文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
首页
学习
活动
专区
圈层
工具
MCP广场
返回腾讯云官网
社区首页 >问答首页 >BadCredentialsException:无法在GAE上使用spring boot安全Oauth2获取访问令牌

BadCredentialsException:无法在GAE上使用spring boot安全Oauth2获取访问令牌
EN

Stack Overflow用户
提问于 2017-08-28 03:15:02
回答 1查看 1.5K关注 0票数 0

我目前正在开发一个使用spring boot的小型web应用程序。我想使用谷歌oauth2登录我的用户。在我的电脑上,所有这些在localhost中都运行得很好,但是当我在GAE中部署我的应用程序时,我得到了一个错误。

这是我在GAE上从dev server得到的错误堆栈。我猜这个错误在生产模式下也是一样的。

代码语言:javascript
运行
复制
[INFO] 2017-08-27 17:02:31.290 DEBUG 630 --- [tp1134612201-18] g.c.AuthorizationCodeAccessTokenProvider : Retrieving token from https://www.googleapis.com/oauth2/v4/token
[INFO] 2017-08-27 17:02:31.565 DEBUG 630 --- [tp1134612201-18] o.s.web.client.RestTemplate              : Created POST request for "https://www.googleapis.com/oauth2/v4/token"
[INFO] 2017-08-27 17:02:31.566 DEBUG 630 --- [tp1134612201-18] g.c.AuthorizationCodeAccessTokenProvider : Encoding and sending form: {grant_type=[authorization_code], code=[4/PmvPPmFGQF0PamafaItFDiqKT_RwZN4RkdoydpxOTD4], redirect_uri=[https://127.0.0.1:8080/login], client_id=[XXX], client_secret=[YYY]}
[INFO] 2017-08-27 17:02:32.905 DEBUG 630 --- [tp1134612201-18] o.s.web.client.RestTemplate              : POST request for "https://www.googleapis.com/oauth2/v4/token" resulted in 400 (OK); invoking error handler
[INFO] 2017-08-27 17:02:33.343 DEBUG 630 --- [tp1134612201-18] o.s.b.f.s.DefaultListableBeanFactory     : Returning cached instance of singleton bean 'delegatingApplicationListener'
[INFO] 2017-08-27 17:02:33.381 DEBUG 630 --- [tp1134612201-18] uth2ClientAuthenticationProcessingFilter : Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Could not obtain access token
[INFO]
[INFO] org.springframework.security.authentication.BadCredentialsException: Could not obtain access token
[INFO]  at org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter.attemptAuthentication(OAuth2ClientAuthenticationProcessingFilter.java:107)
[INFO]  at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
[INFO]  at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
[INFO]  at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
[INFO]  at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
[INFO]  at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100)
[INFO]  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
[INFO]  at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
[INFO]  at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
[INFO]  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
[INFO]  at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
[INFO]  at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
[INFO]  at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
[INFO]  at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
[INFO]  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
[INFO]  at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
[INFO]  at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
[INFO]  at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
[INFO]  at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
[INFO]  at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
[INFO]  at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
[INFO]  at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
[INFO]  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
[INFO]  at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
[INFO]  at org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter.doFilter(OAuth2ClientContextFilter.java:60)
[INFO]  at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
[INFO]  at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:105)
[INFO]  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
[INFO]  at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
[INFO]  at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
[INFO]  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
[INFO]  at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
[INFO]  at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
[INFO]  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
[INFO]  at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
[INFO]  at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:115)
[INFO]  at org.springframework.boot.web.support.ErrorPageFilter.access$000(ErrorPageFilter.java:59)
[INFO]  at org.springframework.boot.web.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:90)
[INFO]  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
[INFO]  at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:108)
[INFO]  at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
[INFO]  at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582)
[INFO]  at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
[INFO]  at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
[INFO]  at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
[INFO]  at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)
[INFO]  at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512)
[INFO]  at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
[INFO]  at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)
[INFO]  at com.google.appengine.tools.development.jetty9.DevAppEngineWebAppContext.doScope(DevAppEngineWebAppContext.java:94)
[INFO]  at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
[INFO]  at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
[INFO]  at com.google.appengine.tools.development.jetty9.JettyContainerService$ApiProxyHandler.handle(JettyContainerService.java:597)
[INFO]  at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
[INFO]  at org.eclipse.jetty.server.Server.handle(Server.java:534)
[INFO]  at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320)
[INFO]  at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)
[INFO]  at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283)
[INFO]  at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108)
[INFO]  at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)
[INFO]  at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)
[INFO]  at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
[INFO]  at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
[INFO]  at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)
[INFO]  at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
[INFO]  at java.lang.Thread.run(Thread.java:748)
[INFO] Caused by: org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException: Access token denied.
[INFO]  at org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport.retrieveToken(OAuth2AccessTokenSupport.java:142)
[INFO]  at org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider.obtainAccessToken(AuthorizationCodeAccessTokenProvider.java:209)
[INFO]  at org.springframework.security.oauth2.client.OAuth2RestTemplate.acquireAccessToken(OAuth2RestTemplate.java:221)
[INFO]  at org.springframework.security.oauth2.client.OAuth2RestTemplate.getAccessToken(OAuth2RestTemplate.java:173)
[INFO]  at org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter.attemptAuthentication(OAuth2ClientAuthenticationProcessingFilter.java:105)
[INFO]  ... 65 common frames omitted
[INFO] Caused by: org.springframework.security.oauth2.common.exceptions.RedirectMismatchException: Bad Request
[INFO]  at org.springframework.security.oauth2.common.exceptions.OAuth2ExceptionJackson2Deserializer.deserialize(OAuth2ExceptionJackson2Deserializer.java:103)
[INFO]  at org.springframework.security.oauth2.common.exceptions.OAuth2ExceptionJackson2Deserializer.deserialize(OAuth2ExceptionJackson2Deserializer.java:33)
[INFO]  at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:3798)
[INFO]  at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2922)
[INFO]  at org.springframework.http.converter.json.AbstractJackson2HttpMessageConverter.readJavaType(AbstractJackson2HttpMessageConverter.java:237)
[INFO]  at org.springframework.http.converter.json.AbstractJackson2HttpMessageConverter.readInternal(AbstractJackson2HttpMessageConverter.java:217)
[INFO]  at org.springframework.http.converter.AbstractHttpMessageConverter.read(AbstractHttpMessageConverter.java:193)
[INFO]  at org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport$AccessTokenErrorHandler.handleError(OAuth2AccessTokenSupport.java:235)
[INFO]  at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:700)
[INFO]  at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:653)
[INFO]  at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:621)
[INFO]  at org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport.retrieveToken(OAuth2AccessTokenSupport.java:137)
[INFO]  ... 69 common frames omitted

