我有以下安全xml for Spring(见下文)。在此示例中,我想使用OAuth2通过Facebook登录用户。大多数工作都有效 - 当用户试图访问受保护的URL时,它们会自动重定向到Facebook登录页面。成功登录后,Facebook会将其重定向到我的网络应用程序上的相应URI /authLogin
。但是抛出UserApprovalRequiredException
但没有处理它。我不明白,因为用户确实完成了登录过程,并且重定向中有code
值返回到我的应用程序。我也在下面列出了堆栈跟踪。谁能帮助我了解如何解决这个问题?
security.xml文件
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns:security="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-4.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd">
<context:property-placeholder location="classpath:/application.properties" />
<security:http pattern="/api" security="none"/>
<security:http pattern="/geowave/**" security="none"/>
<security:http entry-point-ref="authenticationEntryPoint">
<!-- <security:http-basic /> -->
<security:form-login default-target-url="/api"/>
<security:anonymous enabled="false"/>
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY"/>
<security:custom-filter ref="oauth2ClientContextFilter" after="EXCEPTION_TRANSLATION_FILTER"/>
<security:custom-filter ref="oAuth2AuthenticationProcessingFilter" before="FILTER_SECURITY_INTERCEPTOR"/>
</security:http>
<!-- Login entry point -->
<b:bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<b:property name="loginFormUrl" value="/authLogin"/>
</b:bean>
<security:authentication-manager>
<security:authentication-provider user-service-ref="customAdmin">
</security:authentication-provider>
</security:authentication-manager>
<security:user-service id="customAdmin">
<security:user name="geowave_username" password="geowave_password" authorities="ROLE_USER, ROLE_ADMIN" />
</security:user-service>
<!--apply the oauth client context -->
<b:bean id="oauth2ClientContextFilter"
class="org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter">
</b:bean>
<b:bean id="oAuth2AuthenticationProcessingFilter" class="org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter">
<b:constructor-arg name="defaultFilterProcessesUrl" value="/authLogin"/>
<b:property name="restTemplate" ref="facebookRestTemplate"/>
</b:bean>
<b:bean id="facebook" class="org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails">
<b:property name="grantType" value="authorization_code"/>
<b:property name="clientId" value="${oauth.client.id}"/>
<b:property name="clientSecret" value="${oauth.client.secret}"/>
<b:property name="authenticationScheme" value="query"/>
<b:property name="accessTokenUri" value="${oauth.accessTokenUri}"/>
<b:property name="userAuthorizationUri" value="${oauth.userAuthorizationUri}"/>
<b:property name="useCurrentUri" value="false"/>
<b:property name="preEstablishedRedirectUri" value="${oauth.redirect.url}"/>
<b:property name="tokenName" value="${oauth.tokenName}"/>
<b:property name="scope" value="${oauth.authScope}"/>
<b:property name="clientAuthenticationScheme" value="form"/>
</b:bean>
<b:bean id="facebookRestTemplate" class="org.springframework.security.oauth2.client.OAuth2RestTemplate" scope="session">
<aop:scoped-proxy/>
<b:constructor-arg name="resource" ref="facebook"/>
<b:property name="messageConverters">
<b:list>
<b:bean class="org.springframework.http.converter.json.MappingJacksonHttpMessageConverter">
<b:property name="supportedMediaTypes">
<b:list>
<b:bean class="org.springframework.http.MediaType">
<!--facebook sends its json as text/javascript for some reason -->
<b:constructor-arg value="text" />
<b:constructor-arg value="javascript" />
</b:bean>
<b:bean class="org.springframework.http.MediaType">
<b:constructor-arg value="application" />
<b:constructor-arg value="json" />
</b:bean>
</b:list>
</b:property>
</b:bean>
</b:list>
</b:property>
</b:bean>
</b:beans>
堆栈跟踪
org.springframework.security.oauth2.client.resource.UserApprovalRequiredException
at org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider.getUserApprovalSignal(AuthorizationCodeAccessTokenProvider.java:376)
at org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider.obtainAuthorizationCode(AuthorizationCodeAccessTokenProvider.java:161)
at org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider.obtainAccessToken(AuthorizationCodeAccessTokenProvider.java:207)
at org.springframework.security.oauth2.client.token.AccessTokenProviderChain.obtainNewAccessTokenInternal(AccessTokenProviderChain.java:148)
at org.springframework.security.oauth2.client.token.AccessTokenProviderChain.obtainAccessToken(AccessTokenProviderChain.java:121)
at org.springframework.security.oauth2.client.OAuth2RestTemplate.acquireAccessToken(OAuth2RestTemplate.java:221)
at org.springframework.security.oauth2.client.OAuth2RestTemplate.getAccessToken(OAuth2RestTemplate.java:173)
at org.springframework.security.oauth2.client.OAuth2RestTemplate$$FastClassBySpringCGLIB$$ca6dc720.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:708)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:644)
at org.springframework.security.oauth2.client.OAuth2RestTemplate$$EnhancerBySpringCGLIB$$3a151063.getAccessToken(<generated>)
at org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter.attemptAuthentication(OAuth2ClientAuthenticationProcessingFilter.java:105)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter.doFilter(OAuth2ClientContextFilter.java:60)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:155)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
答案 0 :(得分:0)
我通过使用Spring OAuth2 xsd中定义的oauth2ClientContextFilter
元素替换oauth:client
的bean定义来解决问题。我最后还使用oauth:resource
和oauth:rest-template
来确保Spring使用适当的范围(会话,请求等)自动配置bean。通过这种方式,适当的上下文数据按预期方式通过过滤器链。