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@6a1d6ef2, org.springframework.security.web.context.SecurityContextPersistenceFilter@7f973a14, org.springframework.security.web.header.HeaderWriterFilter@2c991465, org.springframework.security.web.csrf.CsrfFilter@2740e316, org.springframework.security.web.authentication.logout.LogoutFilter@1cfc2538, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@42cc183e, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@3451f01d, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@2721044, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@76130a29, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@124d02b2, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@205df5dc, org.springframework.security.web.session.SessionManagementFilter@5fef2aac, org.springframework.security.web.access.ExceptionTranslationFilter@5b5a4aed, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@53e76c11]] (2/2)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Securing POST /error
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/15)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/15)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Invoking SecurityContextPersistenceFilter (3/15)
--- [nio-9000-exec-1] w.c.HttpSessionSecurityContextRepository : Did not find SecurityContext in HttpSession 50C9343D22CA6AC093145811E89DF30A using the SPRING_SECURITY_CONTEXT session attribute
--- [nio-9000-exec-1] w.c.HttpSessionSecurityContextRepository : Created SecurityContextImpl [Null authentication]
--- [nio-9000-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/15)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Invoking CsrfFilter (5/15)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (6/15)
--- [nio-9000-exec-1] o.s.s.w.a.logout.LogoutFilter : Did not match request to Ant [pattern='/logout', POST]
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Invoking UsernamePasswordAuthenticationFilter (7/15)
--- [nio-9000-exec-1] w.a.UsernamePasswordAuthenticationFilter : Did not match request to Ant [pattern='/login', POST]
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Invoking DefaultLoginPageGeneratingFilter (8/15)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Invoking DefaultLogoutPageGeneratingFilter (9/15)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (10/15)
--- [nio-9000-exec-1] o.s.s.w.s.HttpSessionRequestCache : No saved request
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (11/15)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (12/15)
--- [nio-9000-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=50C9343D22CA6AC093145811E89DF30A], Granted Authorities=[ROLE_ANONYMOUS]]
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Invoking SessionManagementFilter (13/15)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (14/15)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy : Invoking FilterSecurityInterceptor (15/15)
--- [nio-9000-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Did not re-authenticate AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=50C9343D22CA6AC093145811E89DF30A], Granted Authorities=[ROLE_ANONYMOUS]] before authorizing
--- [nio-9000-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Authorizing filter invocation [POST /error] with attributes [authenticated]
--- [nio-9000-exec-1] o.s.s.w.a.expression.WebExpressionVoter : Voted to deny authorization
--- [nio-9000-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Failed to authorize filter invocation [POST /error] with attributes [authenticated] using AffirmativeBased [DecisionVoters=[org.springframework.security.web.access.expression.WebExpressionVoter@5d342959], AllowIfAllAbstainDecisions=false]
--- [nio-9000-exec-1] o.s.s.w.a.ExceptionTranslationFilter : Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=50C9343D22CA6AC093145811E89DF30A], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:73) ~[spring-security-core-5.7.2.jar:5.7.2]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.attemptAuthorization(AbstractSecurityInterceptor.java:239) ~[spring-security-core-5.7.2.jar:5.7.2]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:208) ~[spring-security-core-5.7.2.jar:5.7.2]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:113) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:149) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:102) ~[spring-web-5.3.21.jar:5.3.21]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:237) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:223) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:223) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:102) ~[spring-web-5.3.21.jar:5.3.21]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:102) ~[spring-web-5.3.21.jar:5.3.21]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:112) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:82) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:102) ~[spring-web-5.3.21.jar:5.3.21]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:102) ~[spring-web-5.3.21.jar:5.3.21]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183) ~[spring-security-web-5.7.2.jar:5.7.2]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354) ~[spring-web-5.3.21.jar:5.3.21]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267) ~[spring-web-5.3.21.jar:5.3.21]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.3.21.jar:5.3.21]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.21.jar:5.3.21]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:102) ~[spring-web-5.3.21.jar:5.3.21]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:102) ~[spring-web-5.3.21.jar:5.3.21]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:711) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:461) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:385) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:313) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:403) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:249) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
...]
--- [nio-9000-exec-1] o.s.s.w.s.HttpSessionRequestCache : Did not save request since it did not match [And [Ant [pattern='/**', GET], Not [Ant [pattern='/**/favicon.*']], Not [MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.HeaderContentNegotiationStrategy@1e512e7c, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]], Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], Not [MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.HeaderContentNegotiationStrategy@29debe11, matchingMediaTypes=[multipart/form-data], useEquals=false, ignoredMediaTypes=[*/*]]], Not [MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.HeaderContentNegotiationStrategy@4cc94ca2, matchingMediaTypes=[text/event-stream], useEquals=false, ignoredMediaTypes=[*/*]]]]]
--- [nio-9000-exec-1] o.s.s.web.DefaultRedirectStrategy : Redirecting to http://localhost:9000/login
--- [nio-9000-exec-1] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
--- [nio-9000-exec-1] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext问题
我需要做什么才能让它工作?
1条答案
按热度按时间e4eetjau1#
看看对
localhost:9000/.well-known/openid-configuration的响应,应该会看到token_endpoint的URL是http://localhost:9000/oauth2/token。**注意:**由于您已经在
ProviderSettings中指定了.issuer("http://oauth2-service:9000"),它可能会反映http://oauth2-service:9000/oauth2/token。如果您省略此设置,它将自动从请求中检测基本URL。请确保您的请求使用
/oauth2/token代替。此外,请确保您在请求中包含client_id=classes-calendar-client,因为我相信这是client_credentials令牌请求的必需参数。