我正在尝试运行Dave Syer(https://github.com/spring-cloud-samples/authserver和https://github.com/spring-cloud-samples/sso)编写的示例,而不使用JWT转换器(以及带证书的签名过程)。
当我按原样运行它时,样本工作正常,带有证书和密钥。但是当我删除所有证书和密钥时,我无法进行身份验证!
我修改了以下代码:
@Configuration
@ComponentScan
@EnableAutoConfiguration
@Controller
@SessionAttributes("authorizationRequest")
public class AuthserverApplication extends WebMvcConfigurerAdapter {
public static void main(String[] args) {
SpringApplication.run(AuthserverApplication.class, args);
}
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/login").setViewName("login");
registry.addViewController("/oauth/confirm_access").setViewName("authorize");
}
@Configuration
@Order(ManagementServerProperties.ACCESS_OVERRIDE_ORDER)
protected static class LoginConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin().loginPage("/login").permitAll().and().authorizeRequests()
.anyRequest().authenticated();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.parentAuthenticationManager(authenticationManager);
}
}
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
/*
@Bean
public JwtAccessTokenConverter jwtAccessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
KeyPair keyPair = new KeyStoreKeyFactory(
new ClassPathResource("keystore.jks"), "foobar".toCharArray())
.getKeyPair("test");
converter.setKeyPair(keyPair);
return converter;
}
*/
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("acme")
.secret("acmesecret")
.authorizedGrantTypes("authorization_code", "refresh_token", "password")
.scopes("openid")
.autoApprove(true);
;
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
//endpoints.authenticationManager(authenticationManager).accessTokenConverter(jwtAccessTokenConverter());
endpoints.authenticationManager(authenticationManager);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer)
throws Exception {
oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
}
}
}
application.properties:
server.contextPath=/uaa
security.user.password=password
security.ignored=/css/**,/js/**,/favicon.ico,/webjars/**
logging.level.org.springframework.security=DEBUG
以下是客户代码:
@Configuration
@ComponentScan
@EnableAutoConfiguration
@RestController
@RequestMapping("/dashboard")
public class SsoApplication {
@RequestMapping("/message")
public Map<String, Object> dashboard() {
return Collections.<String, Object> singletonMap("message", "Yay!");
}
@RequestMapping("/user")
public Principal user(Principal user) {
return user;
}
public static void main(String[] args) {
SpringApplication.run(SsoApplication.class, args);
}
@Controller
public static class LoginErrors {
@RequestMapping("/dashboard/login")
public String dashboard() {
return "redirect:/#/";
}
}
@Component
@EnableOAuth2Sso
public static class LoginConfigurer extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.antMatcher("/dashboard/**").authorizeRequests().anyRequest()
.authenticated().and().csrf()
.csrfTokenRepository(csrfTokenRepository()).and()
.addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
.logout().logoutUrl("/dashboard/logout").permitAll()
.logoutSuccessUrl("/");
}
private Filter csrfHeaderFilter() {
return new OncePerRequestFilter() {
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
CsrfToken csrf = (CsrfToken) request
.getAttribute(CsrfToken.class.getName());
if (csrf != null) {
Cookie cookie = new Cookie("XSRF-TOKEN",
csrf.getToken());
cookie.setPath("/");
response.addCookie(cookie);
}
filterChain.doFilter(request, response);
}
};
}
private CsrfTokenRepository csrfTokenRepository() {
HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
repository.setHeaderName("X-XSRF-TOKEN");
return repository;
}
}
}
application.yml:
debug:
server:
port: 9999
security:
user:
password: user
ignored: /,/favicon.ico,/index.html,/home.html,/dashboard.html,/js/**,/css/**,/webjars/**
sessions: ALWAYS
oauth2:
sso:
loginPath: /dashboard/login
management:
security:
role: HERO
logging:
level:
org.springframework.security: DEBUG
com.netflix.discovery: 'OFF'
---
spring:
profiles: default
security:
oauth2:
client:
accessTokenUri: http://localhost:8080/uaa/oauth/token
userAuthorizationUri: http://localhost:8080/uaa/oauth/authorize
clientId: acme
clientSecret: acmesecret
resource:
# jwt:
# keyValue: |
# -----BEGIN PUBLIC KEY-----
# MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGp/Q5lh0P8nPL21oMMrt2RrkT9AW5jgYwLfSUnJVc9G6uR3cXRRDCjHqWU5WYwivcF180A6CWp/ireQFFBNowgc5XaA0kPpzEtgsA5YsNX7iSnUibB004iBTfU9hZ2Rbsc8cWqynT0RyN4TP1RYVSeVKvMQk4GT1r7JCEC+TNu1ELmbNwMQyzKjsfBXyIOCFU/E94ktvsTZUHF4Oq44DBylCDsS1k7/sfZC2G5EU7Oz0mhG8+Uz6MSEQHtoIi6mc8u64Rwi3Z3tscuWG2ShtsUFuNSAFNkY7LkLn+/hxLCu2bNISMaESa8dG22CIMuIeRLVcAmEWEWH5EEforTg+QIDAQAB
# -----END PUBLIC KEY-----
id: openid
# serviceId: ${PREFIX:}resource
userInfoUri: http://localhost:8080/uaa/oauth/user
preferTokenInfo: false
当我运行它时,我收到一条“Whitelabel错误页面”,其中显示消息“无法从令牌获取用户详细信息。
Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.
