Java 如何在Spring Boot Oauth2授权服务器中授予\u type=client\u凭据时引发错误凭据的任何异常
我正在尝试在同一个应用程序中设置Java 如何在Spring Boot Oauth2授权服务器中授予\u type=client\u凭据时引发错误凭据的任何异常,java,spring-boot,spring-security,oauth-2.0,spring-security-oauth2,Java,Spring Boot,Spring Security,Oauth 2.0,Spring Security Oauth2,我正在尝试在同一个应用程序中设置授权服务器和资源服务器。在grant\u type=client\u credentials中,对于正确的client\u id和client\u secret配置有效。但对于错误的凭证,默认情况下它不会抛出有用的异常。下面是错误凭据的错误消息 { "timestamp": 1605701863451, "status": 404, "error": "Not Found
授权服务器资源服务器grant\u type=client\u credentialsclient\u idclient\u secret{
"timestamp": 1605701863451,
"status": 404,
"error": "Not Found",
"message": "No message available",
"path": "/login"
}
HTTP status=400{
"error": "invalid_grant",
"error_description": "Bad credentials"
}
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Autowired
@Qualifier("dataSource")
private DataSource dataSource;
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Bean
public CustomTokenEnhancer customTokenEnhancer() {
return new CustomTokenEnhancer();
}
@Bean
public CorsFilter corsFilter() {
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
final CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.setAllowedOrigins(Collections.singletonList("*"));
config.setAllowedHeaders(Arrays.asList("Origin", "Content-Type", "Accept"));
config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "OPTIONS", "DELETE", "PATCH"));
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security
.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()");
.allowFormAuthenticationForClients();
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient("android-client")
.authorizedGrantTypes("client_credentials", "password","refresh_token")
.scopes("read", "write", "trust")
.resourceIds("oauth2-resource")
.accessTokenValiditySeconds(600000)
.secret(CustomConfiugration.getPasswordEncoder().encode("android-secret"))
.refreshTokenValiditySeconds(-1);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager)
.allowedTokenEndpointRequestMethods(HttpMethod.POST)
.tokenEnhancer( this.customTokenEnhancer())
.tokenStore(this.tokenStore())
.userDetailsService(customUserDetailsService);
}
}
@Service
public class CustomUserDetailsService implements UserDetailsService {
@Autowired
public UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userRepository.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException("Bad credentials");
}
return user;
}
}
@Configuration
@EnableWebSecurity
@Order(SecurityProperties.BASIC_AUTH_ORDER)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
CustomUserDetailsService customUserDetailsService;
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/static/**");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(customUserDetailsService)
.passwordEncoder( CustomConfiugration.getPasswordEncoder());
}
@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/login")
.failureUrl("/login?error")
.permitAll();
http
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login")
.deleteCookies("JSESSIONID")
.permitAll();
}
}
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Autowired
@Qualifier("dataSource")
private DataSource dataSource;
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Bean
public CustomTokenEnhancer customTokenEnhancer() {
return new CustomTokenEnhancer();
}
@Bean
public CorsFilter corsFilter() {
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
final CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.setAllowedOrigins(Collections.singletonList("*"));
config.setAllowedHeaders(Arrays.asList("Origin", "Content-Type", "Accept"));
config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "OPTIONS", "DELETE", "PATCH"));
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security
.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()");
.allowFormAuthenticationForClients();
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient("android-client")
.authorizedGrantTypes("client_credentials", "password","refresh_token")
.scopes("read", "write", "trust")
.resourceIds("oauth2-resource")
.accessTokenValiditySeconds(600000)
.secret(CustomConfiugration.getPasswordEncoder().encode("android-secret"))
.refreshTokenValiditySeconds(-1);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager)
.allowedTokenEndpointRequestMethods(HttpMethod.POST)
.tokenEnhancer( this.customTokenEnhancer())
.tokenStore(this.tokenStore())
.userDetailsService(customUserDetailsService);
}
}
@Service
public class CustomUserDetailsService implements UserDetailsService {
@Autowired
public UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userRepository.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException("Bad credentials");
}
return user;
}
}
@Configuration
@EnableWebSecurity
@Order(SecurityProperties.BASIC_AUTH_ORDER)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
