Feign Oauth2客户端令牌异常
Feign Oauth2客户端令牌异常
提问于 2018-09-13 21:41:41
我正在尝试让feign客户机在我的Oauth2单点登录上工作。
我定义了一个bean拦截器,如下所示
@Bean
@LoadBalanced
RequestInterceptor oauthFeignClient(OAuth2ClientContext oauth2ClientContext, OAuth2ProtectedResourceDetails details) {
return new OAuth2FeignRequestInterceptor(oauth2ClientContext, details);
}但是我面临着这样的例外:
错误:状态401读取AppClientFeign#getApps();内容:{“feign.FeignException”:“invalid_token”,"error_description":"9d8eb02c-7005-487e-b28f-19417e5fea51"}
我不知道为什么我会得到这个
这是我的身份验证服务器
@Configuration
static class MvcConfig extends WebMvcConfigurerAdapter {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("login").setViewName("login");
registry.addViewController("/oauth/confirm_access").setViewName("authorize");
registry.addViewController("/").setViewName("index");
}
}
@Configuration
static class LoginConfig extends WebSecurityConfigurerAdapter {
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin().loginPage("/login").permitAll()
.and().logout().clearAuthentication(true).invalidateHttpSession(true).logoutUrl("/exit").logoutSuccessUrl("http://localhost:9999/client").permitAll()
.and()
.authorizeRequests()
.antMatchers("/","/exit","/graphics/**", "/login", "/oauth/authorize", "/oauth/confirm_access").permitAll()
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and().httpBasic().disable().csrf().disable();
}
@Autowired
MDSUserDetailService mdsUserServiceDetail;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(mdsUserServiceDetail).passwordEncoder(passwordEncoder());
}
}和我的yaml配置
security:
oauth2:
client:
client-id: xxx
client-secret: xxx
scope: read, write
auto-approve-scopes: .*
authorization:
check-token-access: permitAll()这是我的客户
@SpringBootApplication
@EnableOAuth2Sso
@EnableEurekaClient
@EnableDiscoveryClient
@EnableFeignClients
@EnableWebSecurity
public class ClientApplication extends WebSecurityConfigurerAdapter{
public static void main(String[] args) {
SpringApplication.run(ClientApplication.class, args);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.logout()
.logoutSuccessUrl("http://localhost:9999/uaa/exit");
http.authorizeRequests().antMatchers("graphics/**").permitAll().
and().authorizeRequests().anyRequest().authenticated();
}
@Bean
@LoadBalanced
RequestInterceptor oauthFeignClient(OAuth2ClientContext oauth2ClientContext, OAuth2ProtectedResourceDetails details) {
return new OAuth2FeignRequestInterceptor(oauth2ClientContext, details);
}
@Bean
@LoadBalanced
OAuth2RestTemplate oauth2RestTemplate(OAuth2ClientContext oauth2ClientContext, OAuth2ProtectedResourceDetails details) {
return new OAuth2RestTemplate(details, oauth2ClientContext);
}
@Profile("!cloud")
@Bean
RequestDumperFilter requestDumperFilter() {
return new RequestDumperFilter();
}
}Feign客户端界面
@FeignClient("USERS-MANAGER")
public interface UserClientFeign {
@GetMapping("/users/info")
public User getUserDetails(@RequestParam("username") String username);
}我的客户端的yml配置
security:
basic:
enabled: false
oauth2:
client:
client-id: xxx
client-secret: xxx
access-token-uri: ${auth-server}/oauth/token
user-authorization-uri: ${auth-server}/oauth/authorize
scope: read, write
resource:
token-info-uri: ${auth-server}/oauth/check_token最后是我的资源
@SpringBootApplication
@EnableResourceServer
@EnableEurekaClient
@RestController
public class ResourceApplication extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests()
.antMatchers(HttpMethod.GET, "/users/**").access("#oauth2.hasScope('read')")
.antMatchers(HttpMethod.POST, "/users/**").access("#oauth2.hasScope('write')");
}
public static void main(String[] args) {
SpringApplication.run(ResourceApplication.class, args);
}
@Profile("!cloud")
@Bean
RequestDumperFilter requestDumperFilter() {
return new RequestDumperFilter();
}
}yml配置
spring.application.name: USERS-MANAGER
server:
port: 0
ribbon:
eureka:
enabled: true
eureka.client.service-url.defaultZone: http://localhost:8761/eureka/
security:
oauth2:
resource:
token-info-uri: http://localhost:9999/uaa/oauth/check_token
client:
client-id: xxx
client-secret: xxx浏览器中的异常
清华Sep 13 14:19:52 BST 2018出现意外错误(type=Internal服务器错误,status=500)。状态401读取错误();内容:{“AppClientFeign#getApps”:“invalid_token”,"error_description":"9d8eb02c-7005-487e-b28f-19417e5fea51"}
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/52315046
复制相关文章
相似问题