那些遇到过的问题

为什么我的 Spring OAuth2 服务器无法使用 SSL 自签名 ssl 工作?

And*_*ães 5 java ssl spring oauth spring-boot

我在我的应用程序上使用 OAuth 2.0。我有 2 个使用 Spring Boot 开发的应用程序,一个是使用 url https://192.168.1.30:2999/autenticador进行身份验证,第二个是客户端https://192.168.1.30:2901/

当我使用没有 SSL 的服务器http://192.168.1.30:2999/autenticadorhttps://192.168.1.30:2901/)时,授权成功。但是,当我使用自签名证书时,我遇到了问题,返回错误 401,未经授权,身份验证失败:无法获取访问令牌。我不知道它是如何以及为何发生的。

观察:该证书像受信任一样注册在我的计算机上,然后我看到地址栏呈绿色。

客户端:

@SpringBootApplication
@EnableOAuth2Sso
public class Application {
    public static void main(String[] args) throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException {
        SpringApplication.run(Application.class, args);
    }
}
Run Code Online (Sandbox Code Playgroud)

服务器上的 OAuth 2.0 配置:

@Configuration
@EnableAuthorizationServer
public class OAuthConfiguration extends AuthorizationServerConfigurerAdapter{
    @Autowired
    private AuthenticationManager authenticationManager;

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
         endpoints.authenticationManager(authenticationManager);
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
        .withClient("client")
        .authorizedGrantTypes("authorization_code")
        .scopes("read", "trust")
        .resourceIds("RESOURCE_ID")
        .secret("secret");
    }
}
Run Code Online (Sandbox Code Playgroud)

以下是客户端登录服务器成功后的日志:

  2016-06-06 16:47:27.376  DEBUG  [nio-2901-exec-4]  o.s.security.web.FilterChainProxy          / at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
  2016-06-06 16:47:27.377  DEBUG  [nio-2901-exec-4]  o.s.security.web.FilterChainProxy          / at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
  2016-06-06 16:47:27.378  DEBUG  [nio-2901-exec-4]  w.c.HttpSessionSecurityContextRepository   No HttpSession currently exists
  2016-06-06 16:47:27.378  DEBUG  [nio-2901-exec-4]  w.c.HttpSessionSecurityContextRepository   No SecurityContext was available from the HttpSession: null. A new one will be created.
  2016-06-06 16:47:27.381  DEBUG  [nio-2901-exec-4]  o.s.security.web.FilterChainProxy          / at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
  2016-06-06 16:47:27.382  DEBUG  [nio-2901-exec-4]  o.s.security.web.FilterChainProxy          / at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
  2016-06-06 16:47:27.383  DEBUG  [nio-2901-exec-4]  o.s.security.web.FilterChainProxy          / at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
  2016-06-06 16:47:27.383  DEBUG  [nio-2901-exec-4]  o.s.s.w.u.matcher.AntPathRequestMatcher    Request 'GET /' doesn't match 'POST /logout
  2016-06-06 16:47:27.383  DEBUG  [nio-2901-exec-4]  o.s.security.web.FilterChainProxy          / at position 6 of 12 in additional filter chain; firing Filter: 'OAuth2ClientAuthenticationProcessingFilter'
  2016-06-06 16:47:27.384  DEBUG  [nio-2901-exec-4]  o.s.s.w.u.matcher.AntPathRequestMatcher    Checking match of request : '/'; against '/login'
  2016-06-06 16:47:27.384  DEBUG  [nio-2901-exec-4]  o.s.security.web.FilterChainProxy          / at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
  2016-06-06 16:47:27.384  DEBUG  [nio-2901-exec-4]  o.s.security.web.FilterChainProxy          / at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
  2016-06-06 16:47:27.386  DEBUG  [nio-2901-exec-4]  o.s.security.web.FilterChainProxy          / at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
  2016-06-06 16:47:27.389  DEBUG  [nio-2901-exec-4]  o.s.s.w.a.AnonymousAuthenticationFilter    Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 192.168.1.30; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
  2016-06-06 16:47:27.389  DEBUG  [nio-2901-exec-4]  o.s.security.web.FilterChainProxy          / at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
  2016-06-06 16:47:27.389  DEBUG  [nio-2901-exec-4]  o.s.s.w.session.SessionManagementFilter    Requested session ID CBA2CC9F09D613F91D95FD4764E48A50 is invalid.
  2016-06-06 16:47:27.389  DEBUG  [nio-2901-exec-4]  o.s.security.web.FilterChainProxy          / at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
  2016-06-06 16:47:27.389  DEBUG  [nio-2901-exec-4]  o.s.security.web.FilterChainProxy          / at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
  2016-06-06 16:47:27.390  DEBUG  [nio-2901-exec-4]  o.s.s.w.a.i.FilterSecurityInterceptor      Secure object: FilterInvocation: URL: /; Attributes: [authenticated]
  2016-06-06 16:47:27.390  DEBUG  [nio-2901-exec-4]  o.s.s.w.a.i.FilterSecurityInterceptor      Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 192.168.1.30; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
  2016-06-06 16:47:27.399  DEBUG  [nio-2901-exec-4]  o.s.s.access.vote.AffirmativeBased         Voter: org.springframework.security.web.access.expression.WebExpressionVoter@3fcae110, returned: -1
  2016-06-06 16:47:27.404  DEBUG  [nio-2901-exec-4]  o.s.s.w.a.ExceptionTranslationFilter       Access is denied (user is anonymous); redirecting to authentication entry point

