1
Ich habe Probleme beim Einrichten eines Spring Oauth2-Servers. Wenn ich den Client auf FB zeige, meldet es sich gut an, wenn ich es auf meinen Oauth2-Server leite, funktioniert es nicht. Der Benutzer kann sich erfolgreich anmelden und kann Bearer Tokens erhalten. Ich bekomme zurück "BadCredentialsException: Konnte Zugriffstoken" vom Client nicht erhalten.Spring Oauth2 konnte Access Token nicht abrufen Problem
Protokolle Server:
o.s.s.w.FilterChainProxy : /login at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
o.s.s.w.FilterChainProxy : /login at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: [email protected] A new one will be created.
o.s.s.w.FilterChainProxy : /login at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher o.s.se[email protected]5b5aeff5
o.s.s.w.FilterChainProxy : /login at position 4 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login'; against '/logout'
o.s.s.w.FilterChainProxy : /login at position 5 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login'; against '/login'
w.a.UsernamePasswordAuthenticationFilter : Request is to process authentication
o.s.s.authentication.ProviderManager : Authentication attempt using o.s.security.authentication.dao.DaoAuthenticationProvider
s.CompositeSessionAuthenticationStrategy : Delegating to o.s.security.w[email protected]1b8f3b15
w.a.UsernamePasswordAuthenticationFilter : Authentication success. Updating SecurityContextHolder to contain: [email protected]4bc9b896: Principal: [email protected]: Username: username; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: [email protected]0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: A5769D3F7BE48CDCE28246573B9CF1D9; Granted Authorities: ROLE_USER
RequestAwareAuthenticationSuccessHandler : Redirecting to DefaultSavedRequest Url: http://localhost:8081/oauth/authorize?client_id=clientId&redirect_uri=http://127.0.0.1:8080/client/login&response_type=code&state=CIjAxa
o.s.s.web.DefaultRedirectStrategy : Redirecting to 'http://localhost:8081/oauth/authorize?client_id=clientId&redirect_uri=http://127.0.0.1:8080/client/login&response_type=code&state=CIjAxa'
w.c.HttpSessionSecurityContextRepository : SecurityContext '[email protected]: Authentication: [email protected]4bc9b896: Principal: [email protected]: Username: username; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: [email protected]0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: A5769D3F7BE48CDCE28246573B9CF1D9; Granted Authorities: ROLE_USER' stored to HttpSession: '[email protected]
s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
o.s.s.w.FilterChainProxy : /oauth/authorize?client_id=clientId&redirect_uri=http://127.0.0.1:8080/client/login&response_type=code&state=CIjAxa at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
o.s.s.w.FilterChainProxy : /oauth/authorize?client_id=clientId&redirect_uri=http://127.0.0.1:8080/client/login&response_type=code&state=CIjAxa at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
w.c.HttpSessionSecurityContextRepository : Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: '[email protected]: Authentication: [email protected]4bc9b896: Principal: [email protected]: Username: username; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: [email protected]0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: A5769D3F7BE48CDCE28246573B9CF1D9; Granted Authorities: ROLE_USER'
o.s.s.w.FilterChainProxy : /oauth/authorize?client_id=clientId&redirect_uri=http://127.0.0.1:8080/client/login&response_type=code&state=CIjAxa at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher o.s.se[email protected]5b5aeff5
o.s.s.w.FilterChainProxy : /oauth/authorize?client_id=clientId&redirect_uri=http://127.0.0.1:8080/client/login&response_type=code&state=CIjAxa at position 4 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/authorize'; against '/logout'
o.s.s.w.FilterChainProxy : /oauth/authorize?client_id=clientId&redirect_uri=http://127.0.0.1:8080/client/login&response_type=code&state=CIjAxa at position 5 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /oauth/authorize' doesn't match 'POST /login
o.s.s.w.FilterChainProxy : /oauth/authorize?client_id=clientId&redirect_uri=http://127.0.0.1:8080/client/login&response_type=code&state=CIjAxa at position 6 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
o.s.s.w.FilterChainProxy : /oauth/authorize?client_id=clientId&redirect_uri=http://127.0.0.1:8080/client/login&response_type=code&state=CIjAxa at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
o.s.s.w.s.DefaultSavedRequest : pathInfo: both null (property equals)
o.s.s.w.s.DefaultSavedRequest : queryString: arg1=client_id=clientId&redirect_uri=http://127.0.0.1:8080/client/login&response_type=code&state=CIjAxa; arg2=client_id=clientId&redirect_uri=http://127.0.0.1:8080/client/login&response_type=code&state=CIjAxa (property equals)
o.s.s.w.s.DefaultSavedRequest : requestURI: arg1=/oauth/authorize; arg2=/oauth/authorize (property equals)