Tue Aug 04 09:48:49 CEST 2015
There was an unexpected error (type=Unauthorized, status=401).
Authentication Failed: Could not obtain user details from token
控制台记录:
2015-08-04 09:48:04.998 DEBUG 15152 --- [nio-9999-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher:检查请求的匹配:'/';反对 '/' 2015-08-04 09:48:04.998 DEBUG 15152 --- [nio-9999-exec-1] o.s.security.web.FilterChainProxy:/有一个空的过滤列表
>2015-08-04 09:48:05.855 DEBUG 15152 --- [nio-9999-exec-5] o.s.b.a.e.mvc.EndpointHandlerMapping : Looking up handler method for path /home.html
>2015-08-04 09:48:05.855 DEBUG 15152 --- [nio-9999-exec-5] o.s.b.a.e.mvc.EndpointHandlerMapping : Did not find handler method for [/home.html]
>2015-08-04 09:48:05.858 DEBUG 15152 --- [nio-9999-exec-2] o.s.security.web.FilterChainProxy : /dashboard/user at position 6 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
>2015-08-04 09:48:05.858 DEBUG 15152 --- [nio-9999-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /dashboard/user' doesn't match 'POST /dashboard/logout
>2015-08-04 09:48:05.858 DEBUG 15152 --- [nio-9999-exec-2] o.s.security.web.FilterChainProxy : /dashboard/user at position 7 of 13 in additional filter chain; firing Filter: 'OAuth2ClientAuthenticationProcessingFilter'
>2015-08-04 09:48:05.858 DEBUG 15152 --- [nio-9999-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/dashboard/user'; against '/dashboard/login'
>2015-08-04 09:48:05.858 DEBUG 15152 --- [nio-9999-exec-2] o.s.security.web.FilterChainProxy : /dashboard/user at position 8 of 13 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
>2015-08-04 09:48:05.858 DEBUG 15152 --- [nio-9999-exec-2] o.s.security.web.FilterChainProxy : /dashboard/user at position 9 of 13 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
>2015-08-04 09:48:05.859 DEBUG 15152 --- [nio-9999-exec-2] o.s.security.web.FilterChainProxy : /dashboard/user at position 10 of 13 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
>2015-08-04 09:48:05.859 DEBUG 15152 --- [nio-9999-exec-2] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9056f12c: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 727CB5F626A106EBEDF8C86823DA98BA; Granted Authorities: ROLE_ANONYMOUS'
>2015-08-04 09:48:05.859 DEBUG 15152 --- [nio-9999-exec-2] o.s.security.web.FilterChainProxy : /dashboard/user at position 11 of 13 in additional filter chain; firing Filter: 'SessionManagementFilter'
>2015-08-04 09:48:05.859 DEBUG 15152 --- [nio-9999-exec-2] o.s.security.web.FilterChainProxy : /dashboard/user at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
>2015-08-04 09:48:05.859 DEBUG 15152 --- [nio-9999-exec-2] o.s.security.web.FilterChainProxy : /dashboard/user at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
>2015-08-04 09:48:05.859 DEBUG 15152 --- [nio-9999-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /dashboard/user' doesn't match 'POST /dashboard/logout
>2015-08-04 09:48:05.859 DEBUG 15152 --- [nio-9999-exec-2] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /dashboard/user; Attributes: [authenticated]
>2015-08-04 09:48:05.859 DEBUG 15152 --- [nio-9999-exec-2] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9056f12c: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 727CB5F626A106EBEDF8C86823DA98BA; Granted Authorities: ROLE_ANONYMOUS
>2015-08-04 09:48:05.859 DEBUG 15152 --- [nio-9999-exec-2] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@7f2b37fb, returned: -1
>2015-08-04 09:48:05.861 DEBUG 15152 --- [nio-9999-exec-2] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Tue Aug 04 09:48:05 CEST 2015, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={type=org.springframework.security.access.AccessDeniedException, message=Accès refusé}]
>2015-08-04 09:48:05.862 DEBUG 15152 --- [nio-9999-exec-2] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point
>org.springframework.security.access.AccessDeniedException: Accès refusé
>at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
>at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:232)
>at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123)
>at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)
>at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
>at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:122)
>at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
>at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:168)
>at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:48)
>at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:205)
>at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)
