java - 无法从我的 Oauth 服务器获取 token

Question

我使用 Spring Boot 创建了一个 Oauth 2.0 服务器和一个客户端。这是我的项目 GitHub 。

但是我无法从 oauth 服务器获取 token 。

服务器日志:

org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:232) ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE]

............

o.s.s.w.util.matcher.AndRequestMatcher   : Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern='/**/favicon.ico']]
o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/oauth/access_token'; against '/**/favicon.ico'
o.s.s.w.u.matcher.NegatedRequestMatcher  : matches = true
o.s.s.w.util.matcher.AndRequestMatcher   : Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@6a55ed36, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]]
o.s.s.w.u.m.MediaTypeRequestMatcher      : httpRequestMediaTypes=[application/json, application/x-www-form-urlencoded]
o.s.s.w.u.m.MediaTypeRequestMatcher      : Processing application/json
o.s.s.w.u.m.MediaTypeRequestMatcher      : application/json .isCompatibleWith application/json = true
o.s.s.w.u.matcher.NegatedRequestMatcher  : matches = false
o.s.s.w.util.matcher.AndRequestMatcher   : Did not match
o.s.s.w.s.HttpSessionRequestCache        : Request not saved as configured RequestMatcher did not match
o.s.s.w.a.ExceptionTranslationFilter     : Calling Authentication entry point.
o.s.s.web.DefaultRedirectStrategy        : Redirecting to 'http:/ /localhost:8789/server/login'
w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed`

客户端日志:

o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login/my'; against '/login/facebook'
o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/login/my'; against '/login/my'
uth2ClientAuthenticationProcessingFilter : Request is to process authentication
g.c.AuthorizationCodeAccessTokenProvider : Retrieving token from ht tp://localhost:8789/server/oauth/access_token
g.c.AuthorizationCodeAccessTokenProvider : Encoding and sending form: {grant_type=[authorization_code], code=[4597x5], redirect_uri=[h ttp://localhost:8788/login/my]}
w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2016-03-17 18:39:43.229 ERROR 23430 --- [nio-8788-exec-8] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception

java.lang.IllegalStateException: An OAuth 2 access token must be obtained or an exception thrown.
at org.springframework.security.oauth2.client.token.AccessTokenProviderChain.obtainAccessToken(AccessTokenProviderChain.java:121) ~[spring-security-oauth2-2.0.9.RELEASE.jar:na]
at org.springframework.security.oauth2.client.OAuth2RestTemplate.acquireAccessToken(OAuth2RestTemplate.java:221) ~[spring-security-oauth2-2.0.9.RELEASE.jar:na]
at org.springframework.security.oauth2.client.OAuth2RestTemplate.getAccessToken(OAuth2RestTemplate.java:173) ~[spring-security-oauth2-2.0.9.RELEASE.jar:na]
at org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter.attemptAuthentication(OAuth2ClientAuthenticationProcessingFilter.java:94) ~[spring-security-oauth2-2.0.9.RELEASE.jar:na]`

...

Answer 1

我找到了答案。我没有通过 Spring Security 保护所有服务器资源，现在它运行良好。如果您需要详细信息，您可以查看我的项目中的更改。