o.s.s.w.s.DefaultSavedRequest : serverPort: arg1=8081; arg2=8081 (property equals)
o.s.s.w.s.DefaultSavedRequest : requestURL: arg1=http://localhost:8081/oauth/authorize; arg2=http://localhost:8081/oauth/authorize (property equals)
o.s.s.w.s.DefaultSavedRequest : scheme: arg1=http; arg2=http (property equals)
o.s.s.w.s.DefaultSavedRequest : serverName: arg1=localhost; arg2=localhost (property equals)
o.s.s.w.s.DefaultSavedRequest : contextPath: arg1=; arg2= (property equals)
o.s.s.w.s.DefaultSavedRequest : servletPath: arg1=/oauth/authorize; arg2=/oauth/authorize (property equals)
o.s.s.w.s.HttpSessionRequestCache : Removing DefaultSavedRequest from session if present
o.s.s.w.FilterChainProxy : /oauth/authorize?client_id=clientId&redirect_uri=http://127.0.0.1:8080/client/login&response_type=code&state=CIjAxa at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
o.s.s.w.FilterChainProxy : /oauth/authorize?client_id=clientId&redirect_uri=http://127.0.0.1:8080/client/login&response_type=code&state=CIjAxa at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
o.s.s.w.a.AnonymousAuthenticationFilter : SecurityContextHolder not populated with anonymous token, as it already contained: '[email protected]4bc9b896: Principal: [email protected]: Username: username; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: [email protected]0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: A5769D3F7BE48CDCE28246573B9CF1D9; Granted Authorities: ROLE_USER'
o.s.s.w.FilterChainProxy : /oauth/authorize?client_id=clientId&redirect_uri=http://127.0.0.1:8080/client/login&response_type=code&state=CIjAxa at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
o.s.s.w.FilterChainProxy : /oauth/authorize?client_id=clientId&redirect_uri=http://127.0.0.1:8080/client/login&response_type=code&state=CIjAxa at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
o.s.s.w.FilterChainProxy : /oauth/authorize?client_id=clientId&redirect_uri=http://127.0.0.1:8080/client/login&response_type=code&state=CIjAxa at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /oauth/authorize?client_id=clientId&redirect_uri=http://127.0.0.1:8080/client/login&response_type=code&state=CIjAxa; Attributes: [permitAll]
o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: [email protected]4bc9b896: Principal: [email protected]: Username: username; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: [email protected]0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: A5769D3F7BE48CDCE28246573B9CF1D9; Granted Authorities: ROLE_USER
o.s.s.access.vote.AffirmativeBased : Voter: [email protected], returned: 1
o.s.s.w.a.i.FilterSecurityInterceptor : Authorization successful
o.s.s.w.a.i.FilterSecurityInterceptor : RunAsManager did not change Authentication object
o.s.s.w.FilterChainProxy : /oauth/authorize?client_id=clientId&redirect_uri=http://127.0.0.1:8080/client/login&response_type=code&state=CIjAxa reached end of additional filter chain; proceeding with original chain
.s.o.p.e.FrameworkEndpointHandlerMapping : Looking up handler method for path /oauth/authorize
.s.o.p.e.FrameworkEndpointHandlerMapping : Returning handler method [public o.s.web.servlet.ModelAndView o.s.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map<java.lang.String, java.lang.Object>,java.util.Map<java.lang.String, java.lang.String>,o.s.web.bind.support.SessionStatus,java.security.Principal)]
o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/css/**']
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/css/**'
o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/js/**']
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/js/**'
o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/images/**']
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/images/**'
o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/**/favicon.ico']
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/**/favicon.ico'
o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/error']
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/error'
o.s.s.web.util.matcher.OrRequestMatcher : No matches found
o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/token']
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/oauth/token'
o.s.s.web.util.matcher.OrRequestMatcher : matched
o.s.s.w.FilterChainProxy : /oauth/token at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
o.s.s.w.FilterChainProxy : /oauth/token at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
o.s.s.w.FilterChainProxy : /oauth/token at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher o.s.se[email protected]460f0137
o.s.s.w.FilterChainProxy : /oauth/token at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/logout'
o.s.s.w.FilterChainProxy : /oauth/token at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
o.s.s.w.FilterChainProxy : /oauth/token at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
o.s.s.w.FilterChainProxy : /oauth/token at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
