我创建了三个应用程序,分别是"spring-cloud gateway(8081)"、"spring-oauth2-auth-server(8094)"one_answers"spring-oauth2-resource-server(8087)"。
当我想请求资源服务器时,首先我需要请求gw,它转发到oauth服务器,我在那里登录(oauth也有spring安全层)。成功登录后,它重定向到后台gw服务器,如http://localhost:8081/login/oauth2/code/gateway?code=6ldKVF&state=0WvvvWdTs8G_XchSTQKqgokua_XDVQziqVZ_VXLMqIS0%3D url。然后,屏幕出现错误。
当我在auth服务器上成功登录时,网关服务器控制台中有一个跟踪日志:
2020-01-17 17:52:11.825 TRACE 11336-[cor-http-nio-4]o.s.http.codec.json.Jackson2Json解码器:[21762c89]解码[{access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsib2F1dGgyLXJlc291cmNl0sInVzZXJfbmFtZSI6ImRnIic2NvcGUiOlsi3VzdG9tX21vZCJdLCJleHAiOjE1NzkyNzI3NDESimF1dGhvcml0aWVzIjpbIJPTEVfQURNSU4iXSwianRpIjoiOWUzYzQ2YTQtMDJiZi00MTgwLTg1ZTktMGJhotM0M]jBhYjg4IwiY2xpZW50X2lkIjoiZmlyc3QtY2xpZW0In0.xdWGm420vp2Rzq0AyCgOTcDuKvP-V6JFd76KmJJf7o,token_type=承载,refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsib2F1dGgyLXJlc291cmNlIl0sInVzZXJfbmFtZSI6ImRnIwic2NvcGUiOlsi3VzdG9tX21vZCJdLCJhdGkiOi5ZTNjNDZhNC0wMmJmLTQxODAtODVlOS0wYmE5MzQyMGFiODgiLCJleHAiOjE1NzkyNzI3NTEmF1dGhvcml0aWzIjpblJPTE VfQURNSU4iX带RpIjoiYzEyNWExM2ItMmMzYS00ZGM0LWJjODgtZDc4ZDk1ZTljNzQ5Ii2xpZW50X2lkIjoiZmlyc3QtY2xpZW50 In0.KhRIy7wOH2IsswDZ_AIXVFdtu6JZqtiLBZGZ型NRw,expires_in=9,scope=custom_mod,jti=9e3c46a4-02bf-4180-85e9-0ba93420ab88}]
当我解码以访问令牌jwt时,结果如下。
{
"aud": [
"oauth2-resource"
],
"user_name": "dg",
"scope": [
"custom_mod"
],
"exp": 1579272741,
"authorities": [
"ROLE_ADMIN"
],
"jti": "9e3c46a4-02bf-4180-85e9-0ba93420ab88",
"client_id": "first-client"
}
我想,我缺少一些要在网关服务器或oauth服务器中实现的部分,但我找不到。因为当我尝试使用okta而不是我的自定义身份验证服务器时,没有错误
网关应用程序属性
server.port=8081
spring.security.oauth2.client.registration.gateway.client-id=first-client
spring.security.oauth2.client.registration.gateway.client-secret=noonewilleverguess
spring.security.oauth2.client.registration.gateway.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.gateway.redirect-uri={baseUrl}/login/oauth2/code/{registrationId}
spring.security.oauth2.client.provider.gateway.authorization-uri=http://localhost:8094/oauth/authorize
spring.security.oauth2.client.provider.gateway.token-uri=http://localhost:8094/oauth/token?scope=custom_mod
spring.security.oauth2.client.provider.gateway.user-info-uri=http://localhost:8094/userinfo
spring.security.oauth2.client.provider.gateway.user-name-attribute=name
logging.level.root=trace
这是屏幕或消息:
1月17日星期五17:28:11 EET 2020[83c168ec]出现意外错误(类型=内部服务器错误,状态=500)。找不到类的提供程序org.springframework.security.auth2.client.authentication.OAuth2AuthenticationCodeAuthenticationToken
这是控制台错误消息:
2020-01-17 17:40:27.204错误7180-[cor-http-nio-2]a.w.r.e.AbstractErrorWebExceptionHandler:[93951d85]500服务器错误用于HTTP GET"/login/oauth2/code/gateway?code=n35lEN&state=fZ94ZsZySnUwaG1vS32cX4sXU9KJ6aRm58twQMrR9sQ%3D">
java.lang.IollegalStateException:找不到类的提供程序org.springframework.security.auth2.client.authentication.OAuth2AuthenticationCodeAuthenticationToken在org.springframework.security.web.server.authentication.AuthenticationWebFilterLambda$authenticate$5(AuthenticationWebFilter.java:118)~[spring-security-web-5.2.1.RELEASE.jar:5.2.1.RELEASE]抑制:reactor.core.publisher.FluxOnAssembly$OnAssemblyException:错误为在以下地点观察到:|_检查点⇢org.springframework.security.auth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter[DefaultWebFilterChain]|_检查点⇢org.springframework.security.auth2.client.web.server.Outh2AuthorizationRequestRedirectWebFilter[DefaultWebFilterChain]|_检查点⇢org.springframework.security.auth2.client.web.server.Outh2AuthorizationRequestRedirectWebFilter[DefaultWebFilterChain]|_检查点⇢org.springframework.security.web.server.context.ReactorContextWebFilter[DefaultWebFilterChain]|_检查点⇢org.springframework.security.web.server.csrf.CsrfWebFilter[DefaultWebFilterChain]|_检查点⇢org.springframework.security.web.server.header.HttpHeaderWriterWebFilter[DefaultWebFilterChain]|_检查点⇢org.springframework.security.config.web.server.ServerHttpSecurity$ServerWebExchangeReactorContextWebFilter[DefaultWebFilterChain]|_检查点⇢org.springframework.security.web.server.WebFilterChainProxy[DefaultWebFilterChain]|_检查点⇢HTTP获取"/login/oauth2/code/gateway?code=n35lEN&state=fZ94ZsZySnUwaG1vS32cX4sXU9KJ6aRm58twQMrR9sQ%3D"[ExceptionHandlingWebHandler]堆栈跟踪:位于org.springframework.security.web.server.authentication.AuthenticationWebFilterLambda$authenticate$5(AuthenticationWebFilter.java:118)~[spring-security-web-5.2.1.RELEASE.jar:5.2.1.RELEASE]reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:44)~[reactor-core-3.3.1.RELEASE.jar:3.3.1.RELEASE]reactor.core.publisher.Mono.subscribe(Mono.java:4105)~[reactor-core-3.3.1.RELEASE.jar:3.3.1.RELEASE]reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwickIfEmpt.java:75)~[反应器-核心-3.3.1.释放。罐子:3.3.1.释放]
edit:缩短以了解问题。
这个问题发布已经有一段时间了。但是,您可能正在导入spring-securityoauth2客户端,而没有相应的jose客户端。
所以你最好添加
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
在我的情况下,因为我的客户端没有openid作用域。