我正在使用具有React前端和Spring Boot后端的Webapp。从登录页面,我可以使用适当的凭据进行注册和登录,但是登录后,几乎所有对后端端点的调用都返回401错误,并显示消息“需要完全身份验证才能访问资源”。但是,我已经通过登录进行了身份验证。
WebSecruityAdapterConfiguerer扩展程序类具有以下功能:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf()
.disable()
.formLogin()
.disable()
.httpBasic()
.disable()
.exceptionHandling()
.authenticationEntryPoint(new RestAuthenticationEntryPoint())
.and()
.authorizeRequests()
.antMatchers("/",
"/error",
"/favicon.ico",
"/**/*.png",
"/**/*.gif",
"/**/*.svg",
"/**/*.jpg",
"/**/*.html",
"/**/*.css",
"/**/*.js")
.permitAll()
.antMatchers("/mail/**", "/auth/**", "/region/**", "/company/**", "/general/**", "/file/**", "/oauth2/**", "/login/**", "/swagger-ui.html", "/webjars/**", "/v2/**", "/swagger-resources/**")
.permitAll()
.anyRequest()
.authenticated()
.and()
.oauth2Login()
.authorizationEndpoint()
.baseUri("/oauth2/authorize")
.authorizationRequestResolver(new WeChatOAuth2AuthorizationRequestResolver(this.clientRegistrationRepository))
.authorizationRequestRepository(cookieAuthorizationRequestRepository())
.and()
.tokenEndpoint()
.accessTokenResponseClient(new WeChatAuthorizationCodeTokenResponseClient())
.and()
.redirectionEndpoint()
.baseUri("/login/oauth2/code/*")
.and()
.userInfoEndpoint()
.userService(customOAuth2UserService)
.and()
.successHandler(oAuth2AuthenticationSuccessHandler)
.failureHandler(oAuth2AuthenticationFailureHandler);
}
从登录开始,错误消息如下。
2020-06-06 01:48:51.363 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /user/me at position 1 of 14 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2020-06-06 01:48:51.364 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /user/me at position 2 of 14 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2020-06-06 01:48:51.364 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /user/me at position 3 of 14 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2020-06-06 01:48:51.364 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /user/me at position 4 of 14 in additional filter chain; firing Filter: 'CorsFilter'
2020-06-06 01:48:51.365 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /user/me at position 5 of 14 in additional filter chain; firing Filter: 'LogoutFilter'
2020-06-06 01:48:51.366 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', GET]
2020-06-06 01:48:51.366 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/logout'
2020-06-06 01:48:51.366 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', POST]
2020-06-06 01:48:51.367 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /user/me' doesn't match 'POST /logout'
2020-06-06 01:48:51.367 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', PUT]
2020-06-06 01:48:51.367 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /user/me' doesn't match 'PUT /logout'
2020-06-06 01:48:51.367 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', DELETE]
2020-06-06 01:48:51.367 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /user/me' doesn't match 'DELETE /logout'
2020-06-06 01:48:51.367 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2020-06-06 01:48:51.368 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /user/me at position 6 of 14 in additional filter chain; firing Filter: 'OAuth2AuthorizationRequestRedirectFilter'
2020-06-06 01:48:51.368 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/oauth2/authorize/{registrationId}'
2020-06-06 01:48:51.368 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/oauth2/authorize//{registrationId}'
2020-06-06 01:48:51.368 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /user/me at position 7 of 14 in additional filter chain; firing Filter: 'OAuth2LoginAuthenticationFilter'
2020-06-06 01:48:51.373 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/login/oauth2/code/*'
2020-06-06 01:48:51.374 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /user/me at position 8 of 14 in additional filter chain; firing Filter: 'TokenAuthenticationFilter'
2020-06-06 01:48:51.374 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /user/me at position 9 of 14 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2020-06-06 01:48:51.374 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /user/me at position 10 of 14 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2020-06-06 01:48:51.374 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /user/me at position 11 of 14 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2020-06-06 01:48:51.375 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@b36ae747: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 47.252.80.237; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2020-06-06 01:48:51.375 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /user/me at position 12 of 14 in additional filter chain; firing Filter: 'SessionManagementFilter'
2020-06-06 01:48:51.375 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /user/me at position 13 of 14 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2020-06-06 01:48:51.375 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /user/me at position 14 of 14 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2020-06-06 01:48:51.375 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/'
2020-06-06 01:48:51.375 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/error'
2020-06-06 01:48:51.376 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/favicon.ico'
2020-06-06 01:48:51.376 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/**/*.png'
2020-06-06 01:48:51.376 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/**/*.gif'
2020-06-06 01:48:51.376 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/**/*.svg'
2020-06-06 01:48:51.376 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/**/*.jpg'
2020-06-06 01:48:51.376 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/**/*.html'