>at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>at demo.SsoApplication$LoginConfigurer$1.doFilterInternal(SsoApplication.java:91)
>at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
>at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:96)
>at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
>at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
>at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
>at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
>at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)
>at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
>at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
>at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
>at org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter.doFilter(OAuth2ClientContextFilter.java:60)
>at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77)
>at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
>at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:85)
>at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
>at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:69)
>at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
>at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
>at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668)
>at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1521)
>at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1478)
>at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>at java.lang.Thread.run(Thread.java:745)
>2015-08-04 09:48:05.864 DEBUG 15152 --- [nio-9999-exec-2] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using Ant [pattern='/**', GET]
>2015-08-04 09:48:05.864 DEBUG 15152 --- [nio-9999-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request '/dashboard/user' matched by universal pattern '/**'
>2015-08-04 09:48:05.864 DEBUG 15152 --- [nio-9999-exec-2] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern='/**/favicon.ico']]
>2015-08-04 09:48:05.864 DEBUG 15152 --- [nio-9999-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/dashboard/user'; against '/**/favicon.ico'
o.s.s.w.a.ExceptionTranslationFilter : Calling Authentication entry point.
w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@7067a19. A new one will be created.
>2015-08-04 09:48:06.108 DEBUG 15152 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy : /dashboard/login at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
>2015-08-04 09:48:06.108 DEBUG 15152 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy : /dashboard/login at position 5 of 13 in additional filter chain; firing Filter: ''
>2015-08-04 09:48:06.108 DEBUG 15152 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy : /dashboard/login at position 6 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
>2015-08-04 09:48:06.108 DEBUG 15152 --- [nio-9999-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /dashboard/login' doesn't match 'POST /dashboard/logout
>2015-08-04 09:48:06.109 DEBUG 15152 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy : /dashboard/login at position 7 of 13 in additional filter chain; firing Filter: 'OAuth2ClientAuthenticationProcessingFilter'
>2015-08-04 09:48:06.109 DEBUG 15152 --- [nio-9999-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/dashboard/login'; against '/dashboard/login'
>2015-08-04 09:48:06.109 DEBUG 15152 --- [nio-9999-exec-9] uth2ClientAuthenticationProcessingFilter : Request is to process authentication
>2015-08-04 09:48:06.110 DEBUG 15152 --- [nio-9999-exec-9] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
>2015-08-04 09:48:06.110 DEBUG 15152 --- [nio-9999-exec-9] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
>2015-08-04 09:48:06.110 DEBUG 15152 --- [nio-9999-exec-9] o.s.s.web.DefaultRedirectStrategy : Redirecting to 'http://localhost:8080/uaa/oauth/authorize?client_id=acme&redirect_uri=http://localhost:9999/dashboard/login&response_type=code&state=Q5u4sk'
>2015-08-04 09:48:27.258 DEBUG 15152 --- [io-9999-exec-10] o.s.security.web.FilterChainProxy : /dashboard/login at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
>2015-08-04 09:48:27.258 DEBUG 15152 --- [io-9999-exec-10] o.s.security.web.FilterChainProxy : /dashboard/login at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
>2015-08-04 09:48:27.258 DEBUG 15152 --- [io-9999-exec-10] w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
>2015-08-04 09:48:27.258 DEBUG 15152 --- [io-9999-exec-10] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@7067a19. A new one will be created.