CustomUserDetailsService customUserDetailsService;
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/static/**");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(customUserDetailsService)
.passwordEncoder( CustomConfiugration.getPasswordEncoder());
}
@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/login")
.failureUrl("/login?error")
.permitAll();
http
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login")
.deleteCookies("JSESSIONID")
.permitAll();
}
}
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Autowired
@Qualifier("dataSource")
private DataSource dataSource;
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
@Bean
public CustomTokenEnhancer customTokenEnhancer() {
return new CustomTokenEnhancer();
}
@Bean
public CorsFilter corsFilter() {
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
final CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.setAllowedOrigins(Collections.singletonList("*"));
config.setAllowedHeaders(Arrays.asList("Origin", "Content-Type", "Accept"));
config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "OPTIONS", "DELETE", "PATCH"));
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security
.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()");
.allowFormAuthenticationForClients();
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient("android-client")
.authorizedGrantTypes("client_credentials", "password","refresh_token")
.scopes("read", "write", "trust")
.resourceIds("oauth2-resource")
.accessTokenValiditySeconds(600000)
.secret(CustomConfiugration.getPasswordEncoder().encode("android-secret"))
.refreshTokenValiditySeconds(-1);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager)
.allowedTokenEndpointRequestMethods(HttpMethod.POST)
.tokenEnhancer( this.customTokenEnhancer())
.tokenStore(this.tokenStore())
.userDetailsService(customUserDetailsService);
}
}
@Service
public class CustomUserDetailsService implements UserDetailsService {
@Autowired
public UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userRepository.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException("Bad credentials");
}
return user;
}
}
@Configuration
@EnableWebSecurity
@Order(SecurityProperties.BASIC_AUTH_ORDER)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
CustomUserDetailsService customUserDetailsService;
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/static/**");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(customUserDetailsService)
.passwordEncoder( CustomConfiugration.getPasswordEncoder());
}
@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/login")
.failureUrl("/login?error")
.permitAll();
http
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login")
.deleteCookies("JSESSIONID")
.permitAll();
}
}
2020-11-18 18:47:49.426 DEBUG 5228 --- [nio-8080-exec-9] s.w.s.m.m.a.RequestMappingHandlerMapping : Looking up handler method for path /oauth/token
2020-11-18 18:47:49.426 DEBUG 5228 --- [nio-8080-exec-9] s.w.s.m.m.a.RequestMappingHandlerMapping : Did not find handler method for [/oauth/token]
2020-11-18 18:47:49.426 DEBUG 5228 --- [nio-8080-exec-9] .s.o.p.e.FrameworkEndpointHandlerMapping : Looking up handler method for path /oauth/token
2020-11-18 18:47:49.427 DEBUG 5228 --- [nio-8080-exec-9] .s.o.p.e.FrameworkEndpointHandlerMapping : Returning handler method [public org.springframework.http.ResponseEntity<org.springframework.security.oauth2.common.OAuth2AccessToken> org.springframework.security.oauth2.provider.endpoint.TokenEndpoint.postAccessToken(java.security.Principal,java.util.Map<java.lang.String, java.lang.String>) throws org.springframework.web.HttpRequestMethodNotSupportedException]
2020-11-18 18:47:49.427 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/resources/static/**'
2020-11-18 18:47:49.427 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/token']
2020-11-18 18:47:49.427 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/oauth/token'
2020-11-18 18:47:49.427 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.web.util.matcher.OrRequestMatcher : matched
2020-11-18 18:47:49.427 DEBUG 5228 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /oauth/token?grant_type=client_credentials at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2020-11-18 18:47:49.427 DEBUG 5228 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /oauth/token?grant_type=client_credentials at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2020-11-18 18:47:49.427 DEBUG 5228 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /oauth/token?grant_type=client_credentials at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2020-11-18 18:47:49.427 DEBUG 5228 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /oauth/token?grant_type=client_credentials at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2020-11-18 18:47:49.427 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', GET]
2020-11-18 18:47:49.427 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'POST /oauth/token' doesn't match 'GET /logout
2020-11-18 18:47:49.427 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', POST]
2020-11-18 18:47:49.427 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/token'; against '/logout'
2020-11-18 18:47:49.427 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', PUT]
2020-11-18 18:47:49.427 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'POST /oauth/token' doesn't match 'PUT /logout
2020-11-18 18:47:49.427 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', DELETE]
2020-11-18 18:47:49.427 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'POST /oauth/token' doesn't match 'DELETE /logout
2020-11-18 18:47:49.427 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2020-11-18 18:47:49.427 DEBUG 5228 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /oauth/token?grant_type=client_credentials at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2020-11-18 18:47:49.427 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.a.www.BasicAuthenticationFilter : Basic Authentication Authorization header found for user 'android-clients'
2020-11-18 18:47:49.427 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2020-11-18 18:47:49.497 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.a.dao.DaoAuthenticationProvider : User 'android-clients' not found
2020-11-18 18:47:49.497 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.a.www.BasicAuthenticationFilter : Authentication request for failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
2020-11-18 18:47:49.497 DEBUG 5228 --- [nio-8080-exec-9] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]
2020-11-18 18:47:49.497 DEBUG 5228 --- [nio-8080-exec-9] s.w.a.DelegatingAuthenticationEntryPoint : No match found. Using default entry point org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint@5ffdd228
2020-11-18 18:47:49.498 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@7894676
2020-11-18 18:47:49.498 DEBUG 5228 --- [nio-8080-exec-9] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2020-11-18 18:47:49.498 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/resources/static/**'
2020-11-18 18:47:49.498 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/token']
2020-11-18 18:47:49.498 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/oauth/token'
2020-11-18 18:47:49.498 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/token_key']
2020-11-18 18:47:49.498 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/oauth/token_key'
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/check_token']
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/oauth/check_token'
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/api/**'
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /error?grant_type=client_credentials at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /error?grant_type=client_credentials at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@4e2ebfa8. A new one will be created.
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /error?grant_type=client_credentials at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /error?grant_type=client_credentials at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', GET]
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'POST /error' doesn't match 'GET /logout
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', POST]
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/logout'
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', PUT]
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'POST /error' doesn't match 'PUT /logout
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', DELETE]
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'POST /error' doesn't match 'DELETE /logout
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /error?grant_type=client_credentials at position 5 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/login'
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /error?grant_type=client_credentials at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.s.DefaultSavedRequest : pathInfo: both null (property equals)
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.s.DefaultSavedRequest : queryString: arg1=grant_type=client_credentials; arg2=grant_type=client_credentials (property equals)
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.s.DefaultSavedRequest : requestURI: arg1=/error; arg2=/error (property equals)
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.s.DefaultSavedRequest : serverPort: arg1=8080; arg2=8080 (property equals)
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.s.DefaultSavedRequest : requestURL: arg1=http://localhost:8080/error; arg2=http://localhost:8080/error (property equals)
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.s.DefaultSavedRequest : scheme: arg1=http; arg2=http (property equals)
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.s.DefaultSavedRequest : serverName: arg1=localhost; arg2=localhost (property equals)
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.s.DefaultSavedRequest : contextPath: arg1=; arg2= (property equals)
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.s.DefaultSavedRequest : servletPath: arg1=/error; arg2=/error (property equals)
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.s.HttpSessionRequestCache : Removing DefaultSavedRequest from session if present
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /error?grant_type=client_credentials at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /error?grant_type=client_credentials at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@93157775: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffde5d4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 38BE5E2B0F39371468B6392F305F022D; Granted Authorities: ROLE_ANONYMOUS'
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /error?grant_type=client_credentials at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /error?grant_type=client_credentials at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /error?grant_type=client_credentials at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', GET]
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'POST /error' doesn't match 'GET /logout
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', POST]
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/logout'
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', PUT]
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'POST /error' doesn't match 'PUT /logout
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', DELETE]
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'POST /error' doesn't match 'DELETE /logout
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /error?grant_type=client_credentials; Attributes: [authenticated]
2020-11-18 18:47:49.499 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@93157775: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffde5d4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 38BE5E2B0F39371468B6392F305F022D; Granted Authorities: ROLE_ANONYMOUS
2020-11-18 18:47:49.500 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@ebb7516, returned: -1
2020-11-18 18:47:49.500 DEBUG 5228 --- [nio-8080-exec-9] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124) ~[spring-security-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) ~[spring-security-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119) ~[spring-security-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) [spring-security-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) [spring-security-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170) [spring-security-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) [spring-security-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) [spring-security-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) [spring-security-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-5.0.9.RELEASE.jar:5.0.9.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-5.0.9.RELEASE.jar:5.0.9.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) [spring-security-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) [spring-security-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) [spring-web-5.0.9.RELEASE.jar:5.0.9.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) [spring-web-5.0.9.RELEASE.jar:5.0.9.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.34.jar:8.5.34]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.34.jar:8.5.34]
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:728) [tomcat-embed-core-8.5.34.jar:8.5.34]
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:472) [tomcat-embed-core-8.5.34.jar:8.5.34]
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:395) [tomcat-embed-core-8.5.34.jar:8.5.34]
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:316) [tomcat-embed-core-8.5.34.jar:8.5.34]
at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:395) [tomcat-embed-core-8.5.34.jar:8.5.34]
