BadCredentialsException:无法在GAE上获取具有Spring启动安全性Oauth2的访问令牌

时间:2017-08-27 19:15:02

标签: google-app-engine spring-boot spring-security kotlin spring-oauth2

我目前正在使用spring boot开发一个小型Web应用程序。我想使用谷歌oauth2登录我的用户。所有这些都像我的计算机上的localhost中的魅力一样,但当我在GAE中部署我的应用程序时,我收到错误。

这是我从GAE上的dev服务器获得的错误堆栈。我想生产模式中的错误是相同的。

[INFO] 2017-08-27 17:02:31.290 DEBUG 630 --- [tp1134612201-18] g.c.AuthorizationCodeAccessTokenProvider : Retrieving token from https://www.googleapis.com/oauth2/v4/token
[INFO] 2017-08-27 17:02:31.565 DEBUG 630 --- [tp1134612201-18] o.s.web.client.RestTemplate              : Created POST request for "https://www.googleapis.com/oauth2/v4/token"
[INFO] 2017-08-27 17:02:31.566 DEBUG 630 --- [tp1134612201-18] g.c.AuthorizationCodeAccessTokenProvider : Encoding and sending form: {grant_type=[authorization_code], code=[4/PmvPPmFGQF0PamafaItFDiqKT_RwZN4RkdoydpxOTD4], redirect_uri=[https://127.0.0.1:8080/login], client_id=[XXX], client_secret=[YYY]}
[INFO] 2017-08-27 17:02:32.905 DEBUG 630 --- [tp1134612201-18] o.s.web.client.RestTemplate              : POST request for "https://www.googleapis.com/oauth2/v4/token" resulted in 400 (OK); invoking error handler
[INFO] 2017-08-27 17:02:33.343 DEBUG 630 --- [tp1134612201-18] o.s.b.f.s.DefaultListableBeanFactory     : Returning cached instance of singleton bean 'delegatingApplicationListener'
[INFO] 2017-08-27 17:02:33.381 DEBUG 630 --- [tp1134612201-18] uth2ClientAuthenticationProcessingFilter : Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Could not obtain access token
[INFO]
[INFO] org.springframework.security.authentication.BadCredentialsException: Could not obtain access token
[INFO]  at org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter.attemptAuthentication(OAuth2ClientAuthenticationProcessingFilter.java:107)
[INFO]  at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
[INFO]  at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
[INFO]  at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
[INFO]  at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
[INFO]  at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100)
[INFO]  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
[INFO]  at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
[INFO]  at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
[INFO]  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
[INFO]  at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
[INFO]  at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
[INFO]  at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
[INFO]  at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
[INFO]  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
[INFO]  at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
[INFO]  at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
[INFO]  at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
[INFO]  at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
[INFO]  at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
[INFO]  at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
[INFO]  at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
[INFO]  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
[INFO]  at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
[INFO]  at org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter.doFilter(OAuth2ClientContextFilter.java:60)
[INFO]  at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
[INFO]  at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:105)
[INFO]  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
[INFO]  at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
[INFO]  at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
[INFO]  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
[INFO]  at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
[INFO]  at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
[INFO]  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
[INFO]  at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
[INFO]  at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:115)
[INFO]  at org.springframework.boot.web.support.ErrorPageFilter.access$000(ErrorPageFilter.java:59)
[INFO]  at org.springframework.boot.web.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:90)
[INFO]  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
[INFO]  at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:108)
[INFO]  at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
[INFO]  at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582)
[INFO]  at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
[INFO]  at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
[INFO]  at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
[INFO]  at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)
[INFO]  at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512)
[INFO]  at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
[INFO]  at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)
[INFO]  at com.google.appengine.tools.development.jetty9.DevAppEngineWebAppContext.doScope(DevAppEngineWebAppContext.java:94)
[INFO]  at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
[INFO]  at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
[INFO]  at com.google.appengine.tools.development.jetty9.JettyContainerService$ApiProxyHandler.handle(JettyContainerService.java:597)
[INFO]  at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
[INFO]  at org.eclipse.jetty.server.Server.handle(Server.java:534)
[INFO]  at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320)
[INFO]  at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)
[INFO]  at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283)
[INFO]  at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108)
[INFO]  at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)
[INFO]  at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)
[INFO]  at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
[INFO]  at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
[INFO]  at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)
[INFO]  at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
[INFO]  at java.lang.Thread.run(Thread.java:748)
[INFO] Caused by: org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException: Access token denied.
[INFO]  at org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport.retrieveToken(OAuth2AccessTokenSupport.java:142)
[INFO]  at org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider.obtainAccessToken(AuthorizationCodeAccessTokenProvider.java:209)
[INFO]  at org.springframework.security.oauth2.client.OAuth2RestTemplate.acquireAccessToken(OAuth2RestTemplate.java:221)
[INFO]  at org.springframework.security.oauth2.client.OAuth2RestTemplate.getAccessToken(OAuth2RestTemplate.java:173)
[INFO]  at org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter.attemptAuthentication(OAuth2ClientAuthenticationProcessingFilter.java:105)
[INFO]  ... 65 common frames omitted
[INFO] Caused by: org.springframework.security.oauth2.common.exceptions.RedirectMismatchException: Bad Request
[INFO]  at org.springframework.security.oauth2.common.exceptions.OAuth2ExceptionJackson2Deserializer.deserialize(OAuth2ExceptionJackson2Deserializer.java:103)
[INFO]  at org.springframework.security.oauth2.common.exceptions.OAuth2ExceptionJackson2Deserializer.deserialize(OAuth2ExceptionJackson2Deserializer.java:33)
[INFO]  at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:3798)
[INFO]  at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2922)
[INFO]  at org.springframework.http.converter.json.AbstractJackson2HttpMessageConverter.readJavaType(AbstractJackson2HttpMessageConverter.java:237)
[INFO]  at org.springframework.http.converter.json.AbstractJackson2HttpMessageConverter.readInternal(AbstractJackson2HttpMessageConverter.java:217)
[INFO]  at org.springframework.http.converter.AbstractHttpMessageConverter.read(AbstractHttpMessageConverter.java:193)
[INFO]  at org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport$AccessTokenErrorHandler.handleError(OAuth2AccessTokenSupport.java:235)
[INFO]  at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:700)
[INFO]  at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:653)
[INFO]  at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:621)
[INFO]  at org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport.retrieveToken(OAuth2AccessTokenSupport.java:137)
[INFO]  ... 69 common frames omitted

