den*_*izg 1 spring-security spring-security-oauth2 spring-cloud spring-oauth2 spring-cloud-gateway
我创建了三个应用程序“spring cloud gateway(8081)”、“spring oauth2 auth server(8094)”和“spring oauth2 Resource server(8097)”。
\n\n当我想请求资源服务器时,首先我需要请求 gw,它转发到 oauth 服务器,然后我登录那里(oauth 也有 spring 安全层)。成功登录后,它会重定向到后台 gw 服务器,例如http://localhost:8081/login/oauth2/code/gateway?code=6ldKVF&state=0WvvWdTs8G_XchSTQKqgokua_XDVQziqVZ_VXLMqIS0%3D url。然后,屏幕上发生错误。
\n\n当我在身份验证服务器成功登录时,网关服务器控制台中有一个跟踪日志:
\n\n\n\n\n2020-01-17 17:52:11.825 跟踪 11336 --- [ctor-http-nio-4]\n oshttp.codec.json.Jackson2JsonDecoder :[21762c89] 已解码\n [{access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOls ib2F1dGgyLXJlc291cmNlIl0sInVzZXJfbmFtZSI6ImRnIiwic2NvcGUIOlsiY3VzdG9tX21vZCJdLCJleHAiOjE1NzkyNzI3NDEsImF1dGhvcml0aWVzIjpbIlJPTEVfQURNSU4iXSwianRpIjoiowu zYzQ2YTQtMDJiZi00MTgwLTg1ZTktMGJhOTM0MjBhYjg4IiwiY2xpZW50X2lkIjoiZmlyc3QtY2xpZW50In0.xdWGm420tvp2Rzq0AyCgOTcDuKvP- V6JFd76KmJJf7o,\n token_type=承载,\n refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsib2F1dGgyLXJlc291cmNlIl0sInVzZXJfbmFtZSI6ImRnIiwic2NvcGUiOlsiY3Vz dG9tX21vZCJdLCJhdGkiOiI5ZTNjNDZhNC0wMmJmLTQxODAtODVLOS0wYmE5MzQyMGFiODgiLCJleHAiOjE1NzkyNzI3NTEsImF1dGhvcml0aWVzIjpbIlJPTEVfQURNSU4iXSwianRpIjoiYzeyNWexM2It MmMzYS00ZGM0LWJjODgtZDc4ZDk1ZTljNzQ5IiwiY2xpZW50X2lkIjoiZmlyc3QtY2xpZW50In0.KhRIy7wOH2IsswDZ_AIXVFdtu6JZqtiLBZGZIypeNRw,\n expires_in=9,scope=custom_mod,\n jti=9e3 c46a4-02bf-4180-85e9-0ba93420ab88}]
\n
当我解码以访问令牌 jwt 时,结果如下。
\n\n{\n"aud": [\n"oauth2-resource"\n],\n"user_name": "dg",\n"scope": [\n"custom_mod"\n],\n"exp": 1579272741,\n"authorities": [\n"ROLE_ADMIN"\n],\n"jti": "9e3c46a4-02bf-4180-85e9-0ba93420ab88",\n"client_id": "first-client"\n}\n我想,我缺少一些在网关服务器或 oauth 服务器中实现的部分,但我找不到。因为当我尝试使用 okta 而不是我的自定义身份验证服务器时,没有错误。
\n\n网关应用程序.properties
\n\nserver.port=8081\nspring.security.oauth2.client.registration.gateway.client-id=first-client\nspring.security.oauth2.client.registration.gateway.client-secret=noonewilleverguess\nspring.security.oauth2.client.registration.gateway.authorization-grant-type=authorization_code\nspring.security.oauth2.client.registration.gateway.redirect-uri={baseUrl}/login/oauth2/code/{registrationId}\n\nspring.security.oauth2.client.provider.gateway.authorization-uri=http://localhost:8094/oauth/authorize\nspring.security.oauth2.client.provider.gateway.token-uri=http://localhost:8094/oauth/token?scope=custom_mod\nspring.security.oauth2.client.provider.gateway.user-info-uri=http://localhost:8094/userinfo\nspring.security.oauth2.client.provider.gateway.user-name-attribute=name\n\nlogging.level.root=trace\n这是屏幕错误消息:
