登录
当前位置: 首页 > 知识库问答 >
问题:

Spring授权服务器-客户端凭据流-在POST to/oauth2/token上未创建会话

楚宪
2023-03-14

我正在使用一个简单的应用程序测试SpringAuthorizationServer0.2.1,该应用程序使用REST控制器在GET(“/message”)上返回字符串。

带有基本Auth头的POST to“/oauth2/token”将成功检索JWT令牌,但当客户端使用该令牌时,应用程序将以403禁止回复。

流程如下所示:

  1. 后 /oauth2/token
  2. 响应200 OK withaccess_token_a
  3. 获得 /message与授权:承载account_token_a
  4. 响应403禁止
  5. 后 /oauth2/token
  6. 响应200 OK withaccess_token_b
  7. 获得 /message与授权:承载account_token_b
  8. 响应200好与身体你好有

检查日志,我可以看到,在获得access_token(1)的第一个POST中,没有创建HTTP会话,因此SecurityContext没有存储在会话中。

2022-01-10 15:27:53.971 DEBUG 25384 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Securing POST /oauth2/token
2022-01-10 15:27:53.973 TRACE 25384 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (1/20)
2022-01-10 15:27:53.979 TRACE 25384 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking SecurityContextPersistenceFilter (2/20)
2022-01-10 15:27:53.980 TRACE 25384 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2022-01-10 15:27:53.981 TRACE 25384 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : Created SecurityContextImpl [Null authentication]
2022-01-10 15:27:53.983 DEBUG 25384 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2022-01-10 15:27:53.984 TRACE 25384 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (3/20)
2022-01-10 15:27:53.984 TRACE 25384 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (4/20)
2022-01-10 15:27:53.986 TRACE 25384 --- [nio-8080-exec-1] o.s.security.web.csrf.CsrfFilter         : Did not protect against CSRF since request did not match And [CsrfNotRequired [TRACE, HEAD, GET, OPTIONS], Not [Or [org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer$$Lambda$603/0x000000080043d040@3811510]]]
2022-01-10 15:27:53.986 TRACE 25384 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (5/20)
2022-01-10 15:27:53.987 TRACE 25384 --- [nio-8080-exec-1] o.s.s.w.a.logout.LogoutFilter            : Did not match request to Ant [pattern='/logout', POST]
2022-01-10 15:27:53.987 TRACE 25384 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationEndpointFilter (6/20)
2022-01-10 15:27:53.987 TRACE 25384 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking OidcProviderConfigurationEndpointFilter (7/20)
2022-01-10 15:27:53.987 TRACE 25384 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking NimbusJwkSetEndpointFilter (8/20)
2022-01-10 15:27:53.987 TRACE 25384 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationServerMetadataEndpointFilter (9/20)
2022-01-10 15:27:53.988 TRACE 25384 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking OAuth2ClientAuthenticationFilter (10/20)
2022-01-10 15:27:53.991 TRACE 25384 --- [nio-8080-exec-1] o.s.s.authentication.ProviderManager     : Authenticating request with OAuth2ClientAuthenticationProvider (1/9)
2022-01-10 15:27:53.991 TRACE 25384 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (11/20)
2022-01-10 15:27:53.991 TRACE 25384 --- [nio-8080-exec-1] o.s.s.w.s.HttpSessionRequestCache        : No saved request
2022-01-10 15:27:53.991 TRACE 25384 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (12/20)
2022-01-10 15:27:53.993 TRACE 25384 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking AnonymousAuthenticationFilter (13/20)
2022-01-10 15:27:53.993 TRACE 25384 --- [nio-8080-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter  : Did not set SecurityContextHolder since already authenticated OAuth2ClientAuthenticationToken [Principal=prometheus-client, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=10.20.1.192, SessionId=null], Granted Authorities=[]]
2022-01-10 15:27:53.993 TRACE 25384 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking SessionManagementFilter (14/20)
2022-01-10 15:27:53.993 TRACE 25384 --- [nio-8080-exec-1] s.CompositeSessionAuthenticationStrategy : Preparing session with ChangeSessionIdAuthenticationStrategy (1/2)
2022-01-10 15:27:53.994 TRACE 25384 --- [nio-8080-exec-1] s.CompositeSessionAuthenticationStrategy : Preparing session with CsrfAuthenticationStrategy (2/2)
2022-01-10 15:27:53.997 TRACE 25384 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (15/20)
2022-01-10 15:27:53.997 TRACE 25384 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking FilterSecurityInterceptor (16/20)
2022-01-10 15:27:53.997 TRACE 25384 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor    : Did not re-authenticate OAuth2ClientAuthenticationToken [Principal=prometheus-client, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=10.20.1.192, SessionId=null], Granted Authorities=[]] before authorizing
2022-01-10 15:27:53.998 TRACE 25384 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor    : Authorizing filter invocation [POST /oauth2/token] with attributes [authenticated]
2022-01-10 15:27:54.003 DEBUG 25384 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor    : Authorized filter invocation [POST /oauth2/token] with attributes [authenticated]
2022-01-10 15:27:54.004 TRACE 25384 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor    : Did not switch RunAs authentication since RunAsManager returned null
2022-01-10 15:27:54.004 TRACE 25384 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Invoking OAuth2TokenEndpointFilter (17/20)
2022-01-10 15:27:54.010 TRACE 25384 --- [nio-8080-exec-1] o.s.s.authentication.ProviderManager     : Authenticating request with OAuth2ClientCredentialsAuthenticationProvider (1/9)
2022-01-10 15:27:54.147 TRACE 25384 --- [nio-8080-exec-1] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match request to [Is Secure]
2022-01-10 15:27:54.152 DEBUG 25384 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request

