当我在accessTokenUri中提供域名时,它不起作用并报告错误,但是当我提供localhost时,它可以工作。为什么?
授权服务器Config.java
@Configuration
@EnableAuthorizationServer
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient("QWE123")
.secret("abc")
.authorizedGrantTypes("password")
.scopes("user_info").accessTokenValiditySeconds(0)
.autoApprove(true);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
}
@EnableResourceServer
@Configuration
public class ResourceServerConfig extends WebSecurityConfigurerAdapter {
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Autowired
private UserDetailsService customUserDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/login").permitAll()
.anyRequest()
.authenticated()
.and()
.formLogin()
.permitAll();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/user/**","/swagger-ui.html", "/v2/api-docs", "/swagger-resources/**");
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
App.properties
security:
basic:
enabled: false
oauth2:
resource:
filter-order: 3
ResourceServerConfig.java
@EnableOAuth2Sso
@Configuration
public class OauthConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/")
.permitAll()
.anyRequest()
.authenticated();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/swagger-ui.html", "/v2/api-docs", "/swagger-resources/**");
}
}
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class Oauth2ResourceServerConfig extends GlobalMethodSecurityConfiguration {
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
return new OAuth2MethodSecurityExpressionHandler();
}
}
App.properties
security:
basic:
enabled: false
oauth2:
client:
clientId: QWE123
clientSecret: abc
accessTokenUri: https://example.net/auth/oauth/token
userAuthorizationUri: https://example.net/auth/oauth/authorize
resource:
userInfoUri: https://example.net/auth/logged-in/principal
filter-order: 3
错误:
2018-09-14 12:00:13.083 INFO 25836 --- [主] o.s.j.e.a.AnnotationMBeanExporter:位于托管的Bean 'environmentManager':向JMX服务器注册为MBean [org.springframework.cloud.context.environment:name = environmentManager,type = EnvironmentManager] 2018-09-14 12:00:13.095 INFO 25836 --- [主] o.s.j.e.a.AnnotationMBeanExporter:位于托管的Bean 'restartEndpoint':作为MBean向JMX服务器注册 [org.springframework.cloud.context.restart:name = restartEndpoint,type = RestartEndpoint] 2018-09-14 12:00:13.106 INFO 25836 --- [主] o.s.j.e.a.AnnotationMBeanExporter:位于托管的Bean 'refreshScope':向JMX服务器注册为MBean [org.springframework.cloud.context.scope.refresh:name = refreshScope,type = RefreshScope] 2018-09-14 12:00:13.116 INFO 25836 --- [主] o.s.j.e.a.AnnotationMBeanExporter:位于托管的Bean 'configurationPropertiesRebinder':向JMX服务器注册为 MBean [org.springframework.cloud.context.properties:名称= configurationPropertiesRebinder,上下文= 35d08e6c,type = ConfigurationPropertiesRebinder] 2018-09-14 12:00:13.123 INFO 25836 --- [主] o.s.j.e.a.AnnotationMBeanExporter:位于托管的Bean 'refreshEndpoint':作为MBean向JMX服务器注册 [org.springframework.cloud.endpoint:名称= refreshEndpoint,类型= RefreshEndpoint] 2018-09-14 12:00:13.424 INFO 25836 --- [主要] o.s.c.support.DefaultLifecycleProcessor:在阶段0中启动bean 2018-09-14 12:00:13.482 INFO 25836 --- [主] o.s.c.support.DefaultLifecycleProcessor:分阶段启动bean 2147483647 2018-09-14 12:00:13.483 INFO 25836 --- [主要] d.s.w.p.DocumentationPluginsBootstrapper:上下文已刷新 2018-09-14 12:00:13.509 INFO 25836 --- [主] d.s.w.p.DocumentationPluginsBootstrapper:找到1个自定义 文档插件2018-09-14 12:00:13.530 INFO 25836 --- [
主要] s.d.s.w.s.ApiListingReferenceScanner:扫描api 列表引用2018-09-14 12:00:13.870 INFO 25836 --- [
main] s.b.c.e.t.TomcatEmbeddedServletContainer:Tomcat在 端口:8080(http)2018-09-14 12:00:13.882 INFO 25836 --- [
main] c.h.dfsc.DfscServiceApplication:已启动 DfscServiceApplication在44.8秒内运行(JVM运行45.324) 2018-09-14 12:01:52.271 INFO 25836 --- [nio-8080-exec-1] o.a.c.c.C. [Tomcat]。[localhost]。[/ api]:初始化Spring FrameworkServlet'dispatcherServlet'2018-09-14 12:01:52.271信息 25836-[nio-8080-exec-1] o.s.web.servlet.DispatcherServlet: FrameworkServlet'dispatcherServlet':初始化已开始 2018-09-14 12:01:52.292 INFO 25836 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet:FrameworkServlet 'dispatcherServlet':初始化在21毫秒内完成2018-09-14 12:01:52.990 WARN 25836 --- [nio-8080-exec-1] o.s.b.a.s.o.r.UserInfoTokenServices:无法获取用户详细信息:class org.springframework.security.oauth2.client.resource.UserRedirectRequiredException, 必须进行重定向才能获得用户的认可
我在这方面发现了很多东西,但没有成功,请你帮我一下吗?
答案 0 :(得分:1)
我已经找到了解决方案。 这是由于群集而发生的。有多个服务器实例对令牌进行身份验证和授权。当发生令牌生成请求时,它将令牌存储在一个实例上,但是当授权请求到达时,它将命中另一实例。找不到令牌并生成异常的地方。 在本地主机上,我只有一台服务器,因此工作正常。