Spring boot Spring Security 5 OAuth2 WebClient[需要客户端授权]客户端注册Id:dummies需要授权;
我试图实现一个简单的示例,如下所示: 这是: 我正在使用spring boot(@EnableAuthorizationServer)运行本地OAuth2服务器,我可以使用/oauth/token获取令牌,并使用/oauth/check_令牌检查令牌 我用spring boot(@EnableResourceServer)和受保护的端点(/key-value、/products等)创建了一个应用程序(APP_-CORE)。只有使用令牌,用户才能访问服务 但现在我有了其他应用程序(APP_01),我想将令牌传递到APP_01到APP_核心 我可以使用令牌访问APP_01中的任何端点,但当我尝试访问使用WebClient访问APP_CORE中其他端点的方法时,我收到以下消息:Spring boot Spring Security 5 OAuth2 WebClient[需要客户端授权]客户端注册Id:dummies需要授权;,spring-boot,spring-security,oauth-2.0,spring-security-oauth2,Spring Boot,Spring Security,Oauth 2.0,Spring Security Oauth2,我试图实现一个简单的示例,如下所示: 这是: 我正在使用spring boot(@EnableAuthorizationServer)运行本地OAuth2服务器,我可以使用/oauth/token获取令牌,并使用/oauth/check_令牌检查令牌 我用spring boot(@EnableResourceServer)和受保护的端点(/key-value、/products等)创建了一个应用程序(APP_-CORE)。只有使用令牌,用户才能访问服务 但现在我有了其他应用程序(APP_01),
{
"timestamp": 1550727169951,
"status": 500,
"error": "Internal Server Error",
"message": "[client_authorization_required] Authorization required for Client Registration Id: dummies",
"trace": "org.springframework.security.oauth2.client.ClientAuthorizationRequiredException: [client_authorization_required] Authorization required for Client Registration Id: dummies\r\n\tat org.springframework.security.oauth2.client.web.method.annotation.OAuth2AuthorizedClientArgumentResolver.resolveArgument(OAuth2AuthorizedClientArgumentResolver.java:123)\r\n\tat org.springframework.web.method.support.HandlerMethodArgumentResolverComposite.resolveArgument(HandlerMethodArgumentResolverComposite.java:126)\r\n\tat org.springframework.web.method.support.InvocableHandlerMethod.getMethodArgumentValues(InvocableHandlerMethod.java:166)\r\n\tat org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:134)\r\n\tat org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:102)\r\n\tat org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)\r\n\tat org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:800)\r\n\tat org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)\r\n\tat org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1038)\r\n\tat org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942)\r\n\tat org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005)\r\n\tat org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:897)\r\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:634)\r\n\tat org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:882)\r\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:741)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\r\n\tat org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\r\n\tat org.springframework.boot.actuate.web.trace.servlet.HttpTraceFilter.doFilterInternal(HttpTraceFilter.java:90)\r\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\r\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320)\r\n\tat org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)\r\n\tat org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)\r\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\r\n\tat org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)\r\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\r\n\tat org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)\r\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\r\n\tat org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)\r\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\r\n\tat org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)\r\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\r\n\tat org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)\r\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\r\n\tat org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter.doFilter(OAuth2AuthenticationProcessingFilter.java:176)\r\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\r\n\tat org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)\r\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\r\n\tat org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:74)\r\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\r\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\r\n\tat org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)\r\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\r\n\tat org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)\r\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\r\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\r\n\tat org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)\r\n\tat org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)\r\n\tat org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)\r\n\tat org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\r\n\tat org.springframework.cloud.sleuth.instrument.web.ExceptionLoggingFilter.doFilter(ExceptionLoggingFilter.java:50)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\r\n\tat brave.servlet.TracingFilter.doFilter(TracingFilter.java:86)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\r\n\tat org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:117)\r\n\tat org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:106)\r\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\r\n\tat org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)\r\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\r\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\r\n\tat org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)\r\n\tat