carry_zuo
carry_zuo
采纳率0%
2017-12-20 08:35

Spring Security OAuth2

5

在使用Spring Security OAuth2测试时,授权之后报错:
Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.

Wed Dec 20 16:14:18 CST 2017
There was an unexpected error (type=Unauthorized, status=401).
Authentication Failed: Could not obtain user details from token

客户端DEBUG信息:
2017-12-20 16:14:17.948 DEBUG 7932 --- [nio-8082-exec-4] o.s.s.oauth2.client.OAuth2RestTemplate : Created GET request for "http://localhost:8081/resource/user"
2017-12-20 16:14:17.967 DEBUG 7932 --- [nio-8082-exec-4] o.s.s.oauth2.client.OAuth2RestTemplate : Setting request Accept header to [application/json, application/*+json]
2017-12-20 16:14:18.204 DEBUG 7932 --- [nio-8082-exec-4] o.s.s.oauth2.client.OAuth2RestTemplate : GET request for "http://localhost:8081/resource/user" resulted in 401 (null); invoking error handler
2017-12-20 16:14:18.213 WARN 7932 --- [nio-8082-exec-4] o.s.b.a.s.o.r.UserInfoTokenServices : Could not fetch user details: class org.springframework.security.oauth2.common.exceptions.InvalidRequestException, Possible CSRF detected - state parameter was required but no state could be found
2017-12-20 16:14:18.280 DEBUG 7932 --- [nio-8082-exec-4] uth2ClientAuthenticationProcessingFilter : Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Could not obtain user details from token

认证服务器DEBUG信息:
2017-12-20 16:14:08.230 DEBUG 8704 --- [nio-8080-exec-7] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /favicon.ico; Attributes: [authenticated]
2017-12-20 16:14:08.230 DEBUG 8704 --- [nio-8080-exec-7] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6fa90ed4: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 41D379AFB367FD4316A06BAC18AB91DA; Granted Authorities: ROLE_ANONYMOUS
2017-12-20 16:14:08.230 DEBUG 8704 --- [nio-8080-exec-7] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@72127537, returned: -1
2017-12-20 16:14:08.231 DEBUG 8704 --- [nio-8080-exec-7] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point

资源服务器DEBUG信息:
2017-12-20 16:14:18.132 DEBUG 10100 --- [nio-8081-exec-1] o.s.security.web.FilterChainProxy : /user at position 5 of 11 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'
2017-12-20 16:14:18.137 DEBUG 10100 --- [nio-8081-exec-1] p.a.OAuth2AuthenticationProcessingFilter : Authentication request failed: error="invalid_token", error_description="Invalid access token: fbde02a4-d6b9-41c8-a8aa-332390482c1e"
2017-12-20 16:14:18.192 DEBUG 10100 --- [nio-8081-exec-1] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2017-12-20 16:14:18.199 DEBUG 10100 --- [nio-8081-exec-1] s.s.o.p.e.DefaultOAuth2ExceptionRenderer : Written [error="invalid_token", error_description="Invalid access token: fbde02a4-d6b9-41c8-a8aa-332390482c1e"] as "application/json;charset=UTF-8" using [org.springframework.http.converter.json.MappingJackson2HttpMessageConverter@74bcb39b]
2017-12-20 16:14:18.200 DEBUG 10100 --- [nio-8081-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed

网上找了很久都没有解决,有研究过的大神指教一下

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

4条回答

  • carry_zuo carry_zuo 3年前

    问题解决了,是因为我使用内存存储token,但是资源服务器和认证服务器各自创建了tokenstore实例,导致使用认证服务器获取的token在资源服务器无法获取,换成redis存储就对了

    点赞 1 评论 复制链接分享
  • lihongbiao0610 lihongbiao0610 4年前

    debug信息不一定是错误

    点赞 评论 复制链接分享
  • caozhy 从今以后生命中的每一秒都属于我爱的人 4年前
    点赞 评论 复制链接分享
  • u011489205 ai2018 4年前


    I solved the issue! I was missing the Resource Server which handles the requests for user endpoint (user-info-uri). To the Authorization Provider application I added this class:

    I solved the issue! I was missing the Resource Server which handles the requests for user endpoint (user-info-uri). To the Authorization Provider application I added this class:

    @Configuration
    @EnableResourceServer
    public class ResourceServer
            extends ResourceServerConfigurerAdapter {
        @Override
        public void configure(HttpSecurity http) throws Exception {
            http
                .antMatcher("/me")
                .authorizeRequests().anyRequest().authenticated();
        }
    }
    
    点赞 评论 复制链接分享

相关推荐