\n\n\n\n\n1 月 17 日星期五 17:28:11 EET 2020 [83c168ec] 出现意外错误\n(类型=内部服务器错误,状态=500)。找不到类的提供程序\n org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken
\n
这是控制台错误消息:
\n\n\n\n\n2020-01-17 17:40:27.204 错误 7180 --- [ctor-http-nio-2]\n awreAbstractErrorWebExceptionHandler : [93951d85] 500 服务器错误\n HTTP GET\n "/login/oauth2/code/gateway ?代码=n35lEN&状态=fZ94ZsZySnUwaG1vS32cX4sXU9KJ6aRm58twQMrR9sQ%3D”
\n\njava.lang.IllegalStateException:找不到类的提供者\n org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken\n at\n org.springframework.security.web.server.authentication.AuthenticationWebFilter.lambda$authenticate$5( AuthenticationWebFilter.java:118)\n ~[spring-security-web-5.2.1.RELEASE.jar:5.2.1.RELEASE] 已抑制:\nreactor.core.publisher.FluxOnAssembly$OnAssemblyException:已观察到错误\n在以下站点: |_ 检查点 \xe2\x87\xa2\n org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter\n [DefaultWebFilterChain] |_ 检查点 \xe2\x87\xa2 \n org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter\n [DefaultWebFilterChain] |_ 检查点 \xe2\x87\xa2\n org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter\n [DefaultWebFilterChain] |_ 检查点 \xe2\x87\xa2\n org.springframework.security.web.server.context.ReactorContextWebFilter\n [DefaultWebFilterChain] |_ 检查点 \xe2\x87\xa2\n org.springframework.security.web .server.csrf.CsrfWebFilter\n [DefaultWebFilterChain] |_ 检查点 \xe2\x87\xa2\n org.springframework.security.web.server.header.HttpHeaderWriterWebFilter\n [DefaultWebFilterChain] |_ 检查点 \xe2\x87\xa2\ n org.springframework.security.config.web.server.ServerHttpSecurity$ServerWebExchangeReactorContextWebFilter\n [DefaultWebFilterChain] |_ 检查点 \xe2\x87\xa2\n org.springframework.security.web.server.WebFilterChainProxy\n [DefaultWebFilterChain] |_检查点 \xe2\x87\xa2 HTTP GET\n "/login/oauth2/code/gateway?code=n35lEN&state=fZ94ZsZySnUwaG1vS32cX4sXU9KJ6aRm58twQMrR9sQ%3D"\n [ExceptionHandlingWebHandler] 堆栈跟踪:at\n org.springframework.security.web.server。 authentication.AuthenticationWebFilter.lambda$authenticate$5(AuthenticationWebFilter.java:118)\n ~[spring-security-web-5.2.1.RELEASE.jar:5.2.1.RELEASE] at\nreactor.core.publisher.MonoDefer。订阅(MonoDefer.java:44)\n ~[reactor-core-3.3.1.RELEASE.jar:3.3.1.RELEASE] at\nreactor.core.publisher.Mono.subscribe(Mono.java:4105)\ n ~[reactor-core-3.3.1.RELEASE.jar:3.3.1.RELEASE] at\nreactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:75)\n ~[reactor-core- 3.3.1.RELEASE.jar:3.3.1.RELEASE]
\n
编辑:缩短以理解问题。
\n小智 5
这个问题发布已经有一段时间了。但是,您有可能在没有相应的 jose 客户端的情况下导入 spring security oauth2 客户端。
所以你最好添加
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
| 归档时间: |
|
| 查看次数: |
4749 次 |
| 最近记录: |