Spring Boot Security Javascript Post 401错误

时间:2018-01-10 10:47:06

标签: javascript spring spring-boot spring-security

我目前正在开发一个带有Spring启动授权服务器的微服务架构应用程序。

当我尝试通过邮递员获得带有现有帐户的新令牌时,我会得到一个有效的令牌。

Postman request and result - Postman body

现在,当我尝试通过Javascript调用执行相同操作时,我获得了401拒绝访问权限。

var loginHeaders = new Headers({
                "Content-type": "application/json",
                "Authorization" : "Basic YWNtZTphY21lc2VjcmV0"
            });
            var contentBody = JSON.stringify({
                "password" : "kbos",
                "username" : "kbos",
                "grant_type" : "password",
                "scope" : "openid",
                "client_secret" : "acmesecret",
                "client_id" : "acme",
            });
            console.log(contentBody);
            var init = {
                method: 'POST',
                headers: loginHeaders,
                body: contentBody
            }
            fetch('http://localhost:9191/oauth/token', init).then(function(response) {
                console.log(response);
            });

来自auth服务器的堆栈跟踪:

    2018-01-10 11:43:24.999 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/css/**']
2018-01-10 11:43:25.000 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/oauth/token'; against '/css/**'
2018-01-10 11:43:25.000 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/js/**']
2018-01-10 11:43:25.000 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/oauth/token'; against '/js/**'
2018-01-10 11:43:25.000 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/images/**']
2018-01-10 11:43:25.000 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/oauth/token'; against '/images/**'
2018-01-10 11:43:25.000 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/webjars/**']
2018-01-10 11:43:25.000 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/oauth/token'; against '/webjars/**'
2018-01-10 11:43:25.002 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/**/favicon.ico']
2018-01-10 11:43:25.002 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/oauth/token'; against '/**/favicon.ico'
2018-01-10 11:43:25.002 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/error']
2018-01-10 11:43:25.002 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/oauth/token'; against '/error'
2018-01-10 11:43:25.002 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : No matches found
2018-01-10 11:43:25.002 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/oauth/token']
2018-01-10 11:43:25.002 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/oauth/token'; against '/oauth/token'
2018-01-10 11:43:25.002 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : matched
2018-01-10 11:43:25.002 DEBUG 14140 --- [nio-9191-exec-9] o.s.security.web.FilterChainProxy        : /oauth/token at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2018-01-10 11:43:25.002 DEBUG 14140 --- [nio-9191-exec-9] o.s.security.web.FilterChainProxy        : /oauth/token at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2018-01-10 11:43:25.007 DEBUG 14140 --- [nio-9191-exec-9] o.s.security.web.FilterChainProxy        : /oauth/token at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2018-01-10 11:43:25.007 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@52eefa5e
2018-01-10 11:43:25.007 DEBUG 14140 --- [nio-9191-exec-9] o.s.security.web.FilterChainProxy        : /oauth/token at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2018-01-10 11:43:25.007 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', GET]
2018-01-10 11:43:25.007 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'OPTIONS /oauth/token' doesn't match 'GET /logout
2018-01-10 11:43:25.007 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', POST]
2018-01-10 11:43:25.007 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'OPTIONS /oauth/token' doesn't match 'POST /logout
2018-01-10 11:43:25.007 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', PUT]
2018-01-10 11:43:25.007 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'OPTIONS /oauth/token' doesn't match 'PUT /logout
2018-01-10 11:43:25.007 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using Ant [pattern='/logout', DELETE]
2018-01-10 11:43:25.007 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'OPTIONS /oauth/token' doesn't match 'DELETE /logout
2018-01-10 11:43:25.007 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : No matches found
2018-01-10 11:43:25.007 DEBUG 14140 --- [nio-9191-exec-9] o.s.security.web.FilterChainProxy        : /oauth/token at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2018-01-10 11:43:25.008 DEBUG 14140 --- [nio-9191-exec-9] o.s.security.web.FilterChainProxy        : /oauth/token at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2018-01-10 11:43:25.008 DEBUG 14140 --- [nio-9191-exec-9] o.s.security.web.FilterChainProxy        : /oauth/token at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2018-01-10 11:43:25.008 DEBUG 14140 --- [nio-9191-exec-9] o.s.security.web.FilterChainProxy        : /oauth/token at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2018-01-10 11:43:25.015 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.a.AnonymousAuthenticationFilter  : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2018-01-10 11:43:25.015 DEBUG 14140 --- [nio-9191-exec-9] o.s.security.web.FilterChainProxy        : /oauth/token at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
2018-01-10 11:43:25.015 DEBUG 14140 --- [nio-9191-exec-9] o.s.security.web.FilterChainProxy        : /oauth/token at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2018-01-10 11:43:25.015 DEBUG 14140 --- [nio-9191-exec-9] o.s.security.web.FilterChainProxy        : /oauth/token at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2018-01-10 11:43:25.015 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/oauth/token'; against '/oauth/token'
2018-01-10 11:43:25.015 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.a.i.FilterSecurityInterceptor    : Secure object: FilterInvocation: URL: /oauth/token; Attributes: [fullyAuthenticated]
2018-01-10 11:43:25.017 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.a.i.FilterSecurityInterceptor    : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2018-01-10 11:43:25.017 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.access.vote.AffirmativeBased       : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@67c92bc8, returned: -1
2018-01-10 11:43:25.018 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.a.ExceptionTranslationFilter     : Access is denied (user is anonymous); redirecting to authentication entry point

