我目前正在开发一个带有 spring boot 的小型 Web 应用程序。我想使用谷歌oauth2登录我的用户。所有这些都在我的计算机上的本地主机中像魅力一样工作,但是当我在 GAE 中部署我的应用程序时,我收到错误。
这是我从 GAE 上的开发服务器获得的错误堆栈。我想错误在生产模式下是相同的。
[INFO] 2017-08-27 17:02:31.290 DEBUG 630 --- [tp1134612201-18] g.c.AuthorizationCodeAccessTokenProvider : Retrieving token from https://www.googleapis.com/oauth2/v4/token
[INFO] 2017-08-27 17:02:31.565 DEBUG 630 --- [tp1134612201-18] o.s.web.client.RestTemplate : Created POST request for "https://www.googleapis.com/oauth2/v4/token"
[INFO] 2017-08-27 17:02:31.566 DEBUG 630 --- [tp1134612201-18] g.c.AuthorizationCodeAccessTokenProvider : Encoding and sending form: {grant_type=[authorization_code], code=[4/PmvPPmFGQF0PamafaItFDiqKT_RwZN4RkdoydpxOTD4], redirect_uri=[https://127.0.0.1:8080/login], client_id=[XXX], client_secret=[YYY]}
[INFO] 2017-08-27 17:02:32.905 DEBUG 630 --- [tp1134612201-18] o.s.web.client.RestTemplate : POST request for "https://www.googleapis.com/oauth2/v4/token" resulted in 400 (OK); invoking error handler
[INFO] 2017-08-27 17:02:33.343 DEBUG 630 --- [tp1134612201-18] o.s.b.f.s.DefaultListableBeanFactory : Returning cached instance of singleton bean 'delegatingApplicationListener'
[INFO] 2017-08-27 17:02:33.381 DEBUG 630 --- [tp1134612201-18] uth2ClientAuthenticationProcessingFilter : Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Could not obtain access token
[INFO]
[INFO] org.springframework.security.authentication.BadCredentialsException: Could not obtain access token
[INFO] at org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter.attemptAuthentication(OAuth2ClientAuthenticationProcessingFilter.java:107)
[INFO] at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
[INFO] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
[INFO] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
[INFO] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
[INFO] at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100)
[INFO] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
[INFO] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
[INFO] at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
[INFO] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
[INFO] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
[INFO] at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
[INFO] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
[INFO] at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
[INFO] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
[INFO] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
[INFO] at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
[INFO] at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
[INFO] at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
[INFO] at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
[INFO] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
[INFO] at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
[INFO] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
[INFO] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
[INFO] at org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter.doFilter(OAuth2ClientContextFilter.java:60)
[INFO] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
[INFO] at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:105)
[INFO] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
[INFO] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
[INFO] at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
[INFO] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
[INFO] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
[INFO] at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
[INFO] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
[INFO] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
[INFO] at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:115)
[INFO] at org.springframework.boot.web.support.ErrorPageFilter.access$000(ErrorPageFilter.java:59)
[INFO] at org.springframework.boot.web.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:90)
[INFO] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
[INFO] at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:108)
[INFO] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
[INFO] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582)
[INFO] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
[INFO] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
[INFO] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
[INFO] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)
[INFO] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512)
[INFO] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
[INFO] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)
[INFO] at com.google.appengine.tools.development.jetty9.DevAppEngineWebAppContext.doScope(DevAppEngineWebAppContext.java:94)
[INFO] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
[INFO] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
[INFO] at com.google.appengine.tools.development.jetty9.JettyContainerService$ApiProxyHandler.handle(JettyContainerService.java:597)
[INFO] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
[INFO] at org.eclipse.jetty.server.Server.handle(Server.java:534)
[INFO] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320)
[INFO] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)
[INFO] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283)
[INFO] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108)
[INFO] at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)
[INFO] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)
[INFO] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
[INFO] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
[INFO] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)
[INFO] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
[INFO] at java.lang.Thread.run(Thread.java:748)
[INFO] Caused by: org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException: Access token denied.
