1

我尝试在 Spring Boot 项目中设置 OAuth2RestTemplate。我尝试遵循自定义设置,但由于某种原因,我authorization_request_not_found在尝试访问安全资源时总是出错。

我的应用配置:

@EnableOAuth2Client
@SpringBootApplication
public class AppConfig {

public static void main(String[] args) {
    SpringApplication.run(AppConfig.class, args);
}

@Bean
RestTemplate restTemplate(OAuth2ProtectedResourceDetails oauth2RemoteResource) {
    return new OAuth2RestTemplate(oauth2RemoteResource);
}

}

安全配置:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .mvcMatchers("/", "/login/**").permitAll()
                .mvcMatchers("/secure").authenticated()
                .anyRequest().permitAll()
                .and()
                .oauth2Login()
                .and()
                .oauth2Client();
    }
}

控制器:

@GetMapping("/secure")
public String secure() {
    Object result = restTemplate.getForObject("https://esi.evetech.net/latest/alliances", Object.class);
    return "/";
}

应用程序.yml:

 security:
  oauth2:
    client:
      id: eve
      client-id: clientId
      client-secret: secret
      grant-type: authorization_code
      user-authorization-uri: https://login.eveonline.com/v2/oauth/authorize
      access-token-uri: https://login.eveonline.com/v2/oauth/token
      pre-established-redirect-uri: http://localhost:8080/login/oauth2/code/eve
      use-current-uri: false
      scope:
        - esi-characters.read_blueprints.v1
    resource:
      user-info-uri: https://login.eveonline.com/oauth/verify
spring:
  security:
    oauth2:
      client:
        registration:
          eve:
            authorization-grant-type: authorization_code
            client-id: clientId
            client-secret: secret
            redirect-uri: http://localhost:8080/login/oauth2/code/eve
            client-authentication-method: basic
            scope:
              - esi-characters.read_blueprints.v1
        provider:
          eve:
            authorization-uri: https://login.eveonline.com/v2/oauth/authorize
            token-uri: https://login.eveonline.com/v2/oauth/token
            user-info-uri: https://login.eveonline.com/oauth/verify
            user-name-attribute: CharacterID

现在我发现这也很有趣,因为我不确定为什么必须两次声明这些属性。我的意思是在构造函数中读取属性OAuth2RestTemplateAuthorizationCodeResourceDetails实例,而构造函数内部读取另一个,我只是不明白为什么会这样?有简单的设置吗?AppConfigsecurity.oatuh2.clientDefaultOAuth2ClientContextOAuth2RestTemplate

无论如何要回到最初的问题,当我访问/secure它时,我会将我重定向到登录页面,在那里我成功登录,然后将我重定向回该/secure页面,到目前为止一切都很好。

就在调用 restTemplate 之前,我在日志中有这个:

2020-05-06 22:55:31.528 DEBUG 29177 --- [nio-8080-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor    : Secure object: FilterInvocation: URL: /secure; Attributes: [authenticated]
2020-05-06 22:55:31.528 DEBUG 29177 --- [nio-8080-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor    : Previously Authenticated: org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken@3bb07c9: Principal: Name: [<ID>], Granted Authorities: [[ROLE_USER, SCOPE_esi-characters.read_blueprints.v1]], User Attributes: [{CharacterID=<ID>, CharacterName=<Name>, ExpiresOn=2020-05-06T22:15:31, Scopes=esi-characters.read_blueprints.v1, TokenType=Character, CharacterOwnerHash=<Hash>, IntellectualProperty=EVE}]; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 472A39D41FE34AC90781A80E39E4A52D; Granted Authorities: ROLE_USER, SCOPE_esi-characters.read_blueprints.v1
2020-05-06 22:55:31.529 DEBUG 29177 --- [nio-8080-exec-4] o.s.s.access.vote.AffirmativeBased       : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@47a65378, returned: 1

但是在调用 restTemplate 之后:

2020-05-06 23:00:31.482 DEBUG 29177 --- [nio-8080-exec-4] o.s.web.servlet.DispatcherServlet        : Failed to complete request: org.springframework.security.oauth2.client.resource.UserRedirectRequiredException: A redirect is required to get the users approval
2020-05-06 23:00:31.483 DEBUG 29177 --- [nio-8080-exec-4] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@205366de
2020-05-06 23:00:31.483 DEBUG 29177 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2020-05-06 23:00:31.484 DEBUG 29177 --- [nio-8080-exec-4] o.s.s.web.DefaultRedirectStrategy        : Redirecting to 'https://login.eveonline.com/v2/oauth/authorize?client_id=<clientId>&redirect_uri=http://localhost:8080/login/oauth2/code/eve&response_type=code&scope=esi-characters.read_blueprints.v1&state=<state>'

如您所见,它带我回到登录页面,所以我再次登录,这次我收到错误:[authorization_request_not_found]

日志:

2020-05-06 23:02:27.285 DEBUG 29177 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy        : /login/oauth2/code/eve?code=<code>&state=<state> at position 8 of 17 in additional filter chain; firing Filter: 'OAuth2LoginAuthenticationFilter'
2020-05-06 23:02:27.285 DEBUG 29177 --- [nio-8080-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login/oauth2/code/eve'; against '/login/oauth2/code/*'
2020-05-06 23:02:27.285 DEBUG 29177 --- [nio-8080-exec-6] .s.o.c.w.OAuth2LoginAuthenticationFilter : Request is to process authentication
2020-05-06 23:02:27.287 DEBUG 29177 --- [nio-8080-exec-6] .s.o.c.w.OAuth2LoginAuthenticationFilter : Authentication request failed: org.springframework.security.oauth2.core.OAuth2AuthenticationException: [authorization_request_not_found] 

org.springframework.security.oauth2.core.OAuth2AuthenticationException: [authorization_request_not_found] 
    at org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter.attemptAuthentication(OAuth2LoginAuthenticationFilter.java:163) ~[spring-security-oauth2-client-5.2.2.RELEASE.jar:5.2.2.RELEASE]

我在这一点上迷路了,不知道为什么我会得到这个。

我还将项目上传到github,以防更容易检查它有什么问题。

谢谢

4

0 回答 0