spring-security 在客户端凭据流中拒绝访问

mm9b1k5b  于 2022-11-11  发布在  Spring
关注(0)|答案(1)|浏览(251)

我的工作:

我准备Spring Boot oauth2授权服务器有两个流程:

  • access code(用户)
  • client credentials(服务)

问题

当我用curl得到client credentials流的access token时:

curl --request POST \
   -vv \
  --url 'http://localhost:9000/oauth/token' \
  --header "Authorization: Basic Y2xhc3Nlcy1jYWxlbmRhci1jbGllbnQ6cGFzc3dvcmQ=" \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials

我被重定向到登录页面。在日志中我看到access denied

配置

@Configuration(proxyBeanMethods = false)
@EnableWebSecurity
public class AuthorizationServerConfig {

    @Bean
    @Order(Ordered.HIGHEST_PRECEDENCE)
    public SecurityFilterChain authServerSecurityFilterChain(HttpSecurity http) throws Exception {
        OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
        return http.formLogin(Customizer.withDefaults()).build();
    }

    @Bean
    SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
        http
                .authorizeRequests(authorizeRequests ->
                        authorizeRequests.anyRequest().authenticated()
                )
                .formLogin(withDefaults());
        return http.build();
    }
    @Bean
    public RegisteredClientRepository registeredClientRepository() {
        RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
                .clientId("classes-calendar-client")
                .clientSecret("{noop}password")  // FIXME this accepts no password encoding
                .clientName("classes-calendar-client")
                .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
                .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
                .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
                .redirectUri("http://auth-service:8080/login/oauth2/code/classes-calendar-client")
                .redirectUri("http://auth-service:8080/authorized")
                .scope(OidcScopes.OPENID)
                .scope("all")
                .build();

        return new InMemoryRegisteredClientRepository(registeredClient);
    }

    @Bean
    public JWKSource<SecurityContext> jwkSource() {
        RSAKey rsaKey = generateRsa();
        JWKSet jwkSet = new JWKSet(rsaKey);
        return (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);
    }

    private static RSAKey generateRsa() {
        KeyPair keyPair = generateRsaKey();
        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
        RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
        return new RSAKey.Builder(publicKey)
                .privateKey(privateKey)
                .keyID(UUID.randomUUID().toString())
                .build();
    }

    private static KeyPair generateRsaKey() {
        KeyPair keyPair;
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            keyPair = keyPairGenerator.generateKeyPair();
        } catch (Exception ex) {
            throw new IllegalStateException(ex);
        }
        return keyPair;
    }

    @Bean
    public ProviderSettings providerSettings() {
        return ProviderSettings.builder()
                .issuer("http://oauth2-service:9000")
                .build();
    }

    @Bean
    InMemoryUserDetailsManager userDetailsService() {
        UserDetails user = User.withDefaultPasswordEncoder()
                .username("admin")
                .password("password")
                .roles("ADMIN", "USER")
                .build();

        UserDetails service = User.withDefaultPasswordEncoder()
                .username("service")
                .password("password")
                .roles("SERVICE")
                .build();
        return new InMemoryUserDetailsManager(user, service);
    }
}