o.s.s.w.FilterChainProxy : /oauth/token at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: '[email protected]6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: [email protected]: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
o.s.s.w.FilterChainProxy : /oauth/token at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
o.s.s.w.FilterChainProxy : /oauth/token at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
o.s.s.w.FilterChainProxy : /oauth/token at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/oauth/token'
o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /oauth/token; Attributes: [fullyAuthenticated]
o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: [email protected]6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: [email protected]: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
o.s.s.access.vote.AffirmativeBased : Voter: [email protected], returned: -1
o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point
o.s.security.access.AccessDeniedException: Access is denied
at o.s.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) ~[spring-security-core-4.0.4.RELEASE.jar:4.0.4.RELEASE]
at o.s.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:232) ~[spring-security-core-4.0.4.RELEASE.jar:4.0.4.RELEASE]
at o.s.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123) ~[spring-security-web-4.0.4.RELEASE.jar:4.0.4.RELEASE]
at o.s.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90) ~[spring-security-web-4.0.4.RELEASE.jar:4.0.4.RELEASE]
...
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1502) [tomcat-embed-core-8.0.33.jar:8.0.33]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1458) [tomcat-embed-core-8.0.33.jar:8.0.33]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_66]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_66]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.0.33.jar:8.0.33]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_66]
o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using Ant [pattern='/**', GET]
o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'POST /oauth/token' doesn't match 'GET /**
o.s.s.w.util.matcher.AndRequestMatcher : Did not match
o.s.s.w.s.HttpSessionRequestCache : Request not saved as configured RequestMatcher did not match
o.s.s.w.a.ExceptionTranslationFilter : Calling Authentication entry point.
s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using MediaTypeRequestMatcher [cont[email protected]244013bc, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]
o.s.s.w.u.m.MediaTypeRequestMatcher : httpRequestMediaTypes=[application/json, application/x-www-form-urlencoded]
o.s.s.w.u.m.MediaTypeRequestMatcher : Processing application/json
o.s.s.w.u.m.MediaTypeRequestMatcher : application/atom+xml .isCompatibleWith application/json = false
o.s.s.w.u.m.MediaTypeRequestMatcher : application/x-www-form-urlencoded .isCompatibleWith application/json = false
o.s.s.w.u.m.MediaTypeRequestMatcher : application/json .isCompatibleWith application/json = true
s.w.a.DelegatingAuthenticationEntryPoint : Match found! Executing o.[email protected]33884c2a
s.s.o.p.e.DefaultOAuth2ExceptionRenderer : Written [error="unauthorized", error_description="Full authentication is required to access this resource"] as "application/json" using [[email protected]2e6a]
s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
Verwandte Dateien:
pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>oauth-server-test</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>oauth-server-test</name>
<description>Demo project for Spring Boot</description>
<parent>
<groupId>o.s.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.3.5.RELEASE</version>
<relativePath/>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>o.s.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>o.s.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>o.s.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>o.s.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
</dependency>
<dependency>
<groupId>o.s.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>o.s.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>Brixton.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>o.s.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
application.yml
spring:
application:
name: oauth-server-test
resources:
chain:
enabled: true
management:
context_path: /admin
logging:
level:
org.springframework.security: DEBUG
server:
port: 8081
WebSecurityConfiguration.java:
package com.example;
import ...
@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired DataSource dataSource;
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Autowired
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource).withUser("username")
.password("password").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.anyRequest().permitAll()
.and()
.formLogin().permitAll();
}
}
OAuth2AuthorizationConfig.java:
package com.example;
import ...
