Spring 引导资源服务器无效令牌
[英]Spring Boot Resource Server Invalid Token
问题描述
I'm trying to configure OAuth2 for a Spring project.
我正在尝试为 Spring 项目配置 OAuth2。 I used jdbc authentification and my authorization server and resource server are two separate API.我使用了 jdbc 身份验证,我的授权服务器和资源服务器是两个独立的 API。 My issue is now with the microservices.我的问题现在与微服务有关。 I'm trying to use this shared authorization server to authenticate the microservices.我正在尝试使用此共享授权服务器来验证微服务。 I can get access_token from the token endpoint.我可以从令牌端点获取 access_token。
I can check the access_token from the check_token endpoint.我可以从 check_token 端点检查 access_token。
My resource server configuration:我的资源服务器配置:
@SpringBootApplication
@EnableCircuitBreaker
@EnableDiscoveryClient
@EnableResourceServer
public class ProductApiServiceApplication {
public static void main(String[] args) {
SpringApplication.run(ProductApiServiceApplication.class, args);
}
}
And application.yml:和 application.yml:
security:
oauth2:
client:
client-id: saba-product-api-service
client-secret: secret123
resource:
id: saba-product-api-service
token-info-uri: http://localhost:9999/uaa/oauth/check_token
And REST controller:和 REST controller:
@GetMapping("/user/me")
public Principal user(Principal principal) {
return principal;
}
When I call the /user/me endpoint I get invalid_token.当我调用 /user/me 端点时,我得到了 invalid_token。
My Resource Server log:我的资源服务器日志:
And my Authorization Server log:我的授权服务器日志:
What is wrong with my code?我的代码有什么问题?
Update更新
The problem is because of this code:问题是因为这段代码:
2 个解决方案
解决方案1
1 2021-04-15 21:22:03
I had the same issue.我遇到过同样的问题。 In my case, I was using spring cloud oauth2, Hoxton.SR4 release and it was working.就我而言,我使用的是 spring 云 oauth2,Hoxton.SR4 版本,它正在工作。 So, I change to Hoxton.SR6 and the issue was throwed.所以,我改用 Hoxton.SR6 并抛出了问题。 My Authoriation Server also was a Eureka's client, and the issue was origined cause this dependency.我的授权服务器也是 Eureka 的客户端,问题的根源在于这种依赖关系。 There was one dependência inside Eureka Client, named jackson-dataformat-xml, and because it the return of check_token endpoint was converted in xml instead json.在 Eureka Client 中有一个依赖,名为 jackson-dataformat-xml,因为它返回的 check_token 端点被转换为 xml 而不是 json。 When RemoteTokenServices called check_token, and the resulta was a xml, it culdn't decerialized in map<String,Object> the right way.当 RemoteTokenServices 调用 check_token 时,结果是 xml,它没有以正确的方式在 map<String,Object> 中反序列化。 If you had more than one aud, scope or authorities, it picked the last one.如果您有多个 aud、scope 或授权,它会选择最后一个。 And the active propertie was trated as string.并且 active 属性被视为字符串。 In my case I solved the issue excluding in Authorization Server the dependency mentioned from Eureka Client, like this:在我的情况下,我解决了在授权服务器中排除 Eureka Client 提到的依赖项的问题,如下所示:
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
<exclusions>
<exclusion>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-xml</artifactId>
</exclusion>
</exclusions>
</dependency>
解决方案2
0 已采纳 2020-07-15 05:53:02
Finally, I replaced最后,我换了
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.3.4.RELEASE</version>
</dependency>
with和
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.5.0.RELEASE</version>
</dependency>
// gh-838
if (map.containsKey("active") && !"true".equals(String.valueOf(map.get("active")))) {
logger.debug("check_token returned active attribute: " + map.get("active"));
throw new InvalidTokenException(accessToken);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.