日志

--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer$$Lambda$617/0x0000000800fadcb8@2c2a027c, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@118dcbbd, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@7d979d34, org.springframework.security.web.context.SecurityContextPersistenceFilter@36aa52d2, org.springframework.security.oauth2.server.authorization.web.ProviderContextFilter@1a47a1e8, org.springframework.security.web.header.HeaderWriterFilter@6cbe7d4d, org.springframework.security.web.csrf.CsrfFilter@141d3d43, org.springframework.security.web.authentication.logout.LogoutFilter@73ae0257, org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationEndpointFilter@3d90eeb3, org.springframework.security.oauth2.server.authorization.oidc.web.OidcProviderConfigurationEndpointFilter@7650ded6, org.springframework.security.oauth2.server.authorization.web.NimbusJwkSetEndpointFilter@1084f78c, org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationServerMetadataEndpointFilter@3df1a1ac, org.springframework.security.oauth2.server.authorization.web.OAuth2ClientAuthenticationFilter@2b38b1f, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@58606c91, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@403c3a01, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@350ec690, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@16a35bd, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@ba17be6, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@49cb1baf, org.springframework.security.web.session.SessionManagementFilter@3679d92e, org.springframework.security.web.access.ExceptionTranslationFilter@3456558, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@261db982, org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter@18a25bbd, org.springframework.security.oauth2.server.authorization.web.OAuth2TokenIntrospectionEndpointFilter@77f905e3, org.springframework.security.oauth2.server.authorization.web.OAuth2TokenRevocationEndpointFilter@1192b58e, org.springframework.security.oauth2.server.authorization.oidc.web.OidcUserInfoEndpointFilter@f5ce0bb]] (1/2)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3e4e8fdf, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@6a1d6ef2, org.springframework.security.web.context.SecurityContextPersistenceFilter@7f973a14, org.springframework.security.web.header.HeaderWriterFilter@2c991465, org.springframework.security.web.csrf.CsrfFilter@2740e316, org.springframework.security.web.authentication.logout.LogoutFilter@1cfc2538, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@42cc183e, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@3451f01d, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@2721044, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@76130a29, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@124d02b2, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@205df5dc, org.springframework.security.web.session.SessionManagementFilter@5fef2aac, org.springframework.security.web.access.ExceptionTranslationFilter@5b5a4aed, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@53e76c11]] (2/2)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Securing POST /oauth/token
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/15)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/15)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Invoking SecurityContextPersistenceFilter (3/15)
--- [nio-9000-exec-1] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
--- [nio-9000-exec-1] w.c.HttpSessionSecurityContextRepository : Created SecurityContextImpl [Null authentication]
--- [nio-9000-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/15)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/15)
--- [nio-9000-exec-1] o.s.security.web.csrf.CsrfFilter         : Invalid CSRF token found for http://localhost:9000/oauth/token
--- [nio-9000-exec-1] o.s.s.w.access.AccessDeniedHandlerImpl   : Responding with 403 status code
--- [nio-9000-exec-1] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match request to [Is Secure]
--- [nio-9000-exec-1] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
--- [nio-9000-exec-1] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
--- [nio-9000-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer$$Lambda$617/0x0000000800fadcb8@2c2a027c, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@118dcbbd, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@7d979d34, org.springframework.security.web.context.SecurityContextPersistenceFilter@36aa52d2, org.springframework.security.oauth2.server.authorization.web.ProviderContextFilter@1a47a1e8, org.springframework.security.web.header.HeaderWriterFilter@6cbe7d4d, org.springframework.security.web.csrf.CsrfFilter@141d3d43, org.springframework.security.web.authentication.logout.LogoutFilter@73ae0257, org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationEndpointFilter@3d90eeb3, org.springframework.security.oauth2.server.authorization.oidc.web.OidcProviderConfigurationEndpointFilter@7650ded6, org.springframework.security.oauth2.server.authorization.web.NimbusJwkSetEndpointFilter@1084f78c, org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationServerMetadataEndpointFilter@3df1a1ac, org.springframework.security.oauth2.server.authorization.web.OAuth2ClientAuthenticationFilter@2b38b1f, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@58606c91, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@403c3a01, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@350ec690, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@16a35bd, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@ba17be6, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@49cb1baf, org.springframework.security.web.session.SessionManagementFilter@3679d92e, org.springframework.security.web.access.ExceptionTranslationFilter@3456558, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@261db982, org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter@18a25bbd, org.springframework.security.oauth2.server.authorization.web.OAuth2TokenIntrospectionEndpointFilter@77f905e3, org.springframework.security.oauth2.server.authorization.web.OAuth2TokenRevocationEndpointFilter@1192b58e, org.springframework.security.oauth2.server.authorization.oidc.web.OidcUserInfoEndpointFilter@f5ce0bb]] (1/2)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3e4e8fdf, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@6a1d6ef2, org.springframework.security.web.context.SecurityContextPersistenceFilter@7f973a14, org.springframework.security.web.header.HeaderWriterFilter@2c991465, org.springframework.security.web.csrf.CsrfFilter@2740e316, org.springframework.security.web.authentication.logout.LogoutFilter@1cfc2538, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@42cc183e, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@3451f01d, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@2721044, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@76130a29, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@124d02b2, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@205df5dc, org.springframework.security.web.session.SessionManagementFilter@5fef2aac, org.springframework.security.web.access.ExceptionTranslationFilter@5b5a4aed, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@53e76c11]] (2/2)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Securing POST /error
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/15)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/15)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Invoking SecurityContextPersistenceFilter (3/15)
--- [nio-9000-exec-1] w.c.HttpSessionSecurityContextRepository : Did not find SecurityContext in HttpSession 50C9343D22CA6AC093145811E89DF30A using the SPRING_SECURITY_CONTEXT session attribute
--- [nio-9000-exec-1] w.c.HttpSessionSecurityContextRepository : Created SecurityContextImpl [Null authentication]
--- [nio-9000-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/15)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/15)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/15)
--- [nio-9000-exec-1] o.s.s.w.a.logout.LogoutFilter            : Did not match request to Ant [pattern='/logout', POST]
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Invoking UsernamePasswordAuthenticationFilter (7/15)
--- [nio-9000-exec-1] w.a.UsernamePasswordAuthenticationFilter : Did not match request to Ant [pattern='/login', POST]
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Invoking DefaultLoginPageGeneratingFilter (8/15)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Invoking DefaultLogoutPageGeneratingFilter (9/15)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (10/15)
--- [nio-9000-exec-1] o.s.s.w.s.HttpSessionRequestCache        : No saved request
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (11/15)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Invoking AnonymousAuthenticationFilter (12/15)
--- [nio-9000-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter  : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=50C9343D22CA6AC093145811E89DF30A], Granted Authorities=[ROLE_ANONYMOUS]]
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Invoking SessionManagementFilter (13/15)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (14/15)
--- [nio-9000-exec-1] o.s.security.web.FilterChainProxy        : Invoking FilterSecurityInterceptor (15/15)
--- [nio-9000-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor    : Did not re-authenticate AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=50C9343D22CA6AC093145811E89DF30A], Granted Authorities=[ROLE_ANONYMOUS]] before authorizing
--- [nio-9000-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor    : Authorizing filter invocation [POST /error] with attributes [authenticated]
--- [nio-9000-exec-1] o.s.s.w.a.expression.WebExpressionVoter  : Voted to deny authorization
--- [nio-9000-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor    : Failed to authorize filter invocation [POST /error] with attributes [authenticated] using AffirmativeBased [DecisionVoters=[org.springframework.security.web.access.expression.WebExpressionVoter@5d342959], AllowIfAllAbstainDecisions=false]
--- [nio-9000-exec-1] o.s.s.w.a.ExceptionTranslationFilter     : Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=50C9343D22CA6AC093145811E89DF30A], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied

org.springframework.security.access.AccessDeniedException: Access is denied
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:73) ~[spring-security-core-5.7.2.jar:5.7.2]
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.attemptAuthorization(AbstractSecurityInterceptor.java:239) ~[spring-security-core-5.7.2.jar:5.7.2]
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:208) ~[spring-security-core-5.7.2.jar:5.7.2]
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:113) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:149) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:102) ~[spring-web-5.3.21.jar:5.3.21]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:237) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:223) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:223) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:102) ~[spring-web-5.3.21.jar:5.3.21]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:102) ~[spring-web-5.3.21.jar:5.3.21]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:112) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:82) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:102) ~[spring-web-5.3.21.jar:5.3.21]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:102) ~[spring-web-5.3.21.jar:5.3.21]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354) ~[spring-web-5.3.21.jar:5.3.21]
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267) ~[spring-web-5.3.21.jar:5.3.21]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.3.21.jar:5.3.21]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.21.jar:5.3.21]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:102) ~[spring-web-5.3.21.jar:5.3.21]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:102) ~[spring-web-5.3.21.jar:5.3.21]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:711) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:461) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:385) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:313) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:403) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:249) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    ...]

--- [nio-9000-exec-1] o.s.s.w.s.HttpSessionRequestCache        : Did not save request since it did not match [And [Ant [pattern='/**', GET], Not [Ant [pattern='/**/favicon.*']], Not [MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.HeaderContentNegotiationStrategy@1e512e7c, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]], Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], Not [MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.HeaderContentNegotiationStrategy@29debe11, matchingMediaTypes=[multipart/form-data], useEquals=false, ignoredMediaTypes=[*/*]]], Not [MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.HeaderContentNegotiationStrategy@4cc94ca2, matchingMediaTypes=[text/event-stream], useEquals=false, ignoredMediaTypes=[*/*]]]]]
--- [nio-9000-exec-1] o.s.s.web.DefaultRedirectStrategy        : Redirecting to http://localhost:9000/login
--- [nio-9000-exec-1] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
--- [nio-9000-exec-1] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext

问题

我需要做什么才能让它工作?

e4eetjau

e4eetjau1#

看看对localhost:9000/.well-known/openid-configuration的响应,应该会看到token_endpoint的URL是http://localhost:9000/oauth2/token

**注意:**由于您已经在ProviderSettings中指定了.issuer("http://oauth2-service:9000"),它可能会反映http://oauth2-service:9000/oauth2/token。如果您省略此设置,它将自动从请求中检测基本URL。

请确保您的请求使用/oauth2/token代替。此外,请确保您在请求中包含client_id=classes-calendar-client,因为我相信这是client_credentials令牌请求的必需参数。

相关问题