HTTP会话将在GET请求(3)上创建,但找不到SecurityContext,因此请求将失败,403禁止

2022-01-10 15:27:59.854 DEBUG 25384 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy        : Securing GET /message
2022-01-10 15:27:59.855 TRACE 25384 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (1/11)
2022-01-10 15:27:59.855 TRACE 25384 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy        : Invoking SecurityContextPersistenceFilter (2/11)
2022-01-10 15:27:59.876 DEBUG 25384 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : Created session FC68E4563F8E775A591D1632F2C7456E eagerly
2022-01-10 15:27:59.876 TRACE 25384 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Did not find SecurityContext in HttpSession FC68E4563F8E775A591D1632F2C7456E using the SPRING_SECURITY_CONTEXT session attribute
2022-01-10 15:27:59.876 TRACE 25384 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Created SecurityContextImpl [Null authentication]
2022-01-10 15:27:59.876 DEBUG 25384 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2022-01-10 15:27:59.876 TRACE 25384 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (3/11)
2022-01-10 15:27:59.876 TRACE 25384 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (4/11)
2022-01-10 15:27:59.876 TRACE 25384 --- [nio-8080-exec-2] o.s.security.web.csrf.CsrfFilter         : Did not protect against CSRF since request did not match CsrfNotRequired [TRACE, HEAD, GET, OPTIONS]
2022-01-10 15:27:59.877 TRACE 25384 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (5/11)
2022-01-10 15:27:59.877 TRACE 25384 --- [nio-8080-exec-2] o.s.s.w.a.logout.LogoutFilter            : Did not match request to Ant [pattern='/logout', POST]
2022-01-10 15:27:59.877 TRACE 25384 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (6/11)
2022-01-10 15:27:59.877 TRACE 25384 --- [nio-8080-exec-2] o.s.s.w.s.HttpSessionRequestCache        : No saved request
2022-01-10 15:27:59.877 TRACE 25384 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (7/11)
2022-01-10 15:27:59.877 TRACE 25384 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy        : Invoking AnonymousAuthenticationFilter (8/11)
2022-01-10 15:27:59.877 TRACE 25384 --- [nio-8080-exec-2] o.s.s.w.a.AnonymousAuthenticationFilter  : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=10.20.1.192, SessionId=FC68E4563F8E775A591D1632F2C7456E], Granted Authorities=[ROLE_ANONYMOUS]]
2022-01-10 15:27:59.878 TRACE 25384 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy        : Invoking SessionManagementFilter (9/11)
2022-01-10 15:27:59.878 DEBUG 25384 --- [nio-8080-exec-2] o.s.s.w.session.SessionManagementFilter  : Request requested invalid session id A75734F37AD5AA7C76AA39F041B1C505
2022-01-10 15:27:59.878 TRACE 25384 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (10/11)
2022-01-10 15:27:59.878 TRACE 25384 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy        : Invoking AuthorizationFilter (11/11)
2022-01-10 15:27:59.880 TRACE 25384 --- [nio-8080-exec-2] estMatcherDelegatingAuthorizationManager : Authorizing SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@764a97f0]
2022-01-10 15:27:59.880 TRACE 25384 --- [nio-8080-exec-2] estMatcherDelegatingAuthorizationManager : Checking authorization on SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@764a97f0] using org.springframework.security.authorization.AuthenticatedAuthorizationManager@a2fdca
2022-01-10 15:27:59.889 TRACE 25384 --- [nio-8080-exec-2] o.s.s.w.a.ExceptionTranslationFilter     : Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=10.20.1.192, SessionId=FC68E4563F8E775A591D1632F2C7456E], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied

org.springframework.security.access.AccessDeniedException: Access Denied
    at org.springframework.security.authorization.AuthorizationManager.verify(AuthorizationManager.java:44) ~[spring-security-core-5.6.1.jar:5.6.1]
    at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilterInternal(AuthorizationFilter.java:57) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.14.jar:5.3.14]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:149) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.14.jar:5.3.14]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.14.jar:5.3.14]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.14.jar:5.3.14]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354) ~[spring-web-5.3.14.jar:5.3.14]
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267) ~[spring-web-5.3.14.jar:5.3.14]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.3.14.jar:5.3.14]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.14.jar:5.3.14]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
    at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.3.14.jar:5.3.14]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.14.jar:5.3.14]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.3.14.jar:5.3.14]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.14.jar:5.3.14]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:382) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:895) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1732) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
    at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
    at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
    at java.base/java.lang.Thread.run(Thread.java:829) ~[na:na]

2022-01-10 15:27:59.898 DEBUG 25384 --- [nio-8080-exec-2] o.s.s.w.s.HttpSessionRequestCache        : Saved request http://10.20.1.192:8080/message to session
2022-01-10 15:27:59.898 DEBUG 25384 --- [nio-8080-exec-2] o.s.s.w.a.Http403ForbiddenEntryPoint     : Pre-authenticated entry point called. Rejecting access
2022-01-10 15:27:59.898 TRACE 25384 --- [nio-8080-exec-2] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match request to [Is Secure]
2022-01-10 15:27:59.898 DEBUG 25384 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-01-10 15:27:59.898 DEBUG 25384 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-01-10 15:27:59.898 DEBUG 25384 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request

