Unable to properly redirect after OAuth2 authentication using Spring Boot

Question

I'm trying to build a basic Spring Boot app that will allow me delegate the work of authenticating users to an external OAuth2 provider such as Facebook.

I've got two main issues:

1. Once the authentication process is complete, and I get:

GET request for " https://graph.facebook.com/me " resulted in 200 (OK)

I also get the following:

Reading [interface java.util.Map] as "application/json" using [org.springframework.http.converter.json.MappingJackson2HttpMessageConverter@2a7ce52b] Delegating to org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy@4f061f45 SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.

It is as if something is wrong with parsing and storing the returned credentials.

2. Sometimes I get a 401 error:

Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Could not obtain access token

It is a some sort of hit and miss, and I could not trace down the problem. It also happened when using Google OAuth2 instead.

I Basically used the @EnableOAuth2Sso annotation, and configured the credentials using the application.yml file:

security:
  oauth2:
    client:
      clientId: 123
      clientSecret: bla
      accessTokenUri: https://graph.facebook.com/oauth/access_token
      userAuthorizationUri: https://www.facebook.com/dialog/oauth
      tokenName: oauth_token
      authenticationScheme: query
      clientAuthenticationScheme: form
    resource:
      userInfoUri: https://graph.facebook.com/me
      preferTokenInfo: false

Any help is much appreciated :)

Answer 1

最终，我设法解决了这一问题，将spring-boot-starter-tomcat maven依赖项标记为<scope>provided</scope> ，从而干扰了在嵌入式tomcat中正确初始化spring上下文对象的能力。