org.springframework.security.access.AccessDeniedException: Access is denied
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:106)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:748)

2018-01-10 11:43:25.027 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.util.matcher.AndRequestMatcher   : Trying to match using Ant [pattern='/**', GET]
2018-01-10 11:43:25.027 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'OPTIONS /oauth/token' doesn't match 'GET /**
2018-01-10 11:43:25.027 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.util.matcher.AndRequestMatcher   : Did not match
2018-01-10 11:43:25.027 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.s.HttpSessionRequestCache        : Request not saved as configured RequestMatcher did not match
2018-01-10 11:43:25.027 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.a.ExceptionTranslationFilter     : Calling Authentication entry point.
2018-01-10 11:43:25.027 DEBUG 14140 --- [nio-9191-exec-9] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@749baa0c, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]
2018-01-10 11:43:25.027 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.u.m.MediaTypeRequestMatcher      : httpRequestMediaTypes=[]
2018-01-10 11:43:25.027 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.u.m.MediaTypeRequestMatcher      : Did not match any media types
2018-01-10 11:43:25.027 DEBUG 14140 --- [nio-9191-exec-9] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using OrRequestMatcher [requestMatchers=[RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest], AndRequestMatcher [requestMatchers=[NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@749baa0c, matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@749baa0c, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]]]]]
2018-01-10 11:43:25.027 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]
2018-01-10 11:43:25.027 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : Trying to match using AndRequestMatcher [requestMatchers=[NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@749baa0c, matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@749baa0c, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]]]
2018-01-10 11:43:25.027 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.util.matcher.AndRequestMatcher   : Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@749baa0c, matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]]
2018-01-10 11:43:25.027 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.u.m.MediaTypeRequestMatcher      : httpRequestMediaTypes=[]
2018-01-10 11:43:25.027 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.u.m.MediaTypeRequestMatcher      : Did not match any media types
2018-01-10 11:43:25.027 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.u.matcher.NegatedRequestMatcher  : matches = true
2018-01-10 11:43:25.027 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.util.matcher.AndRequestMatcher   : Trying to match using MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@749baa0c, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]
2018-01-10 11:43:25.027 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.u.m.MediaTypeRequestMatcher      : httpRequestMediaTypes=[]
2018-01-10 11:43:25.029 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.u.m.MediaTypeRequestMatcher      : Did not match any media types
2018-01-10 11:43:25.029 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.w.util.matcher.AndRequestMatcher   : Did not match
2018-01-10 11:43:25.029 DEBUG 14140 --- [nio-9191-exec-9] o.s.s.web.util.matcher.OrRequestMatcher  : No matches found
2018-01-10 11:43:25.029 DEBUG 14140 --- [nio-9191-exec-9] s.w.a.DelegatingAuthenticationEntryPoint : No match found. Using default entry point org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint@56b05bd7
2018-01-10 11:43:25.029 DEBUG 14140 --- [nio-9191-exec-9] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed

有什么我忽略的吗?

0 个答案:

没有答案