堆棧內存溢出
  簡體   English   中英

在請求訪問令牌OAuth2 Spring實現時出現500 http錯誤

[英]Getting 500 http error on requesting access token OAuth2 Spring implementation

 原文  2014-10-20 07:54:49       spring/ spring-mvc/ spring-security/ spring-security-oauth2

問題描述

這是問題序列, 重定向到訪問令牌入口點Oauth Token時出現問題

我已經在修復某些問題方面提供了幫助,但是在進入/ oauth / token時,我在授權/權限上遇到了錯誤。 我正在使用Spring 4.0.5.RELEASE,Spring-Security 3.2.5.RELEASE和現在的Spring-Oauth2 2.0.4-build代替2.0.3.RELEASE。

錯誤如下,我懷疑入口點安全性或oauth2:authorization-server有問題。 

HTTP Status 500 - Request processing failed; nested exception is error="access_denied", error_description="Error requesting access token."

org.springframework.web.util.NestedServletException: Request processing failed; nested exception is error="access_denied", error_description="Error requesting access token."
    org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:973)
    org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:852)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:618)
    org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:837)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
    org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
    org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter.doFilter(OAuth2ClientContextFilter.java:57)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:85)
    org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
    org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
    org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
    org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
    org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
    org.apache.logging.log4j.core.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:66)

這是我的授權服務器設置: 

<oauth2:authorization-server client-details-service-ref="webServiceClientService" 
    token-services-ref="tokenServices" user-approval-page="/oauth/userapproval" 
    error-page="/oauth/error" authorization-endpoint-url="/oauth/authorize" 
    token-endpoint-url="/oauth/token" user-approval-handler-ref="userApprovalHandler" 
    redirect-resolver-ref="resolver">
    <oauth2:authorization-code
        authorization-code-services-ref="codes" />
    <oauth2:implicit/>
    <oauth2:refresh-token/>
    <oauth2:client-credentials/>
    <oauth2:password authentication-manager-ref="userAuthenticationManager"/>
</oauth2:authorization-server>

我的userAuthenticationManager的密碼是: 

<sec:authentication-manager alias="userAuthenticationManager"> 
<sec:authentication-provider user-service-ref="userService"> 
<sec:password-encoder ref="passwordEncoder"/> 
</sec:authentication-provider> 
</sec:authentication-manager>

其中,userService是UserDetailsS​​ervice的實現。

對於pattern =“ / oauth / token”,我具有在用戶角色上定義的access =“ hasAuthority('OAUTH_CLIENT')”。對於會話create-session =“ stateless”和身份驗證管理器, REF = “oauthClientAuthenticationManager”。 oauthClientAuthenticationManager具有作為身份驗證提供程序的user-service-ref =“ clientDetailsUserService”,它是UserDetailsS​​ervice的實現。我具有entry-point-ref =“ oauthAuthenticationEntryPoint”,它是org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoin‌t和不更改領域或TypeName。

我也有 。 clientAuthenticationEntryPoint也是OAuth2AuthenticationEntryPoint,但是我將typeName設置為Basic,而Realm重新設置了默認的oauth。

我也設定 

<sec:custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER" /><sec:access-denied-handler ref="oauthAccessDeniedHandler" /> 
<sec:expression-handler ref="webSecurityExpressionHandler" />

其中clientCredentialsTokenEndpointFilter是org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter,其中oauthClientAuthenticationManager作為身份驗證管理器。 

<sec:authentication-manager id="oauthClientAuthenticationManager"> 
<sec:authentication-provider user-serviceref="clientDetailsUserService"> </sec:authentication-provider> 
</sec:authentication-manager>

我也有 

<sec:access-denied-handler ref="oauthAccessDeniedHandler" /> 
<sec:expression-handler ref="webSecurityExpressionHandler" />

oauthAccessDeniedHandler = org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler。 和webSecurityExpressionHandler = org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionManager

另外我的切入點如下: 

<sec:http use-expressions="true" create-session="stateless"
    authentication-manager-ref="oauthClientAuthenticationManager"
    entry-point-ref="oauthAuthenticationEntryPoint" pattern="/oauth/token">
    <sec:intercept-url pattern="/oauth/token" access="hasAuthority('OAUTH_CLIENT')" />
    <!-- <sec:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" /> -->
    <!-- <sec:http-basic entry-point-ref="oauthAuthenticationEntryPoint"/> -->
    <sec:http-basic entry-point-ref="clientAuthenticationEntryPoint"/>
    <!-- <sec:http-basic/> -->
    <sec:anonymous enabled="false" />
    <sec:custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER" />
    <sec:access-denied-handler ref="oauthAccessDeniedHandler" />
    <sec:expression-handler ref="webSecurityExpressionHandler" />
    <!-- <sec:custom-filter ref="corsFilter" after="LAST"/> -->
</sec:http>

其中clientCredentialsTokenEndpointFilter定義為: 

<beans:bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
    <beans:property name="authenticationManager" ref="oauthClientAuthenticationManager"/>
</beans:bean>


<sec:authentication-manager id="oauthClientAuthenticationManager">
    <sec:authentication-provider user-service-ref="clientDetailsUserService">
    </sec:authentication-provider>
</sec:authentication-manager>

<beans:bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
        <beans:constructor-arg ref="webServiceClientService" />
    </beans:bean>

有什么建議嗎? 謝謝。

1 個解決方案

解決方案1
 0  2014-10-20 08:25:56

我懷疑您的Spring版本是Spring 4.0.5.RELEASE,Spring-Security 3.2.5.RELEASE。 Check Spring 4.0.5適用於Spring-Security 3.2.5。 我認為您應該將Spring 4.0.5降級為3.xx.xx。

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 HTTP標頭中的Spring OAuth2訪問令牌 嘗試在Spring OAuth2中嘗試使用刷新令牌獲取新的訪問令牌時出現無效的客戶端錯誤 Spring OAuth2 - 創建訪問令牌 Spring以編程方式生成oauth2訪問令牌 Spring Oauth2無效的訪問令牌 如何在Spring OAuth2中獲取訪問令牌 Spring Security OAuth2-驗證訪問令牌 Spring OAUTH2 - 訪問令牌到期時間 Oauth2 Spring實施 Spring oauth2 oauth/token http 405 錯誤不支持POST方法
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM