4

我在使用 Spring SocialAuthenticationFilter 时遇到问题,我看到它已加载到过滤器链中,但是当我访问“/auth/facebook?code=...”时,它不会处理该输入。

这是我的 WebSecurityConfig 的配置方法:

@Override
protected void configure(HttpSecurity http) throws Exception {
    //@formatter:off
    http
            .csrf().disable()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .authorizeRequests()
            .antMatchers("/oauth/token").permitAll()
            .antMatchers("/auth/**").permitAll()
            .antMatchers(HttpMethod.OPTIONS, "/oauth/token").permitAll()
            .anyRequest().authenticated()
            .and()
            .apply(new SpringSocialConfigurer());
    //@formatter:on
}

在输出中,我得到了关于过滤器链的信息:

2015-07-06 12:42:08.400 INFO 28531 --- [ost-startStop-1] ossweb.DefaultSecurityFilterChain:创建过滤器链:org.springframework.security.web.util.matcher.AnyRequestMatcher@1,[org.springframework .security.web.context.request.async.WebAsyncManagerIntegrationFilter@4cb4e09b, org.springframework.security.web.context.SecurityContextPersistenceFilter@4ac65d33, org.springframework.security.web.header.HeaderWriterFilter@3181e122, org.springframework.security.web .authentication.logout.LogoutFilter@3492e7fd, 
 org.springframework.social.security.SocialAuthenticationFilter@1b2b4922
,org.springframework.security.web.savedrequest.RequestCacheAwareFilter@392294cd, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@794fa3a, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@3f3e8762, org.springframework.security.web .session.SessionManagementFilter@3d31d08d, org.springframework.security.web.access.ExceptionTranslationFilter@31e84fe1, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@d8d9225]

这是关于 URL 匹配的:

2015-07-06 12:43:22.075 调试 28531 --- [nio-8080-exec-2] osswumatcher.AntPathRequestMatcher:检查请求匹配:'/auth/facebook';反对'/css/**'
    2015-07-06 12:43:22.075 调试 28531 --- [nio-8080-exec-2] osswumatcher.AntPathRequestMatcher:检查请求匹配:'/auth/facebook';反对'/js/**'
    2015-07-06 12:43:22.075 调试 28531 --- [nio-8080-exec-2] osswumatcher.AntPathRequestMatcher:检查请求匹配:'/auth/facebook';反对 '/images/**'
    2015-07-06 12:43:22.075 调试 28531 --- [nio-8080-exec-2] osswumatcher.AntPathRequestMatcher:检查请求匹配:'/auth/facebook';反对'/**/favicon.ico'
    2015-07-06 12:43:22.075 调试 28531 --- [nio-8080-exec-2] osswumatcher.AntPathRequestMatcher:检查请求匹配:'/auth/facebook';反对“/信息”
    2015-07-06 12:43:22.075 调试 28531 --- [nio-8080-exec-2] osswumatcher.AntPathRequestMatcher:检查请求匹配:'/auth/facebook';反对“/健康”
    2015-07-06 12:43:22.076 调试 28531 --- [nio-8080-exec-2] osswumatcher.AntPathRequestMatcher:检查请求匹配:'/auth/facebook';反对'/错误'
    2015-07-06 12:43:22.076 调试 28531 --- [nio-8080-exec-2] ossweb.util.matcher.OrRequestMatcher:尝试使用 Ant [pattern='/oauth/token'] 进行匹配
    2015-07-06 12:43:22.076 调试 28531 --- [nio-8080-exec-2] osswumatcher.AntPathRequestMatcher:检查请求匹配:'/auth/facebook';反对'/oauth/token'
    2015-07-06 12:43:22.076 调试 28531 --- [nio-8080-exec-2] ossweb.util.matcher.OrRequestMatcher:尝试使用 Ant [pattern='/oauth/token_key'] 进行匹配
    2015-07-06 12:43:22.076 调试 28531 --- [nio-8080-exec-2] osswumatcher.AntPathRequestMatcher:检查请求匹配:'/auth/facebook';反对'/oauth/token_key'
    2015-07-06 12:43:22.076 调试 28531 --- [nio-8080-exec-2] ossweb.util.matcher.OrRequestMatcher:尝试使用 Ant [pattern='/oauth/check_token'] 进行匹配
    2015-07-06 12:43:22.076 调试 28531 --- [nio-8080-exec-2] osswumatcher.AntPathRequestMatcher:检查请求匹配:'/auth/facebook';反对'/oauth/check_token'
    2015-07-06 12:43:22.076 调试 28531 --- [nio-8080-exec-2] ossweb.util.matcher.OrRequestMatcher:找不到匹配项
    2015-07-06 12:43:22.076 调试 28531 --- [nio-8080-exec-2] ossweb.util.matcher.OrRequestMatcher:尝试使用 org.springframework.security.web.util.matcher.AnyRequestMatcher@ 进行匹配1
    2015-07-06 12:43:22.076 调试 28531 --- [nio-8080-exec-2] ossweb.util.matcher.OrRequestMatcher:匹配
    2015-07-06 12:43:22.076 调试 28531 --- [nio-8080-exec-2] ossecurity.web.FilterChainProxy : /auth/facebook?code=AQB2OSMHtYeuu-***-5tQvCyxOGkZCQsnAxFgCKYRE248MXPqEb5VI63W16IJrNyw36los1 的位置额外的过滤器链;触发过滤器:'WebAsyncManagerIntegrationFilter'
    2015-07-06 12:43:22.076 调试 28531 --- [nio-8080-exec-2] ossecurity.web.FilterChainProxy:/auth/facebook?code=AQB2OSMHtYeuu-***-5tQvCyxOGkZCQsnAxFgCKYRE248MXPqEb5VI63W16IJrNyw32los1 的位置额外的过滤器链;触发过滤器:'SecurityContextPersistenceFilter'
    2015-07-06 12:43:22.076 调试 28531 --- [nio-8080-exec-2] ossecurity.web.FilterChainProxy : /auth/facebook?code=AQB2OSMHtYeuu-***-5tQvCyxOGkZCQsnAxFgCKYRE248MXPqEb5VI63W16IJrNyw36los1 的位置额外的过滤器链;触发过滤器:'HeaderWriterFilter'
    2015-07-06 12:43:22.077 调试 28531 --- [nio-8080-exec-2] osswheader.writers.HstsHeaderWriter:不注入 HSTS 标头,因为它与 requestMatcher org.springframework.security.web.header 不匹配.writers.HstsHeaderWriter$SecureRequestMatcher@3f8843c2
    2015-07-06 12:43:22.077 调试 28531 --- [nio-8080-exec-2] ossecurity.web.FilterChainProxy : /auth/facebook?code=AQB2OSMHtYeuu-***-5tQvCyxOGkZCQsnAxFgCKYRE248MXPqEb5VI63W16IJrNyw36los1 的位置额外的过滤器链;触发过滤器:'LogoutFilter'
    2015-07-06 12:43:22.077 调试 28531 --- [nio-8080-exec-2] osswumatcher.AntPathRequestMatcher:检查请求匹配:'/auth/facebook';反对“/注销”
    2015-07-06 12:43:22.077 调试 28531 --- [nio-8080-exec-2] ossecurity.web.FilterChainProxy : /auth/facebook?code=AQB2OSMHtYeuu-***-5tQvCyxOGkZCQsnAxFgCKYRE248MXPqEb5VI63W16IJrNyw36los1 的位置额外的过滤器链;触发过滤器:'OAuth2AuthenticationProcessingFilter'
    2015-07-06 12:43:22.077 调试 28531 --- [nio-8080-exec-2] ossopaBearerTokenExtractor:在标头中找不到令牌。尝试请求参数。