@Configuration
@EnableAuthorizationServer
public class OAuth2AuthorizationConfig extends AuthorizationServerConfigurerAdapter {
@Autowired private DataSource dataSource;
@Autowired private AuthenticationManager authenticationManager;
private BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
@Bean
public JdbcTokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Bean
protected AuthorizationCodeServices authorizationCodeServices() {
return new JdbcAuthorizationCodeServices(dataSource);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security)
throws Exception {
security.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
security.passwordEncoder(passwordEncoder);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
endpoints.authorizationCodeServices(authorizationCodeServices())
.authenticationManager(authenticationManager).tokenStore(tokenStore())
.approvalStoreDisabled();
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.jdbc(dataSource)
.withClient("clientId")
.authorizedGrantTypes("implicit", "password")//, "authorization_code")
.scopes("read")
.autoApprove(true)
.and()
.withClient("clientIdPassword")
.secret("secret")
.authorizedGrantTypes("password", "authorization_code", "refresh_token")
.scopes("read");
}
}
OauthServerTestApplication.java:
package com.example;
import ...
@SpringBootApplication
@RestController
public class OauthServerTestApplication {
@Autowired private DataSource dataSource;
public static void main(String[] args) {
SpringApplication.run(OauthServerTestApplication.class, args);
}
@RequestMapping({ "/user", "/me" })
public Map<String, String> user(Principal principal) {
Map<String, String> map = new LinkedHashMap<>();
map.put("name", principal.getName());
return map;
}
}
Die Client-Protokolle:
o.s.s.w.u.matcher.AntPathRequestMatcher : Request '/login' matched by universal pattern '/**'
o.s.s.w.FilterChainProxy : /login?code=N2L54X&state=7hQn1L at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
o.s.s.w.FilterChainProxy : /login?code=N2L54X&state=7hQn1L at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: [email protected] A new one will be created.
o.s.s.w.FilterChainProxy : /login?code=N2L54X&state=7hQn1L at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher o.s.se[email protected]463f1d5c
o.s.s.w.FilterChainProxy : /login?code=N2L54X&state=7hQn1L at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
o.s.s.w.FilterChainProxy : /login?code=N2L54X&state=7hQn1L at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /login' doesn't match 'POST /logout
o.s.s.w.FilterChainProxy : /login?code=N2L54X&state=7hQn1L at position 6 of 12 in additional filter chain; firing Filter: 'OAuth2ClientAuthenticationProcessingFilter'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login'; against '/login'
uth2ClientAuthenticationProcessingFilter : Request is to process authentication
g.c.AuthorizationCodeAccessTokenProvider : Retrieving token from http://localhost:8081/oauth/token
g.c.AuthorizationCodeAccessTokenProvider : Encoding and sending form: {grant_type=[authorization_code], code=[N2L54X], redirect_uri=[http://127.0.0.1:8080/client/login], client_id=[clientId], client_secret=[secret]}
uth2ClientAuthenticationProcessingFilter : Authentication request failed: o.s.security.authentication.BadCredentialsException: Could not obtain access token
uth2ClientAuthenticationProcessingFilter : Updated SecurityContextHolder to contain null Authentication
uth2ClientAuthenticationProcessingFilter : Delegating to authentication failure handler o.s.se[email protected]55e17d56
.a.SimpleUrlAuthenticationFailureHandler : No failure URL set, sending 401 Unauthorized error
w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
application.yml:
security:
oauth2:
client:
clientId: clientId
clientSecret: secret
accessTokenUri: http://localhost:8081/oauth/token
userAuthorizationUri: http://localhost:8081/oauth/authorize
tokenName: oauth_token
authenticationScheme: query
clientAuthenticationScheme: form
resource:
userInfoUri: http://localhost:8081/user
spring:
resources:
chain:
enabled: true
server:
port: 8080
context_path: /client
logging:
level:
org.springframework.security: DEBUG
Diese Client-ID und Geheimnis ist korrekt, was ich auf meinem Server eingestellt habe. Wenn ich die Konfiguration der Client-App ändere und auf FB zeige, würde ich sie zusammen mit den URLs aktualisieren und es funktioniert. Ich kann den Client mit der FB arbeiten lassen, nur nicht mit meinem Server. Sie können sehen, dass es mit OAuth2AuthorizationConfig.java übereinstimmt. – FiguringThisOut
Das Ziel besteht nicht darin, FB-Anmeldeinformationen zu verwenden, sondern in einem lokalen Speicher. – FiguringThisOut
@FiguringThisOut haben es gelöst? Ich traf den gleichen Fehler –