org.springframework.security.access.AccessDeniedException: Access is denied
Run Code Online (Sandbox Code Playgroud)

Zei*_*ist 0

您可以检查配置"spring-security.xml"并查看'requires-channel'属性吗set to https and not http如果没有,全部设置为https并尝试。

有关此问题的更多信息请参见此处。 http://docs.spring.io/spring-security/site/faq/faq.html#faq-tomcat-https-session

样本:

    <intercept-url pattern="/login.html" access="hasRole('ROLE_ANONYMOUS')" requires-channel="https"/>
    <intercept-url pattern="/resources/**" access="permitAll" requires-channel="https"/>
    <intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" requires-channel="https"/>
    <intercept-url pattern="/rest/**" access="hasRole('ROLE_USER')" requires-channel="https"/>
    <intercept-url pattern="/index" access="hasRole('ROLE_USER')" requires-channel="https"/>
    <intercept-url pattern="/upload/**" access="hasRole('ROLE_USER')" requires-channel="https"/>
Run Code Online (Sandbox Code Playgroud)

归档时间:

查看次数:

4829 次

最近记录:

9 年,8 月 前
相关归档
使hibernate忽略未映射的类变量 188
使用哪个@NonNull Java注释 64
java中try-catch和throw之间的区别 54
带弹簧启动的简单嵌入式Kafka测试示例 22
在 Spring Boot 3 中,如何通过常规 J​​VM 应用程序从 Spring AOT 中受益? 13
hibernate session.flush with spring @transactional 11
当请求正文未能通过使用 Bean Validation/Hibernate Validator 定义的验证时,如何返回自定义响应 pojo? 7
Spring RestTemplate (setBufferRequestBody as false) 不喜欢包含 InputStream 对象的 MultiValueMap 请求体 5
更改 websocket 范围(从应用程序到会话/视图) 5
多个事务管理器NoUniqueBeanDefinitionException 4
难疑归档
确定已安装的PowerShell版本 2543
原子和非原子属性之间有什么区别? 1828
你如何合并两个Git存储库? 1517
如何在Android应用程序中的活动之间传递数据? 1293
Git diff对付藏匿处 1265
在Python中使用大写字母和数字生成随机字符串 1247
在jQuery中序列化为JSON 1189
将ArrayList <String>转换为String []数组 1102
查找包含具有指定名称的列的所有表 - MS SQL Server 1090
如何在JavaScript中创建二维数组? 1081