这是我的配置:

application.yml:

security:
  oauth2:
    client:
      clientId: XXXXX
      clientSecret: XXXXX
      accessTokenUri: https://www.googleapis.com/oauth2/v4/token
      userAuthorizationUri: https://accounts.google.com/o/oauth2/v2/auth
      clientAuthenticationScheme: form
      scope:
        - openid
        - email
        - profile
    resource:
      userInfoUri: https://www.googleapis.com/oauth2/v3/userinfo
      preferTokenInfo: true

Spring Security配置:

@Configuration
@EnableOAuth2Sso
@EnableWebSecurity
class WebSecurityConfig : WebSecurityConfigurerAdapter() {
    @Throws(Exception::class)
    override fun configure(http: HttpSecurity) {
        http
                .authorizeRequests()
                    .antMatchers("/", "/home", "/webjars/**", "/count", "/login")
                    .permitAll()
                .anyRequest()
                    .authenticated()
                .and()
                    .formLogin()
                    .loginPage("/login")
                    .permitAll()
                .and()
                    .logout()
                    .logoutUrl("/logout")
                    .logoutSuccessUrl("/")
                    .permitAll()
    }
}

MVC控制器:

@Configuration
class MvcConfiguration : WebMvcConfigurerAdapter() {

    override fun addViewControllers(registry: ViewControllerRegistry?) {
        super.addViewControllers(registry)
        registry?.addViewController("/home")?.setViewName("home");
        registry?.addViewController("/")?.setViewName("home");
        registry?.addViewController("/hello")?.setViewName("hello");
    }

}

我在google api控制台中设置的重定向页面是:https://my-awesome-app.appspot.com/login。当我在http://localhost:8080上进行测试时,一切正常。也许有ssl的东西?

顺便说一下,我正在使用kotlin。但它与Java非常相似

任何人都可以帮助我吗?

1 个答案:

答案 0 :(得分:0)

由于没有打印出完整的堆栈跟踪信息,因此很难找到正确的答案。

查看堆栈跟踪,发现一些关键错误:

[INFO] org.springframework.security.authentication.BadCredentialsException: Could not obtain access token
...
[INFO] Caused by: org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException: Access token denied.

这表明您的应用程序的OAuth客户端未经过正确的身份验证,或者您使用的凭据无效。

建议您不要使用自己的访问令牌和用户身份验证URI,而是使用Google Java API客户端,它会为您处理:

https://github.com/googleapis/google-api-java-client

我们有一些G Suite示例在此处显示OAuth流: https://github.com/gsuitedevs/java-samples

也许这个答案也可能有用: Get user info via Google API