在获取新JWT令牌(5)的第二篇文章中,存在HTTP会话,因此SecurityContext将保存在那里,并在以后重新使用。因此,GET请求(7)将成功。

2022-01-10 15:28:08.152 DEBUG 25384 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : Securing POST /oauth2/token
2022-01-10 15:28:08.152 TRACE 25384 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (1/20)
2022-01-10 15:28:08.152 TRACE 25384 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : Invoking SecurityContextPersistenceFilter (2/20)
2022-01-10 15:28:08.153 TRACE 25384 --- [nio-8080-exec-3] w.c.HttpSessionSecurityContextRepository : Did not find SecurityContext in HttpSession FC68E4563F8E775A591D1632F2C7456E using the SPRING_SECURITY_CONTEXT session attribute
2022-01-10 15:28:08.153 TRACE 25384 --- [nio-8080-exec-3] w.c.HttpSessionSecurityContextRepository : Created SecurityContextImpl [Null authentication]
2022-01-10 15:28:08.153 DEBUG 25384 --- [nio-8080-exec-3] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2022-01-10 15:28:08.153 TRACE 25384 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (3/20)
2022-01-10 15:28:08.153 TRACE 25384 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (4/20)
2022-01-10 15:28:08.153 TRACE 25384 --- [nio-8080-exec-3] o.s.security.web.csrf.CsrfFilter         : Did not protect against CSRF since request did not match And [CsrfNotRequired [TRACE, HEAD, GET, OPTIONS], Not [Or [org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.OAuth2AuthorizationServerConfigurer$$Lambda$603/0x000000080043d040@3811510]]]
2022-01-10 15:28:08.153 TRACE 25384 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (5/20)
2022-01-10 15:28:08.153 TRACE 25384 --- [nio-8080-exec-3] o.s.s.w.a.logout.LogoutFilter            : Did not match request to Ant [pattern='/logout', POST]
2022-01-10 15:28:08.154 TRACE 25384 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationEndpointFilter (6/20)
2022-01-10 15:28:08.154 TRACE 25384 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : Invoking OidcProviderConfigurationEndpointFilter (7/20)
2022-01-10 15:28:08.154 TRACE 25384 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : Invoking NimbusJwkSetEndpointFilter (8/20)
2022-01-10 15:28:08.154 TRACE 25384 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationServerMetadataEndpointFilter (9/20)
2022-01-10 15:28:08.154 TRACE 25384 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : Invoking OAuth2ClientAuthenticationFilter (10/20)
2022-01-10 15:28:08.155 TRACE 25384 --- [nio-8080-exec-3] o.s.s.authentication.ProviderManager     : Authenticating request with OAuth2ClientAuthenticationProvider (1/9)
2022-01-10 15:28:08.155 TRACE 25384 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (11/20)
2022-01-10 15:28:08.155 TRACE 25384 --- [nio-8080-exec-3] o.s.s.w.s.HttpSessionRequestCache        : Did not match request /oauth2/token to the saved one DefaultSavedRequest [http://10.20.1.192:8080/message]
2022-01-10 15:28:08.155 TRACE 25384 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (12/20)
2022-01-10 15:28:08.155 TRACE 25384 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : Invoking AnonymousAuthenticationFilter (13/20)
2022-01-10 15:28:08.155 TRACE 25384 --- [nio-8080-exec-3] o.s.s.w.a.AnonymousAuthenticationFilter  : Did not set SecurityContextHolder since already authenticated OAuth2ClientAuthenticationToken [Principal=prometheus-client, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=10.20.1.192, SessionId=FC68E4563F8E775A591D1632F2C7456E], Granted Authorities=[]]