2020-06-06 01:48:51.377 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/**/*.css'
2020-06-06 01:48:51.377 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/**/*.js'
2020-06-06 01:48:51.377 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/mail/**'
2020-06-06 01:48:51.377 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/auth/**'
2020-06-06 01:48:51.377 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/region/**'
2020-06-06 01:48:51.377 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/company/**'
2020-06-06 01:48:51.377 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/general/**'
2020-06-06 01:48:51.378 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/file/**'
2020-06-06 01:48:51.378 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/oauth2/**'
2020-06-06 01:48:51.378 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/login/**'
2020-06-06 01:48:51.380 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/swagger-ui.html'
2020-06-06 01:48:51.381 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/webjars/**'
2020-06-06 01:48:51.381 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/v2/**'
2020-06-06 01:48:51.381 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/user/me'; against '/swagger-resources/**'
2020-06-06 01:48:51.381 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /user/me; Attributes: [authenticated]
2020-06-06 01:48:51.381 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@b36ae747: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 47.252.80.237; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2020-06-06 01:48:51.382 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@4fc1ef9b, returned: -1
2020-06-06 01:48:51.402 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at
<cutting out the error because it is too long to post>
2020-06-06 01:48:51.411 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.a.ExceptionTranslationFilter : Calling Authentication entry point.
2020-06-06 01:48:51.412 ERROR 12482 --- [nio-8080-exec-2] c.s.z.s.RestAuthenticationEntryPoint : Responding with unauthorized error. Message - Full authentication is required to access this resource
2020-06-06 01:48:51.412 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@6073a0b5
2020-06-06 01:48:51.412 DEBUG 12482 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2020-06-06 01:48:51.416 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 1 of 14 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2020-06-06 01:48:51.416 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 2 of 14 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2020-06-06 01:48:51.417 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 3 of 14 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2020-06-06 01:48:51.417 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 4 of 14 in additional filter chain; firing Filter: 'CorsFilter'
2020-06-06 01:48:51.421 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 5 of 14 in additional filter chain; firing Filter: 'LogoutFilter'
2020-06-06 01:48:51.421 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', GET]
2020-06-06 01:48:51.422 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/logout'
2020-06-06 01:48:51.422 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', POST]
2020-06-06 01:48:51.422 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /error' doesn't match 'POST /logout'
2020-06-06 01:48:51.422 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', PUT]
2020-06-06 01:48:51.422 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /error' doesn't match 'PUT /logout'
2020-06-06 01:48:51.422 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', DELETE]
2020-06-06 01:48:51.422 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /error' doesn't match 'DELETE /logout'
2020-06-06 01:48:51.422 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2020-06-06 01:48:51.422 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 6 of 14 in additional filter chain; firing Filter: 'OAuth2AuthorizationRequestRedirectFilter'
2020-06-06 01:48:51.422 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 7 of 14 in additional filter chain; firing Filter: 'OAuth2LoginAuthenticationFilter'
2020-06-06 01:48:51.422 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/login/oauth2/code/*'
2020-06-06 01:48:51.422 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 8 of 14 in additional filter chain; firing Filter: 'TokenAuthenticationFilter'
2020-06-06 01:48:51.422 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 9 of 14 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2020-06-06 01:48:51.422 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 10 of 14 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2020-06-06 01:48:51.423 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 11 of 14 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2020-06-06 01:48:51.423 DEBUG 12482 --- [nio-8080-exec-2] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@b36ae747: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 47.252.80.237; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2020-06-06 01:48:51.423 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 12 of 14 in additional filter chain; firing Filter: 'SessionManagementFilter'
2020-06-06 01:48:51.423 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 13 of 14 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2020-06-06 01:48:51.423 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error at position 14 of 14 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2020-06-06 01:48:51.423 DEBUG 12482 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /error reached end of additional filter chain; proceeding with original chain
在以上日志中,登录为[nio-8000-exec-1],成功。登录后的重定向页面调用2个端点,每个端点返回401-Full身份验证所需的错误。