>2015-08-04 09:48:27.258 DEBUG 15152 --- [io-9999-exec-10] o.s.security.web.FilterChainProxy : /dashboard/login at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
>2015-08-04 09:48:27.258 DEBUG 15152 --- [io-9999-exec-10] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@13e431af
>2015-08-04 09:48:27.258 DEBUG 15152 --- [io-9999-exec-10] o.s.security.web.FilterChainProxy : /dashboard/login at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
>2015-08-04 09:48:27.258 DEBUG 15152 --- [io-9999-exec-10] o.s.security.web.FilterChainProxy : /dashboard/login at position 5 of 13 in additional filter chain; firing Filter: ''
>2015-08-04 09:48:27.258 DEBUG 15152 --- [io-9999-exec-10] o.s.security.web.FilterChainProxy : /dashboard/login at position 6 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
>2015-08-04 09:48:27.258 DEBUG 15152 --- [io-9999-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /dashboard/login' doesn't match 'POST /dashboard/logout
>2015-08-04 09:48:27.258 DEBUG 15152 --- [io-9999-exec-10] o.s.security.web.FilterChainProxy : /dashboard/login at position 7 of 13 in additional filter chain; firing Filter: 'OAuth2ClientAuthenticationProcessingFilter'
>2015-08-04 09:48:27.258 DEBUG 15152 --- [io-9999-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/dashboard/login'; against '/dashboard/login'
>2015-08-04 09:48:27.258 DEBUG 15152 --- [io-9999-exec-10] uth2ClientAuthenticationProcessingFilter : Request is to process authentication
>2015-08-04 09:48:27.260 DEBUG 15152 --- [io-9999-exec-10] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
>2015-08-04 09:48:27.261 DEBUG 15152 --- [io-9999-exec-10] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
>2015-08-04 09:48:27.261 DEBUG 15152 --- [io-9999-exec-10] o.s.s.web.DefaultRedirectStrategy : Redirecting to 'http://localhost:8080/uaa/oauth/authorize?client_id=acme&redirect_uri=http://localhost:9999/dashboard/login&response_type=code&state=QT2drI'
>2015-08-04 09:48:49.878 DEBUG 15152 --- [nio-9999-exec-7] o.s.security.web.FilterChainProxy : /dashboard/login?code=oAbBeG&state=QT2drI at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
>2015-08-04 09:48:49.878 DEBUG 15152 --- [nio-9999-exec-7] o.s.security.web.FilterChainProxy : /dashboard/login?code=oAbBeG&state=QT2drI at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
>2015-08-04 09:48:49.878 DEBUG 15152 --- [nio-9999-exec-7] w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
>2015-08-04 09:48:49.878 DEBUG 15152 --- [nio-9999-exec-7] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@7067a19. A new one will be created.
