我有一个Web App作为Spring OAuth 2.0中的授权服务器(/ authorizer),以及一个Web应用程序(/ public),可以根据该App Server验证用户。这些应用程序作为EAR部署在Wildfly 12服务器中。预生产环境是通过以下方式配置的:两台机器foo1和foo2是平衡的,位于反向代理之后。因此,对应用程序的访问为https://my.application.com/public,并且代理服务器确定哪台计算机回答了该请求。
问题是:当我要登录时,Web应用程序(https://my.application.com/public)重定向到OAuth 2.0授权服务器登录页面(https://my.applicacion.com/authorizer/login),然后提供有效的用户并单击Submit。 找到用户,然后该过程为应用程序生成解码器,以与OAuth 2.0服务器协商令牌。但是,当OAuth 2.0服务器尝试通过POST重定向到主体应用程序时,会被卡住并显示401未经授权的代码。当我查看详细信息时,我发现:
DEBUG [org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter] (default task-7) Request is to process authentication
DEBUG [org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider] (default task-7) Retrieving token from https://my.application.com/authorizer/oauth/token
[...]
DEBUG [org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter] (default task-7) Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Could not obtain access token: org.springframework.security.authentication.BadCredentialsException: Could not obtain access token
at org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter.attemptAuthentication(OAuth2ClientAuthenticationProcessingFilter.java:107)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
[...]
Caused by: error="access_denied", error_description="Error requesting access token."
at org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport.retrieveToken(OAuth2AccessTokenSupport.java:145)
at org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider.obtainAccessToken(AuthorizationCodeAccessTokenProvider.java:209)
at org.springframework.security.oauth2.client.token.AccessTokenProviderChain.obtainNewAccessTokenInternal(AccessTokenProviderChain.java:148)
at org.springframework.security.oauth2.client.token.AccessTokenProviderChain.obtainAccessToken(AccessTokenProviderChain.java:121)
at org.springframework.security.oauth2.client.OAuth2RestTemplate.acquireAccessToken(OAuth2RestTemplate.java:221)
at org.springframework.security.oauth2.client.OAuth2RestTemplate.getAccessToken(OAuth2RestTemplate.java:173)
at org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter.attemptAuthentication(OAuth2ClientAuthenticationProcessingFilter.java:105)
... 98 more
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://my.application.com/authorizer/oauth/token": Connection timed out; nested exception is java.net.ConnectException: Connection timed out
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:744)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:691)
at org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport.retrieveToken(OAuth2AccessTokenSupport.java:137)
... 104 more
Caused by: java.net.ConnectException: Connection timed out
at java.net.PlainSocketImpl.socketConnect(Native Method)
[...]
DEBUG [org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter] (default task-7) Updated SecurityContextHolder to contain null Authentication
DEBUG [org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter] (default task-7) Delegating to authentication failure handler org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@7d00a00f
DEBUG [org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler] (default task-7) No failure URL set, sending 401 Unauthorized error
代理反向不是由我管理的,但是我需要帮助来确定错误是在我的应用程序中还是在反向代理中(例如会话配置或cookie)。