假设Oauth2客户端令牌异常?

内容来源于 Stack Overflow,并遵循CC BY-SA 3.0许可协议进行翻译与使用

  • 回答 (1)
  • 关注 (0)
  • 查看 (492)

我试图让冒充的客户端在我的OAuth2SSO上工作

I have defined a bean interceptor as below

@Bean
        @LoadBalanced
        RequestInterceptor oauthFeignClient(OAuth2ClientContext oauth2ClientContext, OAuth2ProtectedResourceDetails details) {
            return new OAuth2FeignRequestInterceptor(oauth2ClientContext, details);
        }

but I m facing this exception :

feign.FeignException: status 401 reading AppClientFeign#getApps(); content: {"error":"invalid_token","error_description":"9d8eb02c-7005-487e-b28f-19417e5fea51"}

I don't know why I m getting this

Here is my Auth server

 @Configuration
        static class MvcConfig extends WebMvcConfigurerAdapter {

            @Override
            public void addViewControllers(ViewControllerRegistry registry) {
                registry.addViewController("login").setViewName("login");
            registry.addViewController("/oauth/confirm_access").setViewName("authorize");
            registry.addViewController("/").setViewName("index");
            }
        }

        @Configuration
        static class LoginConfig extends WebSecurityConfigurerAdapter {


            @Bean
            public PasswordEncoder passwordEncoder() {
                return new BCryptPasswordEncoder();
            }
            @Override
            protected void configure(HttpSecurity http) throws Exception {
                http
                    .formLogin().loginPage("/login").permitAll()
                        .and().logout().clearAuthentication(true).invalidateHttpSession(true).logoutUrl("/exit").logoutSuccessUrl("http://localhost:9999/client").permitAll()
                    .and()
                        .authorizeRequests()
                        .antMatchers("/","/exit","/graphics/**", "/login", "/oauth/authorize", "/oauth/confirm_access").permitAll()
                    .and()
                        .authorizeRequests()
                        .anyRequest().authenticated()
                        .and().httpBasic().disable().csrf().disable();
            }

            @Autowired
            MDSUserDetailService mdsUserServiceDetail;
            @Override
            protected void configure(AuthenticationManagerBuilder auth) throws Exception {
               auth.userDetailsService(mdsUserServiceDetail).passwordEncoder(passwordEncoder());
            }


        }

and My yaml configuration

security:
    oauth2:
      client:
        client-id: mds_group
        client-secret: mds_group
        scope: read, write
        auto-approve-scopes: .*
      authorization:
        check-token-access: permitAll()

here is my client

@SpringBootApplication
@EnableOAuth2Sso
@EnableEurekaClient
@EnableDiscoveryClient
@EnableFeignClients
@EnableWebSecurity
public class ClientApplication extends WebSecurityConfigurerAdapter{


    public static void main(String[] args) {
        SpringApplication.run(ClientApplication.class, args);
    }


        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                    .logout()
                    .logoutSuccessUrl("http://localhost:9999/uaa/exit");
            http.authorizeRequests().antMatchers("graphics/**").permitAll().
                    and().authorizeRequests().anyRequest().authenticated();
        }


        @Bean
        @LoadBalanced
        RequestInterceptor oauthFeignClient(OAuth2ClientContext oauth2ClientContext, OAuth2ProtectedResourceDetails details) {
            return new OAuth2FeignRequestInterceptor(oauth2ClientContext, details);
        }

    @Bean
    @LoadBalanced
    OAuth2RestTemplate oauth2RestTemplate(OAuth2ClientContext oauth2ClientContext, OAuth2ProtectedResourceDetails details) {
        return new OAuth2RestTemplate(details, oauth2ClientContext);
    }

    @Profile("!cloud")
    @Bean
    RequestDumperFilter requestDumperFilter() {
        return new RequestDumperFilter();
    }

}

the Feign Client Interface

@FeignClient("USERS-MANAGER")
public interface UserClientFeign {
      @GetMapping("/users/info")
      public User getUserDetails(@RequestParam("username") String username);
}

yml configuration of my client

security:
  basic:
    enabled: false
  oauth2:
    client:
      client-id: mds_group
      client-secret: mds_group
      access-token-uri: ${auth-server}/oauth/token
      user-authorization-uri: ${auth-server}/oauth/authorize
      scope: read, write
    resource:
      token-info-uri: ${auth-server}/oauth/check_token

finally my ressource

@SpringBootApplication
@EnableResourceServer
@EnableEurekaClient
@RestController
public class ResourceApplication extends ResourceServerConfigurerAdapter {



    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests()
                .antMatchers(HttpMethod.GET, "/users/**").access("#oauth2.hasScope('read')")
                .antMatchers(HttpMethod.POST, "/users/**").access("#oauth2.hasScope('write')");
    }

    public static void main(String[] args) {
        SpringApplication.run(ResourceApplication.class, args);
    }

    @Profile("!cloud")
    @Bean
    RequestDumperFilter requestDumperFilter() {
        return new RequestDumperFilter();
    }
}

the yml configuration

spring.application.name: USERS-MANAGER

server:
  port: 0

ribbon:
    eureka:
        enabled: true

eureka.client.service-url.defaultZone: http://localhost:8761/eureka/

security:
  oauth2:
    resource:
      token-info-uri:  http://localhost:9999/uaa/oauth/check_token
    client:
      client-id:  mds_group
      client-secret:  mds_group

the exception in browser

2018年9月13日14:19:52有一个意外的错误(类型=内部服务器错误,状态=500)。状态401读取AppClientFeign#getApps();内容:{“错误”:“无效”_token","error_description":"9d8eb02c-7005-487e-b28f-19417e5fea51"}

提问于
用户回答回答于

在没有任何详细描述的情况下找出为什么令牌无效是很棘手的。它可能是令牌过期太快(由于您的令牌TTL设置),或令牌的授权类型或令牌的范围与资源服务器所需的不同。

您可能希望在几个点添加断点OAuth2AuthenticationProcessingFilter#doFilter(),并查看从oauth2提供程序获得的值,并将其与客户端使用的令牌值进行比较。特别是看看周围authenticationManager.authenticate(authentication);

所属标签

可能回答问题的人

  • 最爱开车啦

    8 粉丝503 提问6 回答
  • 优惠活动秘书

    0 粉丝2 提问6 回答
  • 天使的炫翼

    17 粉丝531 提问6 回答
  • Richel

    6 粉丝0 提问5 回答

扫码关注云+社区

领取腾讯云代金券