[INFO] at org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport.retrieveToken(OAuth2AccessTokenSupport.java:142)
[INFO] at org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider.obtainAccessToken(AuthorizationCodeAccessTokenProvider.java:209)
[INFO] at org.springframework.security.oauth2.client.OAuth2RestTemplate.acquireAccessToken(OAuth2RestTemplate.java:221)
[INFO] at org.springframework.security.oauth2.client.OAuth2RestTemplate.getAccessToken(OAuth2RestTemplate.java:173)
[INFO] at org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter.attemptAuthentication(OAuth2ClientAuthenticationProcessingFilter.java:105)
[INFO] ... 65 common frames omitted
[INFO] Caused by: org.springframework.security.oauth2.common.exceptions.RedirectMismatchException: Bad Request
[INFO] at org.springframework.security.oauth2.common.exceptions.OAuth2ExceptionJackson2Deserializer.deserialize(OAuth2ExceptionJackson2Deserializer.java:103)
[INFO] at org.springframework.security.oauth2.common.exceptions.OAuth2ExceptionJackson2Deserializer.deserialize(OAuth2ExceptionJackson2Deserializer.java:33)
[INFO] at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:3798)
[INFO] at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2922)
[INFO] at org.springframework.http.converter.json.AbstractJackson2HttpMessageConverter.readJavaType(AbstractJackson2HttpMessageConverter.java:237)
[INFO] at org.springframework.http.converter.json.AbstractJackson2HttpMessageConverter.readInternal(AbstractJackson2HttpMessageConverter.java:217)
[INFO] at org.springframework.http.converter.AbstractHttpMessageConverter.read(AbstractHttpMessageConverter.java:193)
[INFO] at org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport$AccessTokenErrorHandler.handleError(OAuth2AccessTokenSupport.java:235)
[INFO] at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:700)
[INFO] at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:653)
[INFO] at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:621)
[INFO] at org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport.retrieveToken(OAuth2AccessTokenSupport.java:137)
[INFO] ... 69 common frames omitted
这是我的配置:
应用.yml :
security:
oauth2:
client:
clientId: XXXXX
clientSecret: XXXXX
accessTokenUri: https://www.googleapis.com/oauth2/v4/token
userAuthorizationUri: https://accounts.google.com/o/oauth2/v2/auth
clientAuthenticationScheme: form
scope:
- openid
- email
- profile
resource:
userInfoUri: https://www.googleapis.com/oauth2/v3/userinfo
preferTokenInfo: true
弹簧安全配置:
@Configuration
@EnableOAuth2Sso
@EnableWebSecurity
class WebSecurityConfig : WebSecurityConfigurerAdapter() {
@Throws(Exception::class)
override fun configure(http: HttpSecurity) {
http
.authorizeRequests()
.antMatchers("/", "/home", "/webjars/**", "/count", "/login")
.permitAll()
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/")
.permitAll()
}
}
MVC 控制器 :
@Configuration
class MvcConfiguration : WebMvcConfigurerAdapter() {
override fun addViewControllers(registry: ViewControllerRegistry?) {
super.addViewControllers(registry)
registry?.addViewController("/home")?.setViewName("home");
registry?.addViewController("/")?.setViewName("home");
registry?.addViewController("/hello")?.setViewName("hello");
}
}
我在谷歌 api 控制台中设置的重定向页面是:https://my-awesome-app.appspot.com/login。当我在 http://localhost:8080 上进行测试时,所有这些都有效。也许有ssl的东西?
顺便说一下,我正在使用 kotlin。但它与Java非常相似
谁能帮我?
很难找到正确的答案,因为没有打印出完整的堆栈跟踪。
查看堆栈跟踪,有几个关键错误状态:
[INFO] org.springframework.security.authentication.BadCredentialsException: Could not obtain access token
...
[INFO] Caused by: org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException: Access token denied.
这表示应用程序的 OAuth 客户端未正确进行身份验证,或者您使用的凭据无效。
与其设置自己的访问令牌和用户身份验证URI,我建议使用Google Java API客户端,它将为您处理此问题:
https://github.com/googleapis/google-api-java-client
我们有一些 G Suite 示例显示了 OAuth 流程: https://github.com/gsuitedevs/java-samples
也许这个答案也可能有用: 通过谷歌API获取用户信息