    2015-07-06 12:43:22.077 调试 28531 --- [nio-8080-exec-2] ossopaBearerTokenExtractor:在请求参数中找不到令牌。不是 OAuth2 请求。
    2015-07-06 12:43:22.077 调试 28531 --- [nio-8080-exec-2] paOAuth2AuthenticationProcessingFilter:请求中没有令牌,将继续链。
    2015-07-06 12:43:22.077 调试 28531 --- [nio-8080-exec-2] ossecurity.web.FilterChainProxy : /auth/facebook?code=AQB2OSMHtYeuu-***-5tQvCyxOGkZCQsnAxFgCKYRE248MXPqEb5VI63W16IJrNyw36los1 的位置额外的过滤器链;触发过滤器:'RequestCacheAwareFilter'
    2015-07-06 12:43:22.077 调试 28531 --- [nio-8080-exec-2] ossecurity.web.FilterChainProxy:/auth/facebook?code=AQB2OSMHtYeuu-***-5tQvCyxOGkZCQsnAxFgCKYRE248MXPqEb5VI63W16IJrNyw36losb1 的位置额外的过滤器链;触发过滤器:'SecurityContextHolderAwareRequestFilter'
    2015-07-06 12:43:22.077 调试 28531 --- [nio-8080-exec-2] ossecurity.web.FilterChainProxy : /auth/facebook?code=AQB2OSMHtYeuu-***-5tQvCyxOGkZCQsnAxFgCKYRE248MXPqEb5VI63W16IJrNyw36los1 位置 36los1额外的过滤器链;触发过滤器:'AnonymousAuthenticationFilter'
    2015-07-06 12:43:22.078 调试 28531 --- [nio-8080-exec-2] osswaAnonymousAuthenticationFilter:使用匿名令牌填充 SecurityContextHolder:'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6:主体:anonymousUser;凭证:[受保护];已认证:真实;详细信息:org.springframework.security.web.authentication.WebAuthenticationDetails@957e:RemoteIpAddress:127.0.0.1;会话ID:空;授予权限:ROLE_ANONYMOUS'
    2015-07-06 12:43:22.078 调试 28531 --- [nio-8080-exec-2] ossecurity.web.FilterChainProxy:/auth/facebook?code=AQB2OSMHtYeuu-***-5tQvCyxOGkZCQsnAxFgCKYRE248MXPqEb5VI63W16IJrNyw36los1 位置额外的过滤器链;触发过滤器:'SessionManagementFilter'
    2015-07-06 12:43:22.078 调试 28531 --- [nio-8080-exec-2] ossecurity.web.FilterChainProxy : /auth/facebook?code=AQB2OSMHtYeuu-***-5tQvCyxOGkZCQsnAxFgCKYRE248MXPqEb5VI63W16IJrNyw36losb 位置额外的过滤器链;触发过滤器:'ExceptionTranslationFilter'
    2015-07-06 12:43:22.078 调试 28531 --- [nio-8080-exec-2] ossecurity.web.FilterChainProxy : /auth/facebook?code=AQB2OSMHtYeuu-***-5tQvCyxOGkZCQsnAxFgCKYRE248MXPqEb5VI63W16IJrNyw36losb 的位置额外的过滤器链;触发过滤器:'FilterSecurityInterceptor'
    2015-07-06 12:43:22.078 调试 28531 --- [nio-8080-exec-2] osswaiFilterSecurityInterceptor:安全对象:FilterInvocation:URL:/auth/facebook?code=AQB2OSMHtYeuu-***-5tQvCyxOGkZCQsnAxFgCKYRE248MXPqEb5VIsb3W3Iqr7NPqEb5VIsb3W3Iqr7N36lo 属性:[#oauth2.throwOnError(permitAll)]
    2015-07-06 12:43:22.078 DEBUG 28531 --- [nio-8080-exec-2] osswaiFilterSecurityInterceptor:以前经过身份验证:org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6:主体:anonymousUser;凭证:[受保护];已认证:真实;详细信息:org.springframework.security.web.authentication.WebAuthenticationDetails@957e:RemoteIpAddress:127.0.0.1;会话ID:空;授予权限:ROLE_ANONYMOUS
    2015-07-06 12:43:22.079 调试 28531 --- [nio-8080-exec-2] ossaccess.vote.AffirmativeBased:投票者:org.springframework.security.web.access.expression.WebExpressionVoter@361b4478,返回: 1
    2015-07-06 12:43:22.079 调试 28531 --- [nio-8080-exec-2] osswaiFilterSecurityInterceptor:授权成功
    2015-07-06 12:43:22.079 调试 28531 --- [nio-8080-exec-2] osswaiFilterSecurityInterceptor:RunAsManager 没有更改身份验证对象
    2015-07-06 12:43:22.079 调试 28531 --- [nio-8080-exec-2] ossecurity.web.FilterChainProxy : /auth/facebook?code=AQB2OSMHtYeuu-***-5tQvCyxOGkZCQsnAxFgCKYRE248MXPqEb5VI63W6IJrNyw36losb 过滤器链结束; 继续原链
    2015-07-06 12:43:22.085 调试 28531 --- [nio-8080-exec-2] .sopeFrameworkEndpointHandlerMapping:查找路径 /auth/facebook 的处理程序方法
    2015-07-06 12:43:22.086 调试 28531 --- [nio-8080-exec-2] .sopeFrameworkEndpointHandlerMapping:没有找到 [/auth/facebook] 的处理程序方法
    2015-07-06 12:43:22.088 DEBUG 28531 --- [nio-8080-exec-2] osswaExceptionTranslationFilter:链处理正常
    2015-07-06 12:43:22.089 调试 28531 --- [nio-8080-exec-2] sswcSecurityContextPersistenceFilter:SecurityContextHolder 现在已清除,因为请求处理已完成

请告诉我您是否看到错误,或者您可以建议一种调试方法。

谢谢!

4

0 回答 0