2022-01-10 15:28:08.155 TRACE 25384 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : Invoking SessionManagementFilter (14/20)
2022-01-10 15:28:08.155 TRACE 25384 --- [nio-8080-exec-3] s.CompositeSessionAuthenticationStrategy : Preparing session with ChangeSessionIdAuthenticationStrategy (1/2)
2022-01-10 15:28:08.156 DEBUG 25384 --- [nio-8080-exec-3] .s.ChangeSessionIdAuthenticationStrategy : Changed session id from FC68E4563F8E775A591D1632F2C7456E
2022-01-10 15:28:08.158 TRACE 25384 --- [nio-8080-exec-3] s.CompositeSessionAuthenticationStrategy : Preparing session with CsrfAuthenticationStrategy (2/2)
2022-01-10 15:28:08.159 DEBUG 25384 --- [nio-8080-exec-3] w.c.HttpSessionSecurityContextRepository : Stored SecurityContextImpl [Authentication=OAuth2ClientAuthenticationToken [Principal=prometheus-client, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=10.20.1.192, SessionId=FC68E4563F8E775A591D1632F2C7456E], Granted Authorities=[]]] to HttpSession [org.apache.catalina.session.StandardSessionFacade@7f25256d]
2022-01-10 15:28:08.159 TRACE 25384 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (15/20)
2022-01-10 15:28:08.159 TRACE 25384 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : Invoking FilterSecurityInterceptor (16/20)
2022-01-10 15:28:08.159 TRACE 25384 --- [nio-8080-exec-3] o.s.s.w.a.i.FilterSecurityInterceptor    : Did not re-authenticate OAuth2ClientAuthenticationToken [Principal=prometheus-client, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=10.20.1.192, SessionId=FC68E4563F8E775A591D1632F2C7456E], Granted Authorities=[]] before authorizing
2022-01-10 15:28:08.159 TRACE 25384 --- [nio-8080-exec-3] o.s.s.w.a.i.FilterSecurityInterceptor    : Authorizing filter invocation [POST /oauth2/token] with attributes [authenticated]
2022-01-10 15:28:08.160 DEBUG 25384 --- [nio-8080-exec-3] o.s.s.w.a.i.FilterSecurityInterceptor    : Authorized filter invocation [POST /oauth2/token] with attributes [authenticated]
2022-01-10 15:28:08.160 TRACE 25384 --- [nio-8080-exec-3] o.s.s.w.a.i.FilterSecurityInterceptor    : Did not switch RunAs authentication since RunAsManager returned null
2022-01-10 15:28:08.160 TRACE 25384 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : Invoking OAuth2TokenEndpointFilter (17/20)
2022-01-10 15:28:08.160 TRACE 25384 --- [nio-8080-exec-3] o.s.s.authentication.ProviderManager     : Authenticating request with OAuth2ClientCredentialsAuthenticationProvider (1/9)
2022-01-10 15:28:08.181 TRACE 25384 --- [nio-8080-exec-3] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match request to [Is Secure]
2022-01-10 15:28:08.182 DEBUG 25384 --- [nio-8080-exec-3] w.c.HttpSessionSecurityContextRepository : Stored SecurityContextImpl [Authentication=OAuth2ClientAuthenticationToken [Principal=prometheus-client, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=10.20.1.192, SessionId=FC68E4563F8E775A591D1632F2C7456E], Granted Authorities=[]]] to HttpSession [org.apache.catalina.session.StandardSessionFacade@7f25256d]
2022-01-10 15:28:08.182 DEBUG 25384 --- [nio-8080-exec-3] w.c.HttpSessionSecurityContextRepository : Stored SecurityContextImpl [Authentication=OAuth2ClientAuthenticationToken [Principal=prometheus-client, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=10.20.1.192, SessionId=FC68E4563F8E775A591D1632F2C7456E], Granted Authorities=[]]] to HttpSession [org.apache.catalina.session.StandardSessionFacade@7f25256d]
2022-01-10 15:28:08.182 DEBUG 25384 --- [nio-8080-exec-3] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request

我使用配置https://github.com/spring-projects/spring-security-samples/blob/main/servlet/spring-boot/java/oauth2/authorization-server/src/main/java/example/OAuth2AuthorizationServerSecurityConfiguration.java但禁用登录页面。

这是一个错误还是配置有问题?

谢谢

共有1个答案

戚建德
2023-03-14

由于您使用的是客户端\u凭据,因此不应依赖会话。您也不需要禁用formLogin()的第二个筛选器链。

在调查您的示例时,您似乎正在尝试在授权服务器中包含资源服务器(简单的控制器)。这是一个不正确的设置。它应该是一个单独部署的应用程序,并正确配置为资源服务器,如项目中提供的示例所示。

 类似资料:
  • Spring Oauth2授权服务器

    我在下面设置Spring配置: 和Maven设置如下:

  • Spring Boot+Oauth2客户端凭据

    顺便说一句,这些微服务只会通过中间件层互相交谈,我的意思是不需要用户凭据来允许授权(用户登录过程如Facebook)。 我在Internet上寻找了一些示例,展示了如何创建一个授权和资源服务器来管理这种通信。然而,我只是找到了一些例子,解释了如何使用用户凭据(三条腿)来实现它。 有没有人有在Spring Boot和Oauth2中如何做的样例?如果有可能提供更多关于所用范围的详细信息,令牌交换将不胜

  • Spotify WebAPI授权-客户端凭据流错误invalid_client

    直截了当的问题,希望有一个直截了当的答案。我试图使用request通过Node.js实现客户端凭证流。这是我的代码 无论我做什么,响应体总是 我尝试过使用 curl 提出请求,结果相同。 这意味着这是凭据的问题。我肯定为我的应用程序使用了正确的客户端ID和客户端秘密,这让我相信是编码导致了问题。 我的编码正确吗?如果是这样,还有什么原因呢?

  • 了解OAuth2客户端凭据流程

    问题内容: 我正在尝试了解和实现新的REST服务器与现有的客户端应用程序之间的客户端凭证流。我已经像这样设置了spring-security OAuth2 。从到目前为止的理解来看,我的服务器现在应该支持以下请求: 但我明白了 由引起的是这里(弹簧安全码): 看来,我需要首先 针对服务器 进行 身份验证 。但这 不是我想做的 。我希望我的两个服务器使用共享密钥相互通信。OAuth提供者服务器应应请

  • Spring Oauth2客户机凭据流示例

    我试图使用spring OAuth2在Spring Boot服务中实现服务到服务的安全性。我希望一个服务访问另一个服务的安全资源,而不涉及任何用户操作。 我可以设置auth服务器并使用curl请求获取令牌。我发现的测试使用Http对象来检查状态代码。 如何在具有RestTemplate和spring OAuth2的java客户机中使用客户机凭据授权类型? 我想它一定像添加一个依赖项、一个注释和一个

  • 数据库中的oAuth2客户端未授权错误

    我的应用程序中出现“未授权”错误。我使用的是Spring Security和oauth2。我的客户端和用户存储在数据库中。当我开始使用数据库中的客户端时,PostMan中出现了错误401。客户端正在保存到数据库中,但当我想从localhost:8080/oauth/token获取令牌访问时,仍然出现错误。以下是我的来源: 授权服务器配置: public class AuthorizationSer

相关问答

数据库中的oAuth2客户端未授权错误OAuth2:使用JWT客户端身份验证,JWT授权授权和客户端凭据授权之间有什么区别?调用spring授权服务器OAuth2 RESTendpointSpring OAuth2-客户端凭据授予类型中的用户信息Keycloak spring security客户端凭据授予

相关文章

如何从OAuth2授权服务器/用户端点获取自定义用户信息同步客户端-服务器数据库mysql5.7创建用户授权删除用户撤销授权客户端/服务器不接受ObjectInput和Output流授权给Google客户

相关阅读

蚂蚁金服客户端一面服务器端攻击Zookeeper客户端QQ浏览器-客户端-一面QQ浏览器-客户端-二面

相关工具

移动短信Cmpp服务端,客户端上海财经iPhone客户端Instagram客户端OSCHINA WP7 客户端Socket.IO iOS 客户端

相关文档

Windows 授权管理器Seafile 服务器用户手册小米数据流服务 MDS 文档Vue.js 服务器端渲染指南用 Jersey 构建 RESTful 服务
快捷导航: 新手教程 算法原理 架构设计 Java进阶 数据库进阶 大厂专栏 面试经验 编程笔记 编程问答 所有专题 文档资料 工具软件 电子书籍 小牛导航
在线工具: 房贷计算器 个税计算器 Linux命令查询 Json格式化 正则表达式 颜色转换 AES加解密 SHA1加密 MD5加密 毒鸡汤 字数统计 随机密码生成 进制转换 Base64编解码 励志句子
Copyright © 2019-2024 小牛知识库@xnip.cn. All Rights Reserved.