>2015-08-04 09:48:49.878 DEBUG 15152 --- [nio-9999-exec-7] o.s.security.web.FilterChainProxy : /dashboard/login?code=oAbBeG&state=QT2drI at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
>2015-08-04 09:48:49.878 DEBUG 15152 --- [nio-9999-exec-7] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@13e431af
>2015-08-04 09:48:49.878 DEBUG 15152 --- [nio-9999-exec-7] o.s.security.web.FilterChainProxy : /dashboard/login?code=oAbBeG&state=QT2drI at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
>2015-08-04 09:48:49.878 DEBUG 15152 --- [nio-9999-exec-7] o.s.security.web.FilterChainProxy : /dashboard/login?code=oAbBeG&state=QT2drI at position 5 of 13 in additional filter chain; firing Filter: ''
>2015-08-04 09:48:49.879 DEBUG 15152 --- [nio-9999-exec-7] o.s.security.web.FilterChainProxy : /dashboard/login?code=oAbBeG&state=QT2drI at position 6 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
>2015-08-04 09:48:49.879 DEBUG 15152 --- [nio-9999-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /dashboard/login' doesn't match 'POST /dashboard/logout
>2015-08-04 09:48:49.879 DEBUG 15152 --- [nio-9999-exec-7] o.s.security.web.FilterChainProxy : /dashboard/login?code=oAbBeG&state=QT2drI at position 7 of 13 in additional filter chain; firing Filter: 'OAuth2ClientAuthenticationProcessingFilter'
>2015-08-04 09:48:49.879 DEBUG 15152 --- [nio-9999-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/dashboard/login'; against '/dashboard/login'
>2015-08-04 09:48:49.879 DEBUG 15152 --- [nio-9999-exec-7] uth2ClientAuthenticationProcessingFilter : Request is to process authentication
>2015-08-04 09:48:49.880 DEBUG 15152 --- [nio-9999-exec-7] g.c.AuthorizationCodeAccessTokenProvider : Retrieving token from http://localhost:8080/uaa/oauth/token
>2015-08-04 09:48:49.881 DEBUG 15152 --- [nio-9999-exec-7] g.c.AuthorizationCodeAccessTokenProvider : Encoding and sending form: {grant_type=[authorization_code], code=[oAbBeG], redirect_uri=[http://localhost:9999/dashboard/login]}
>2015-08-04 09:48:49.906 INFO 15152 --- [nio-9999-exec-7] o.s.b.a.s.o.r.UserInfoTokenServices : Getting user info from: http://localhost:8080/uaa/oauth/user
>2015-08-04 09:48:49.927 DEBUG 15152 --- [nio-9999-exec-7] o.s.s.oauth2.client.OAuth2RestTemplate : Created GET request for "http://localhost:8080/uaa/oauth/user"
>2015-08-04 09:48:49.928 DEBUG 15152 --- [nio-9999-exec-7] o.s.s.oauth2.client.OAuth2RestTemplate : Setting request Accept header to [application/json, application/*+json]
>2015-08-04 09:48:49.952 DEBUG 15152 --- [nio-9999-exec-7] o.s.s.oauth2.client.OAuth2RestTemplate : GET request for "http://localhost:8080/uaa/oauth/user" resulted in 200 (OK)
>2015-08-04 09:48:49.953 INFO 15152 --- [nio-9999-exec-7] o.s.b.a.s.o.r.UserInfoTokenServices : Could not fetch user details: class org.springframework.web.client.RestClientException, Could not extract response: no suitable HttpMessageConverter found for response type [interface java.util.Map] and content type [text/html;charset=UTF-8]
>2015-08-04 09:48:49.953 DEBUG 15152 --- [nio-9999-exec-7] o.s.b.a.s.o.r.UserInfoTokenServices : userinfo returned error: Could not fetch user details
>2015-08-04 09:48:49.953 DEBUG 15152 --- [nio-9999-exec-7] uth2ClientAuthenticationProcessingFilter : Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Could not obtain user details from token
>2015-08-04 09:48:49.953 DEBUG 15152 --- [nio-9999-exec-7] uth2ClientAuthenticationProcessingFilter : Updated SecurityContextHolder to contain null Authentication
>2015-08-04 09:48:49.953 DEBUG 15152 --- [nio-9999-exec-7] uth2ClientAuthenticationProcessingFilter : Delegating to authentication failure handler org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@44cb6589
>2015-08-04 09:48:49.953 DEBUG 15152 --- [nio-9999-exec-7] .a.SimpleUrlAuthenticationFailureHandler : No failure URL set, sending 401 Unauthorized error
>2015-08-04 09:48:49.953 DEBUG 15152 --- [nio-9999-exec-7] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
>2015-08-04 09:48:49.953 DEBUG 15152 --- [nio-9999-exec-7] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
>2015-08-04 09:48:49.954 DEBUG 15152 --- [nio-9999-exec-7] o.s.b.a.e.mvc.EndpointHandlerMapping : Looking up handler method for path /error
>2015-08-04 09:48:49.954 DEBUG 15152 --- [nio-9999-exec-7] o.s.b.a.e.mvc.EndpointHandlerMapping : Did not find handler method for [/error]
任何提示我做错了什么?
提前致谢
答案 0 :(得分:1)
日志显示您的用户信息终结点存在问题。 “http://localhost:8080/uaa/oauth/user”的GET请求成功但返回HTML(应为JSON)。