1

我想将我的 spring 云网关应用程序与apereo CAS服务器(在 8443 端口上运行)集成,并将服务器配置CASOauth2授权服务器。这是流程;

  • 我请求网关

  • 它与授权服务器交互(CAS此处)

  • 在交互之前,它需要在那里登录。

  • 我使用默认cas-overlay-template凭据成功登录。(casuser:Mellon

  • caslogin/oauth2/code/login-client?code=OC-3-TURQDNdC4jXulPgK7ipJSzfoBLi-iaSv&state=aitARK42e0zx2iTFkeZxoRM2rLehXSex6gTIfZOHlwY%3D使用url重定向到网关。

  • [invalid_grant]网关发生错误。

我检查Spring Cloud Gateway跟踪日志并在获取访问令牌步骤时发生错误。

[ctor-http-nio-2] o.s.w.s.adapter.HttpWebHandlerAdapter    : [33597172] Completed 302 FOUND, headers={masked}
[ctor-http-nio-2] o.s.h.s.r.ReactorHttpHandlerAdapter      : [33597172] Handling completed
[ctor-http-nio-2] o.s.w.s.adapter.HttpWebHandlerAdapter    : [33597172] HTTP GET "/login/oauth2/code/login-client?code=OC-14-F99FROWxhVYzpfxkmQqB1BAfP-oOfIfI&state=Y9XC3NNkPUvb649Tx0dIDG4ZyIInioAD-xT2ll3bfII%3D", headers={masked}
[ctor-http-nio-2] o.s.w.r.f.client.ExchangeFunctions       : [dee9e83] HTTP POST http://localhost:8443/cas/oauth2.0/accessToken, headers={masked}
[ctor-http-nio-2] o.s.http.codec.FormHttpMessageWriter     : [dee9e83] Writing form fields [grant_type, code, redirect_uri] (content masked)
[ctor-http-nio-2] o.s.w.r.f.client.ExchangeFunctions       : [dee9e83] Response 400 BAD_REQUEST, headers={masked}
[ctor-http-nio-2] o.s.http.codec.json.Jackson2JsonDecoder  : [dee9e83] Decoded [{error=invalid_grant}]

显然,由于请求错误,它无法access_token请求。但是,我找不到有效的参数是什么。而且,我不手动请求,而是在幕后自动发生。我的错误在哪里?感谢您的帮助。

这是我的spring cloud gateway配置:

spring:
  security:
    oauth2:
      client:
        registration:
          login-client:
            provider: uaa
            client-id: first-client
            client-secret: noonewilleverguess
            authorization-grant-type: authorization_code
            redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
        provider:
          uaa:
            authorization-uri: http://localhost:8443/cas/oauth2.0/authorize
            token-uri: http://localhost:8443/cas/oauth2.0/accessToken
            user-info-uri: http://localhost:8443/cas/oauth2.0/profile
            prefer-token-info: false
            client-authentication-scheme: form

cas oauth2注册服务:

{
  "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
  "clientId": "first-client",
  "clientSecret": "noonewilleverguess",
  "serviceId": "http://localhost:8085/.*",
  "name": "OAuthService",
  "bypassApprovalPrompt": true,
  "id": 1003,
  "supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code" ] ],
  "supportedResponseTypes": [ "java.util.HashSet", [ "code" ] ]
}

我使用的资源:

https://apereo.github.io/2019/02/19/cas61-as-oauth-authz-server/

https://apereo.github.io/cas/5.3.x/installation/OAuth-OpenId-Authentication.html#responsegrant-types

4

1 回答 1

2

好吧,这个问题其实很简单。spring cloud gateway 自动填充 3 个字段(grant_type、code、redirect_uri),但 cas apereo 服务器有 api,它需要 5 个字段(grant_type、code、redirect_uri 以及 client_id、client_secret)。为了解决这个问题,您可以定义您的 api,它在 cas 处采用 3 个参数,其余逻辑将相同。您唯一要做的就是覆盖访问令牌 api 字段行为。

于 2020-02-27T08:25:37.733 回答