at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:254) [tomcat-embed-core-8.5.34.jar:8.5.34]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:177) [tomcat-embed-core-8.5.34.jar:8.5.34]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) [tomcat-embed-core-8.5.34.jar:8.5.34]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [tomcat-embed-core-8.5.34.jar:8.5.34]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) [tomcat-embed-core-8.5.34.jar:8.5.34]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800) [tomcat-embed-core-8.5.34.jar:8.5.34]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-8.5.34.jar:8.5.34]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:806) [tomcat-embed-core-8.5.34.jar:8.5.34]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498) [tomcat-embed-core-8.5.34.jar:8.5.34]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-8.5.34.jar:8.5.34]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_272]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_272]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.5.34.jar:8.5.34]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_272]
2020-11-18:47:49.426调试5228---[nio-8080-exec-9]s.w.s.m.m.a.RequestMappingHandlerMapping:查找路径/oauth/token的处理程序方法
2020-11-18 18:47:49.426调试5228---[nio-8080-exec-9]s.w.s.m.m.a.RequestMappingHandlerMapping:未找到[/oauth/token]的处理程序方法
2020-11-18 18:47:49.426调试5228---[nio-8080-exec-9].s.o.p.e.FrameworkEndpointHandlerMapping:查找路径/oauth/token的处理程序方法
2020-11-18 18:47:49.427调试5228---[nio-8080-exec-9].s.o.p.e.FrameworkEndpointHandlerMapping:返回处理程序方法[public org.springframework.http.ResponseEntity org.springframework.security.oauth2.provider.endpoint.TokenEndpoint.postAccessToken(java.security.Principal,java.util.Map)抛出org.springframework.web.HttpRequestMethodNotSupportedException]
2020-11-18 18:47:49.427调试5228---[nio-8080-exec-9]o.s.s.w.u.matcher.AntPathRequestMatcher:检查请求的匹配:'/oauth/token';针对“/resources/static/**”
2020-11-18 18:47:49.427调试5228---[nio-8080-exec-9]o.s.s.web.util.matcher.OrRequestMatcher:尝试使用Ant[pattern='/oauth/token']
2020-11-18 18:47:49.427调试5228---[nio-8080-exec-9]o.s.s.w.u.matcher.AntPathRequestMatcher:检查请求的匹配:'/oauth/token';针对“/oauth/token”
2020-11-18 18:47:49.427调试5228---[nio-8080-exec-9]o.s.s.web.util.matcher.OrRequestMatcher:匹配
2020-11-18 18:47:49.427调试5228---[nio-8080-exec-9]o.s.security.web.FilterChainProxy:/oauth/token?grant_type=附加过滤器链中11个位置中的第1个位置的客户端凭据;正在启动筛选器:“WebAsyncManagerIntegrationFilter”
2020-11-18 18:47:49.427调试5228---[nio-8080-exec-9]o.s.security.web.FilterChainProxy:/oauth/token?grant_type=附加过滤器链中11个位置中第2个位置的客户端凭据;正在启动筛选器:“SecurityContextPersistenceFilter”
2020-11-18 18:47:49.427调试5228---[nio-8080-exec-9]o.s.security.web.FilterChainProxy:/oauth/token?grant_type=附加过滤器链中11个位置中第3个位置的客户端凭据;触发过滤器:“HeaderWriterFilter”
2020-11-18 18:47:49.427调试5228---[nio-8080-exec-9]o.s.security.web.FilterChainProxy:/oauth/token?grant_type=附加过滤器链中11个位置中第4个位置的客户端凭据;正在启动筛选器:“注销筛选器”
2020-11-18 18:47:49.427调试5228---[nio-8080-exec-9]o.s.s.web.util.matcher.OrRequestMatcher:尝试使用Ant进行匹配[pattern='/logout',GET]
2020-11-18 18:47:49.427调试5228---[nio-8080-exec-9]o.s.s.w.u.matcher.AntPathRequestMatcher:请求“POST/oauth/token”不匹配“获取/注销”
2020-11-18 18:47:49.427调试5228---[nio-8080-exec-9]o.s.s.web.util.matcher.OrRequestMatcher:尝试使用Ant进行匹配[pattern='/logout',POST]
2020-11-18 18:47:49.427调试5228---[nio-8080-exec-9]o.s.s.w.u.matcher.AntPathRequestMatcher:检查请求的匹配:'/oauth/token';针对“/注销”
2020-11-18 18:47:49.427调试5228---[nio-8080-exec-9]o.s.s.web.util.matcher.OrRequestMatcher:尝试使用Ant进行匹配[pattern='/logout',PUT]
2020-11-18 18:47:49.427调试5228---[nio-8080-exec-9]o.s.s.w.u.matcher.AntPathRequestMatcher:请求“POST/oauth/token”不匹配“PUT/logout”
2020-11-18 18:47:49.427调试5228---[nio-8080-exec-9]o.s.s.web.util.matcher.OrRequestMatcher:尝试使用Ant进行匹配[pattern='/logout',DELETE]
2020-11-18 18:47:49.427调试5228---[nio-8080-exec-9]o.s.s.w.u.matcher.AntPathRequestMatcher:请求“POST/oauth/token”不匹配“删除/注销”
2020-11-18 18:47:49.427调试5228---[nio-8080-exec-9]o.s.s.web.util.matcher.OrRequestMatcher:未找到匹配项
2020-11-18 18:47:49.427调试5228---[nio-8080-exec-9]o.s.security.web.FilterChainProxy:/oauth/token?grant_type=附加过滤器链中11个位置中第5个位置的客户端凭据;触发筛选器:“基本身份验证筛选器”
2020-11-18 18:47:49.427调试5228---[nio-8080-exec-9]o.s.s.w.a.www.BasicAuthenticationFilter:为用户的android客户端找到基本身份验证授权头
2020-11-18 18:47:49.427调试5228---[nio-8080-exec-9]o.s.s.authentication.ProviderManager:使用org.springframework.security.authentication.dao.authenticationProvider进行身份验证尝试
2020-11-18 18:47:49.497调试5228---[nio-8080-exec-9]o.s.s.a.dao.DaoAuthenticationProvider:未找到用户“android客户端”
2020-11-18 18:47:49.497调试5228---[nio-8080-exec-9]o.s.s.w.a.www.BasicAuthenticationFilter:失败的身份验证请求:org.springframework.security.Authentication.BadCredentialsException:错误的凭据
2020-11-18 18:47:49.497调试5228---[nio-8080-exec-9]s.w.a.DelegatingAuthenticationEntryPoint:尝试使用RequestHeaderRequestMatcher进行匹配[expectedHeaderName=X-Requested-With,expectedHeaderValue=XMLHttpRequest]
2020-11-18 18:47:49.497调试5228---[nio-8080-exec-9]s.w.a.DelegatingAuthenticationEntryPoint:未找到匹配项。使用默认入口点org.springframework.security.web.authentication.www。BasicAuthenticationEntryPoint@5ffdd228
2020-11-18 18:47:49.498调试5228---[nio-8080