org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)\r\n\tat org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)\r\n\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)\r\n\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)\r\n\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)\r\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)\r\n\tat org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)\r\n\tat org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)\r\n\tat org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834)\r\n\tat org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)\r\n\tat org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)\r\n\tat java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)\r\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)\r\n\tat org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\r\n\tat java.lang.Thread.run(Thread.java:748)\r\n",
"path": "/questionnaire/key-value/dummies"
}
spring:
security:
oauth2:
client:
registration:
dummies:
client-id: fooClientIdPassword
client-secret: secret
provider: oauthserver
authorization-grant-type: authorization_code
redirect-uri: http://localhost:7001
scope: read,write,foo
provider:
oauthserver:
authorization-uri: http://localhost:7777/oauth/authorize
token-uri: http://localhost:7777/oauth/token
user-info-uri: http://localhost:7777/user
token-info-uri: http://localhost:7777/oauth/check_token
user-info-authentication-method: basic
user-name-attribute: sub
jwk-set-uri: http://localhost:7777/token_keys
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private ClientRegistrationRepository clientRegistrationRepository;
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/h2_console/**").permitAll()
.antMatchers("/swagger**").permitAll()
.and()
.oauth2Login()
.authorizationEndpoint()
.authorizationRequestResolver(customAuthorizationRequestResolver())
.and()
.tokenEndpoint()
.accessTokenResponseClient(customAccessTokenResponseClient())
.and()
.and()
.oauth2Client();
http.csrf().disable();
http.headers().frameOptions().disable();
}
@Override
public void configure(WebSecurity web) throws Exception {
super.configure(web);
}
private OAuth2AuthorizationRequestResolver customAuthorizationRequestResolver() {
return new CustomAuthorizationRequestResolver(this.clientRegistrationRepository);
}
private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> customAccessTokenResponseClient() {
OAuth2AccessTokenResponseHttpMessageConverter tokenResponseHttpMessageConverter =
new OAuth2AccessTokenResponseHttpMessageConverter();
tokenResponseHttpMessageConverter.setTokenResponseConverter(new CustomAccessTokenResponseConverter());
RestTemplate restTemplate = new RestTemplate(Arrays.asList(
new FormHttpMessageConverter(), tokenResponseHttpMessageConverter));
restTemplate.setErrorHandler(new OAuth2ErrorResponseErrorHandler());
DefaultAuthorizationCodeTokenResponseClient tokenResponseClient = new DefaultAuthorizationCodeTokenResponseClient();
tokenResponseClient.setRestOperations(restTemplate);
return tokenResponseClient;
}
}
@配置
@启用Web安全性
公共类安全配置扩展了WebSecurity配置适配器{
@自动连线
专用ClientRegistrationRepository ClientRegistrationRepository;
@凌驾
受保护的void configure(最终HttpSecurity http)引发异常{
http.authorizeRequests()
.antMatchers(“/”).permitAll()
.antMatchers(“/h2_console/**”).permitAll()
.antMatchers(“/swagger**”).permitAll()
.及()
.oauth2Login()
.authorizationEndpoint()
.authorizationRequestResolver(customAuthorizationRequestResolver())
.及()
.tokenpoint()
.accessTokenResponseClient(customAccessTokenResponseClient())
.及()
.及()
.oauth2Client();
http.csrf().disable();
http.headers().frameOptions().disable();
}
@凌驾
public void configure(WebSecurity web)引发异常{
super.configure(web);
}
专用OAuth2AuthorizationRequestResolver自定义授权RequestResolver(){
返回新的CustomAuthorizationRequestResolver(this.clientRegistrationRepository);
}
专用OAuth2AccessTokenResponseClient customAccessTokenResponseClient(){
OAuth2AccessTokenResponseHttpMessageConverter tokenResponseHttpMessageConverter=
新的OAuth2AccessTokenResponseHttpMessageConverter();
setTokenResponseConverter(新的CustomAccessTokenResponseConverter());
RestTemplate RestTemplate=新的RestTemplate(Arrays.asList(
新表单HttpMessageConverter(),tokenResponseHttpMessageConverter));
setErrorHandler(新的OAuth2ErrorResponseErrorHandler());
DefaultAuthorizationCodeTokenResponseClient tokenResponseClient=新的DefaultAuthorizationCodeTokenResponseClient();
tokenResponseClient.setRestOperations(restTemplate);
返回tokenResponseClient;
}
}
@GetMapping(path = {"/dummies"})
public List<String> dummies(@RegisteredOAuth2AuthorizedClient("dummies") OAuth2AuthorizedClient dummiesClient, Map<String, Object> model) {
return this.getDummies(dummiesClient);
}
private List<String> getDummies(OAuth2AuthorizedClient dummiesClient) {
ParameterizedTypeReference<List<String>> typeRef = new ParameterizedTypeReference<List<String>>() {
};
return this.webClient
.get()
.uri("http://localhost:6666/dummy-service/dummies")
.attributes(oauth2AuthorizedClient(dummiesClient))
.retrieve()
.bodyToMono(typeRef)
.block();
}
@GetMapping(路径={”/dummies})
公共列表虚拟机(@RegisteredAuth2AuthorizedClient(“虚拟机”)OAuth2AuthorizedClient虚拟机客户端,映射模型){
返回此.getDummies(dummiesClient);
}
私有列表getDummies(OAuth2AuthorizedClient dummiesClient){
ParameterizedTypeReference typeRef=新的ParameterizedTypeReference(){
};
返回此Web客户端
.get()
.uri(“http://localhost:6666/dummy-服务/假人)
.attributes(oauth2AuthorizedClient(dummiesClient))
.retrieve()
.bodyToMono(类型参考)
.block();
}