下面是我的配置:

application.yml:

代码语言:javascript
运行
复制
security:
  oauth2:
    client:
      clientId: XXXXX
      clientSecret: XXXXX
      accessTokenUri: https://www.googleapis.com/oauth2/v4/token
      userAuthorizationUri: https://accounts.google.com/o/oauth2/v2/auth
      clientAuthenticationScheme: form
      scope:
        - openid
        - email
        - profile
    resource:
      userInfoUri: https://www.googleapis.com/oauth2/v3/userinfo
      preferTokenInfo: true

Spring安全配置:

代码语言:javascript
运行
复制
@Configuration
@EnableOAuth2Sso
@EnableWebSecurity
class WebSecurityConfig : WebSecurityConfigurerAdapter() {
    @Throws(Exception::class)
    override fun configure(http: HttpSecurity) {
        http
                .authorizeRequests()
                    .antMatchers("/", "/home", "/webjars/**", "/count", "/login")
                    .permitAll()
                .anyRequest()
                    .authenticated()
                .and()
                    .formLogin()
                    .loginPage("/login")
                    .permitAll()
                .and()
                    .logout()
                    .logoutUrl("/logout")
                    .logoutSuccessUrl("/")
                    .permitAll()
    }
}

MVC控制器:

代码语言:javascript
运行
复制
@Configuration
class MvcConfiguration : WebMvcConfigurerAdapter() {

    override fun addViewControllers(registry: ViewControllerRegistry?) {
        super.addViewControllers(registry)
        registry?.addViewController("/home")?.setViewName("home");
        registry?.addViewController("/")?.setViewName("home");
        registry?.addViewController("/hello")?.setViewName("hello");
    }

}

我在google api控制台中设置的重定向页面是:https://my-awesome-app.appspot.com/login。当我在http://localhost:8080上测试的时候,所有的工作都是正常的。也许ssl有什么问题?

顺便说一下,我正在使用kotlin。但它与Java非常相似

有人能帮我吗?

spring-boot
spring-security
kotlin
spring-oauth2
google-app-engine
EN

回答 1

Stack Overflow用户

发布于 2019-06-15 06:59:40

很难找到正确的答案,因为没有打印出完整的堆栈跟踪。

查看堆栈跟踪,有几个关键错误状态:

代码语言:javascript
运行
复制
[INFO] org.springframework.security.authentication.BadCredentialsException: Could not obtain access token
...
[INFO] Caused by: org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException: Access token denied.

这表明您的应用程序的OAuth客户端没有经过正确的身份验证,或者您正在使用的凭据无效。

我建议使用Google Java API客户端,而不是设置您自己的访问令牌和用户身份验证URI,它将为您处理此问题:

https://github.com/googleapis/google-api-java-client

这里有一些显示OAuth流的G套件示例:https://github.com/gsuitedevs/java-samples

也许这个答案也很有用:Get user info via Google API

票数 0
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/45908462

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2025 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 深公网安备号 44030502008569

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号 | 京公网安备号11010802020287

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档