401尝试在spring security oauth 2中获取访问令牌之前出现未授权错误

omvjsjqw  于 2022-10-30  发布在  Spring
关注(0)|答案(1)|浏览(526)

在尝试获取Spring Security oauth2中的访问令牌之前,我收到401未授权错误。
我有服务器(授权和资源服务器)和客户端应用程序。这些应用程序是用sparklr 2和tonr 2应用程序创建的。
我在两个应用程序中都绕过了登录表单。这意味着它在开始时不询问用户名和密码,或者两个应用程序都不询问用户名和密码,我使用了自定义类,并将两个应用程序的用户角色设置为“ROLE_USER”。
这是我的错误堆栈跟踪:

  1. SEVERE: Servlet.service() for servlet [mvc-dispatcher] in context with path [/Client] threw exception [Request processing failed; nested exception is error="access_denied", error_description="Error requesting access token."] with root cause org.springframework.web.client.HttpClientErrorException: 401 Unauthorized
  2. at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:88)
  3. at org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport$AccessTokenErrorHandler.handleError(OAuth2AccessTokenSupport.java:243)
  4. at org.springframework.web.client.RestTemplate.handleResponseError(RestTemplate.java:556)
  5. at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:514)
  6. at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:479)
  7. at org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport.retrieveToken(OAuth2AccessTokenSupport.java:136)
  8. at org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider.obtainAccessToken(AuthorizationCodeAccessTokenProvider.java:198)
  9. at org.springframework.security.oauth2.client.token.AccessTokenProviderChain.obtainNewAccessTokenInternal(AccessTokenProviderChain.java:142)
  10. at org.springframework.security.oauth2.client.token.AccessTokenProviderChain.obtainAccessToken(AccessTokenProviderChain.java:118)
  11. at org.springframework.security.oauth2.client.OAuth2RestTemplate.acquireAccessToken(OAuth2RestTemplate.java:221)
  12. at org.springframework.security.oauth2.client.OAuth2RestTemplate.getAccessToken(OAuth2RestTemplate.java:173)
  13. at org.springframework.security.oauth2.client.OAuth2RestTemplate.createRequest(OAuth2RestTemplate.java:105)
  14. at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:505)
  15. at org.springframework.security.oauth2.client.OAuth2RestTemplate.doExecute(OAuth2RestTemplate.java:128)
  16. at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:472)
  17. at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:237)
  18. at com.sebit.security.client.oauth2.controller.HelloController.welcomePage(HelloController.java:36)
  19. at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  20. at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  21. at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  22. at java.lang.reflect.Method.invoke(Unknown Source)
  23. at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:215)
  24. at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132)
  25. at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
  26. at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745)
  27. at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
  28. at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80)
  29. at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:925)
  30. at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:856)
  31. at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:953)
  32. at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:844)
  33. at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
  34. at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:829)
  35. at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
  36. at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
  37. at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
  38. at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
  39. at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
  40. at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
  41. at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
  42. at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
  43. at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
  44. at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
  45. at org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter.doFilter(OAuth2ClientContextFilter.java:57)
  46. at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
  47. at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
  48. at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
  49. at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
  50. at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
  51. at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
  52. at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
  53. at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
  54. at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
  55. at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
  56. at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
  57. at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
  58. at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
  59. at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doFilter(AbstractPreAuthenticatedProcessingFilter.java:94)
  60. at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
  61. at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
  62. at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
  63. at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
  64. at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
  65. at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
  66. at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
  67. at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
  68. at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
  69. at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
  70. at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
  71. at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
  72. at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
  73. at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
  74. at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
  75. at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
  76. at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
  77. at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
  78. at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
  79. at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
  80. at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)
  81. at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603)
  82. at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
  83. at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
  84. at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
  85. at java.lang.Thread.run(Unknown Source)

这是我在服务器应用程序中的web.xml:

  1. <servlet>
  2. <servlet-name>spring</servlet-name>
  3. <servlet-class>org.springframework.web.servlet.DispatcherServlet
  4.     </servlet-class>
  5. <load-on-startup>1</load-on-startup>
  6. </servlet>
  8. <servlet-mapping>
  9. <servlet-name>spring</servlet-name>
  10. <url-pattern>/</url-pattern>
  11. </servlet-mapping>
  13. <listener>
  14. <listener-class>org.springframework.web.context.ContextLoaderListener
  15.     </listener-class>
  16. </listener>
  18. <context-param>
  19. <param-name>contextConfigLocation</param-name>
  20. <param-value>/WEB-INF/spring-servlet.xml</param-value>
  21. </context-param>
  23. <filter>
  24. <filter-name>springSecurityFilterChain</filter-name>
  25. <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  26.   <init-param>
  27.     <param-name>contextAttribute</param-name>
  28.     <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
  29.   </init-param>
  30. </filter>
  32. <filter-mapping>
  33. <filter-name>springSecurityFilterChain</filter-name>
  34. <url-pattern>/*</url-pattern>
  35. </filter-mapping>

这是我在服务器端的spring-servlet.xml:

