我使用 Spring Boot 创建了一个 Oauth 2.0 服务器和一个客户端。这是我的项目 GitHub 。
但是我无法从 oauth 服务器获取 token 。
服务器日志:
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:232) ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE]
............
o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern='/**/favicon.ico']]
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/access_token'; against '/**/favicon.ico'
o.s.s.w.u.matcher.NegatedRequestMatcher : matches = true
o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@6a55ed36, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]]
o.s.s.w.u.m.MediaTypeRequestMatcher : httpRequestMediaTypes=[application/json, application/x-www-form-urlencoded]
o.s.s.w.u.m.MediaTypeRequestMatcher : Processing application/json
o.s.s.w.u.m.MediaTypeRequestMatcher : application/json .isCompatibleWith application/json = true
o.s.s.w.u.matcher.NegatedRequestMatcher : matches = false
o.s.s.w.util.matcher.AndRequestMatcher : Did not match
o.s.s.w.s.HttpSessionRequestCache : Request not saved as configured RequestMatcher did not match
o.s.s.w.a.ExceptionTranslationFilter : Calling Authentication entry point.
o.s.s.web.DefaultRedirectStrategy : Redirecting to 'http:/ /localhost:8789/server/login'
w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed`
客户端日志:
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login/my'; against '/login/facebook'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login/my'; against '/login/my'
uth2ClientAuthenticationProcessingFilter : Request is to process authentication
g.c.AuthorizationCodeAccessTokenProvider : Retrieving token from ht tp://localhost:8789/server/oauth/access_token
g.c.AuthorizationCodeAccessTokenProvider : Encoding and sending form: {grant_type=[authorization_code], code=[4597x5], redirect_uri=[h ttp://localhost:8788/login/my]}
w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2016-03-17 18:39:43.229 ERROR 23430 --- [nio-8788-exec-8] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception
java.lang.IllegalStateException: An OAuth 2 access token must be obtained or an exception thrown.
at org.springframework.security.oauth2.client.token.AccessTokenProviderChain.obtainAccessToken(AccessTokenProviderChain.java:121) ~[spring-security-oauth2-2.0.9.RELEASE.jar:na]
at org.springframework.security.oauth2.client.OAuth2RestTemplate.acquireAccessToken(OAuth2RestTemplate.java:221) ~[spring-security-oauth2-2.0.9.RELEASE.jar:na]
at org.springframework.security.oauth2.client.OAuth2RestTemplate.getAccessToken(OAuth2RestTemplate.java:173) ~[spring-security-oauth2-2.0.9.RELEASE.jar:na]
at org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter.attemptAuthentication(OAuth2ClientAuthenticationProcessingFilter.java:94) ~[spring-security-oauth2-2.0.9.RELEASE.jar:na]`
...
最佳答案
我找到了答案。我没有通过 Spring Security 保护所有服务器资源,现在它运行良好。如果您需要详细信息,您可以查看我的项目中的更改。
关于java - 无法从我的 Oauth 服务器获取 token ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36066877/