Spring boot Springboot应用程序在尝试从KeyClope访问令牌获取角色时引发异常_Spring Boot_Keycloak

Spring boot Springboot应用程序在尝试从KeyClope访问令牌获取角色时引发异常

spring-boot keycloak

Spring boot Springboot应用程序在尝试从KeyClope访问令牌获取角色时引发异常,spring-boot,keycloak,Spring Boot,Keycloak,我创建了一个springboot应用程序，并按照此处给出的说明，以docker的身份运行KeyClope 在使用我手动创建的访问令牌（使用REST客户端）发送POST请求时，KeyClope无法验证该访问令牌。正如我从日志中了解到的，问题在于，keydape api无法解析访问令牌json，因为它使用fasterxml jackson库解析json，而json库不接受作用域的json数组 "scope":["user"] 因此，keydepeapi抛出错误 Caused by: org.k

我创建了一个springboot应用程序，并按照此处给出的说明，以docker的身份运行KeyClope

在使用我手动创建的访问令牌（使用REST客户端）发送POST请求时，KeyClope无法验证该访问令牌。正如我从日志中了解到的，问题在于，keydape api无法解析访问令牌json，因为它使用fasterxml jackson库解析json，而json库不接受作用域的json数组

"scope":["user"]

因此，keydepeapi抛出错误

Caused by: org.keycloak.jose.jws.JWSInputException: com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot deserialize instance of `java.lang.String` out of START_ARRAY token

经过一些调查，我发现jackson库不接受这种格式的json数组

完整日志：

2018-08-28 12:49:32.674 ERROR 1 --- [nio-8081-exec-2] o.k.a.BearerTokenRequestAuthenticator    : Failed to verify token

org.keycloak.common.VerificationException: Failed to read access token from JWT
    at org.keycloak.TokenVerifier.parse(TokenVerifier.java:321) ~[keycloak-core-4.3.0.Final.jar!/:4.3.0.Final]
    at org.keycloak.TokenVerifier.getHeader(TokenVerifier.java:335) ~[keycloak-core-4.3.0.Final.jar!/:4.3.0.Final]
    at org.keycloak.RSATokenVerifier.getHeader(RSATokenVerifier.java:85) ~[keycloak-core-4.3.0.Final.jar!/:4.3.0.Final]
    at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:55) ~[keycloak-adapter-core-4.3.0.Final.jar!/:4.3.0.Final]
    at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:37) ~[keycloak-adapter-core-4.3.0.Final.jar!/:4.3.0.Final]
    at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:99) [keycloak-adapter-core-4.3.0.Final.jar!/:4.3.0.Final]
    at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:84) [keycloak-adapter-core-4.3.0.Final.jar!/:4.3.0.Final]
    at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:68) [keycloak-adapter-core-4.3.0.Final.jar!/:4.3.0.Final]
    at org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter.attemptAuthentication(KeycloakAuthenticationProcessingFilter.java:149) [keycloak-spring-security-adapter-4.3.0.Final.jar!/:4.3.0.Final]
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) [spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) [spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
    at org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter.doFilter(KeycloakPreAuthActionsFilter.java:84) [keycloak-spring-security-adapter-4.3.0.Final.jar!/:4.3.0.Final]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) [spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) [spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) [spring-web-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) [spring-web-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
    at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:728) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
    at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:472) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
    at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:395) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
    at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:316) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
    at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:395) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
    at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:254) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:177) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_141]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_141]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
    at java.lang.Thread.run(Thread.java:748) [na:1.8.0_141]
Caused by: org.keycloak.jose.jws.JWSInputException: com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot deserialize instance of `java.lang.String` out of START_ARRAY token
 at [Source: (byte[])"{"jti":"88d4a5ed-6902-412d-a377-d18f46008803","exp":1535460852,"nbf":0,"iat":1535460552,"iss":"http://192.168.1.216:81/auth/realms/demo","aud":"demo-web","sub":"592b27a5-c58b-42a3-b896-f2169448873e","typ":"Bearer","azp":"demo-web","auth_time":1535460532,"session_state":"3fb7f93b-05de-45e3-b45b-8fa555854860","acr":"1","allowed-origins":[],"realm_access":{"roles":["user","register"]},"resource_access":{"demo-web":{"roles":["user"]}},"scope":"","scope":["user","register"],"name":"demo user","pr"[truncated 115 bytes]; line: 1, column: 459] (through reference chain: org.keycloak.representations.AccessToken["scope"])
    at org.keycloak.jose.jws.JWSInput.readJsonContent(JWSInput.java:104) ~[keycloak-core-4.3.0.Final.jar!/:4.3.0.Final]
    at org.keycloak.TokenVerifier.parse(TokenVerifier.java:319) ~[keycloak-core-4.3.0.Final.jar!/:4.3.0.Final]
    ... 47 common frames omitted
Caused by: com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot deserialize instance of `java.lang.String` out of START_ARRAY token
 at [Source: (byte[])"{"jti":"88d4a5ed-6902-412d-a377-d18f46008803","exp":1535460852,"nbf":0,"iat":1535460552,"iss":"http://192.168.1.216:81/auth/realms/demo","aud":"demo-web","sub":"592b27a5-c58b-42a3-b896-f2169448873e","typ":"Bearer","azp":"demo-web","auth_time":1535460532,"session_state":"3fb7f93b-05de-45e3-b45b-8fa555854860","acr":"1","allowed-origins":[],"realm_access":{"roles":["user","register"]},"resource_access":{"demo-web":{"roles":["user"]}},"scope":"","scope":["user","register"],"name":"demo user","pr"[truncated 115 bytes]; line: 1, column: 459] (through reference chain: org.keycloak.representations.AccessToken["scope"])
    at com.fasterxml.jackson.databind.exc.MismatchedInputException.from(MismatchedInputException.java:63) ~[jackson-databind-2.9.6.jar!/:2.9.6]
    at com.fasterxml.jackson.databind.DeserializationContext.reportInputMismatch(DeserializationContext.java:1342) ~[jackson-databind-2.9.6.jar!/:2.9.6]
    at com.fasterxml.jackson.databind.DeserializationContext.handleUnexpectedToken(DeserializationContext.java:1138) ~[jackson-databind-2.9.6.jar!/:2.9.6]
    at com.fasterxml.jackson.databind.deser.std.StdDeserializer._deserializeFromArray(StdDeserializer.java:674) ~[jackson-databind-2.9.6.jar!/:2.9.6]
    at com.fasterxml.jackson.databind.deser.std.StringDeserializer.deserialize(StringDeserializer.java:40) ~[jackson-databind-2.9.6.jar!/:2.9.6]
    at com.fasterxml.jackson.databind.deser.std.StringDeserializer.deserialize(StringDeserializer.java:10) ~[jackson-databind-2.9.6.jar!/:2.9.6]
    at com.fasterxml.jackson.databind.deser.impl.MethodProperty.deserializeAndSet(MethodProperty.java:127) ~[jackson-databind-2.9.6.jar!/:2.9.6]
    at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:288) ~[jackson-databind-2.9.6.jar!/:2.9.6]
    at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:151) ~[jackson-databind-2.9.6.jar!/:2.9.6]
    at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4013) ~[jackson-databind-2.9.6.jar!/:2.9.6]
    at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3091) ~[jackson-databind-2.9.6.jar!/:2.9.6]
    at org.keycloak.util.JsonSerialization.readValue(JsonSerialization.java:69) ~[keycloak-core-4.3.0.Final.jar!/:4.3.0.Final]
    at org.keycloak.jose.jws.JWSInput.readJsonContent(JWSInput.java:102) ~[keycloak-core-4.3.0.Final.jar!/:4.3.0.Final]
    ... 48 common frames omitted

使用我手动创建的访问令牌

：如何手动创建访问令牌？访问令牌实际上由且仅由KeyClope交付。另外，访问令牌不是简单的JSON，所以您不应该这样发送：我的意思是，我还没有将它集成到应用程序中，只是使用rest客户端创建的，我在授权头中将该访问令牌作为承载令牌发送。这个过程很好，这就是为什么访问令牌解码很好，我的问题是，KeyClope api（使用fasterxml jackson）无法解析解码的访问令牌json