  1. <http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager"
  2.     entry-point-ref="preAuthenticatedProcessingFilterEntryPoint" 
  3.     xmlns="http://www.springframework.org/schema/security">
  4.     <custom-filter position="PRE_AUTH_FILTER" ref="preAuthFilter" />
  5.     <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
  6.     <anonymous enabled="false" />
  7.     <http-basic entry-point-ref="preAuthenticatedProcessingFilterEntryPoint" />
  9.     <custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
  10.     <access-denied-handler ref="oauthAccessDeniedHandler" />
  11. </http>
  13. <http pattern="/index/**" create-session="never" 
  14.     entry-point-ref="preAuthenticatedProcessingFilterEntryPoint" access-decision-manager-ref="accessDecisionManager"
  15.     xmlns="http://www.springframework.org/schema/security">
  16.     <custom-filter position="PRE_AUTH_FILTER" ref="preAuthFilter" />
  17.     <anonymous enabled="false" />
  18.     <intercept-url pattern="/index" access="ROLE_USER, SCOPE_READ" />
  20.     <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
  21.     <access-denied-handler ref="oauthAccessDeniedHandler" />
  22. </http>
  24. <http auto-config="false" xmlns="http://www.springframework.org/schema/security"
  25.     >
  26.     <custom-filter position="PRE_AUTH_FILTER" ref="preAuthFilter" />
  27.     <intercept-url pattern="/oauth/**" access="ROLE_USER" />
  28.     <!--intercept-url pattern="/index/**" access="ROLE_USER" /-->
  29.     <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
  30.     <http-basic entry-point-ref="preAuthenticatedProcessingFilterEntryPoint" />
  31.     <anonymous />
  32. </http>
  34. <beans:bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
  36. <beans:bean id="userDetailsServiceImpl"
  37.     class="com.sebit.security.server.oauth2.controller.UserDetailsServiceImpl" />
  39. <beans:bean id="preAuthenticatedProcessingFilterEntryPoint"
  40.     class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint"> 
  41.         <beans:property name="realmName" value="Authorization" />
  42.     </beans:bean>
  44. <beans:bean id="preAuthenticationProvider"
  45.     class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
  46.     <beans:property name="preAuthenticatedUserDetailsService"
  47.         ref="userDetailsServiceImpl" />
  48. </beans:bean>
  50. <beans:bean id="preAuthFilter"
  51.     class="com.sebit.security.server.oauth2.controller.PreAuthentication">
  52.     <beans:property name="authenticationManager" ref="appControlAuthenticationManager" />
  53. </beans:bean>
  55. <beans:bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
  56.     <beans:property name="authenticationManager" ref="clientAuthenticationManager" />
  57. </beans:bean>
  59. <bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased" xmlns="http://www.springframework.org/schema/beans">
  60.     <constructor-arg>
  61.         <list>
  62.             <bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
  63.             <bean class="org.springframework.security.access.vote.RoleVoter" />
  64.             <bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
  65.         </list>
  66.     </constructor-arg>
  67. </bean>
  69. <authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
  70.     <authentication-provider user-service-ref="clientDetailsUserService" />
  71. </authentication-manager>
  73. <authentication-manager alias="appControlAuthenticationManager">
  74.     <authentication-provider ref="preAuthenticationProvider" />
  75. </authentication-manager>
  77. <beans:bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
  78.     <beans:constructor-arg ref="clientDetails" />
  79. </beans:bean>
  81. <beans:bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore" />
  83. <beans:bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
  84.     <beans:property name="tokenStore" ref="tokenStore" />
  85.     <beans:property name="supportRefreshToken" value="true" />
  86.     <beans:property name="clientDetailsService" ref="clientDetails"/>
  87. </beans:bean>
  89. <oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices"
  90.     >
  91.     <oauth:authorization-code />
  92.     <oauth:implicit />
  93.     <oauth:refresh-token />
  94.     <oauth:client-credentials />
  95.     <oauth:password />
  96. </oauth:authorization-server>
  98. <oauth:resource-server id="resourceServerFilter" resource-id="Authorization" token-services-ref="tokenServices" />
  100. <oauth:client-details-service id="clientDetails">
  101.     <oauth:client client-id="myClient" resource-ids="Authorization" authorized-grant-types="authorization_code"
  102.         authorities="ROLE_CLIENT" scope="read,write" secret="secret"/>
  103. </oauth:client-details-service>
  105. <beans:bean id="accessConfirmationController" class="com.sebit.security.server.oauth2.controller.AccessConfirmationController">
  106.     <beans:property name="clientDetailsService" ref="clientDetails" />
  107. </beans:bean>
  109. <mvc:default-servlet-handler />
  111. <global-method-security pre-post-annotations="enabled" proxy-target-class="true">
  112.     <expression-handler ref="oauthExpressionHandler" />
  113. </global-method-security>
  115. <oauth:expression-handler id="oauthExpressionHandler" />

这是我在客户端的web.xml:

  1. <servlet>
  2. <servlet-name>mvc-dispatcher</servlet-name>
  3. <servlet-class>org.springframework.web.servlet.DispatcherServlet
  4.     </servlet-class>
  5. <load-on-startup>1</load-on-startup>
  6. </servlet>
  7. <servlet-mapping>
  8. <servlet-name>mvc-dispatcher</servlet-name>
  9. <url-pattern>/</url-pattern>
  10. </servlet-mapping>
  11. <listener>
  12. <listener-class>org.springframework.web.context.ContextLoaderListener
  13.     </listener-class>
  14. </listener>
  15. <context-param>
  16. <param-name>contextConfigLocation</param-name>
  17. <param-value>/WEB-INF/mvc-dispatcher-servlet.xml, /WEB-INF/spring-security.xml</param-value>
  18. </context-param>
  19. <filter>
  20. <filter-name>springSecurityFilterChain</filter-name>
  21. <filter-class>org.springframework.web.filter.DelegatingFilterProxy
  22.     </filter-class>
  23. </filter>
  24. <filter-mapping>
  25. <filter-name>springSecurityFilterChain</filter-name>
  26. <url-pattern>/*</url-pattern>
  27. </filter-mapping>

这是我在客户端的spring-security.xml:

  1. <http auto-config="false" xmlns="http://www.springframework.org/schema/security"
  2. >
  3.     <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
  4.     <intercept-url pattern="/index/**" access="ROLE_USER" />
  5.     <custom-filter position="PRE_AUTH_FILTER" ref="preAuthFilter" />
  6.     <http-basic entry-point-ref="preAuthenticatedProcessingFilterEntryPoint" />
  7.     <anonymous/>
  8.     <custom-filter ref="oauth2ClientFilter" after="EXCEPTION_TRANSLATION_FILTER" />
  9. </http>   
  11. <oauth:client id="oauth2ClientFilter" />
  13. <beans:bean id="userDetailsServiceImpl"
  14.     class="com.sebit.security.client.oauth2.controller.UserDetailsServiceImpl" />
  16. <beans:bean id="preAuthenticatedProcessingFilterEntryPoint"
  17.     class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint"> 
  18.         <beans:property name="realmName" value="messages" />
  19.     </beans:bean>
  21. <beans:bean id="preAuthenticationProvider"
  22.     class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
  23.     <beans:property name="preAuthenticatedUserDetailsService"
  24.         ref="userDetailsServiceImpl" />
  25. </beans:bean>
  27. <beans:bean id="preAuthFilter"
  28.     class="com.sebit.security.client.oauth2.controller.PreAuthentication">
  29.     <beans:property name="authenticationManager" ref="appControlAuthenticationManager" />
  30. </beans:bean>
  32. <authentication-manager alias="appControlAuthenticationManager">
  33.     <authentication-provider ref="preAuthenticationProvider" />
  34. </authentication-manager>
  36. <oauth:resource id="Authorization" type="authorization_code"
  37.     client-id="myClient" client-secret="secret" access-token-uri="http://localhost/Authorization/oauth/token"
  38.     user-authorization-uri="http://localhost/Authorization/oauth/authorize" scope="read,write" />    
  40. <mvc:default-servlet-handler />
  42. <mvc:annotation-driven>
  43.     <mvc:message-converters>
  44.         <beans:bean class="org.springframework.http.converter.BufferedImageHttpMessageConverter" />
  45.     </mvc:message-converters>
  46. </mvc:annotation-driven>
  48. <beans:bean id="conversionService" class="org.springframework.context.support.ConversionServiceFactoryBean">
  49.     <beans:property name="converters">
  50.         <beans:set>
  51.             <beans:bean class="com.sebit.security.client.oauth2.controller.AccessTokenRequestConverter" />
  52.         </beans:set>
  53.     </beans:property>
  54. </beans:bean>
  56. <beans:bean id="helloController" class="com.sebit.security.client.oauth2.controller.HelloController">
  57.     <beans:property name="restTemplate">
  58.         <oauth:rest-template resource="Authorization" />
  59.     </beans:property>
  60. </beans:bean>

这是我在客户端的mvc-dispatcher-servlet:

  1. <bean
  2.   class="org.springframework.web.servlet.view.InternalResourceViewResolver">
  3.   <property name="suffix">
  4.     <value>.jsp</value>
  5.   </property>
  6. </bean>

等我打完电话
“/客户端/索引”
它成功绕过登录表单(在服务器端和客户端),并成功调用
“/授权/Oauth/授权”
它成功地添加了客户端标识、响应类型、作用域、重定向URI和状态参数。
访问被确认和批准页面来。我点击“授权”按钮后,我得到401未授权的错误。
任何帮助都非常感激,谢谢。

spring

1条答案

按热度按时间
vmpqdwk3

vmpqdwk31#

我想您可以决定如何进行身份验证。(无论如何都是在标准身份验证代码流中)。它应该具有适合其使用者的安全性(客户端应用程序)、所以如果我是您,我会从删除“preAuthFilter”开始如果您认为客户端不应该有秘密,那么您可能没有编写企业级或Web级产品,但您可以自由地以任何方式保护/token端点,只需注意它将从客户端获取Basic身份验证头(如果客户端是标准tonr样式的SpringSecurity应用程序)。

赞(0)分享  回复(0)举报  2022-10-30
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com