Spring security Spring Boot OAuth2-GoogleApi-无法从令牌获取用户详细信息_Spring Security_Spring Boot_Google Oauth_Spring Security Oauth2

Spring security Spring Boot OAuth2-GoogleApi-无法从令牌获取用户详细信息

spring-security spring-boot

Spring security Spring Boot OAuth2-GoogleApi-无法从令牌获取用户详细信息,spring-security,spring-boot,google-oauth,spring-security-oauth2,Spring Security,Spring Boot,Google Oauth,Spring Security Oauth2,我正在从事一个项目，该项目对Gmail身份验证有要求，并且可以扩展。我正在学习本教程，其中有Facebook和GitHub身份验证的示例。所以我尝试了Gmail，我得到了这个我无法解决的错误，并且在尝试解决时出现了新的异常。请帮助我，因为我相信这是代码受我的添加影响最小的地方。有了这么多的配置和代码，它可以为github和fb工作，但不能为google工作 SocialApplication.java @SpringBootApplication @RestController @Enable

我正在从事一个项目，该项目对Gmail身份验证有要求，并且可以扩展。我正在学习本教程，其中有Facebook和GitHub身份验证的示例。所以我尝试了Gmail，我得到了这个我无法解决的错误，并且在尝试解决时出现了新的异常。请帮助我，因为我相信这是代码受我的添加影响最小的地方。有了这么多的配置和代码，它可以为github和fb工作，但不能为google工作

SocialApplication.java

@SpringBootApplication
@RestController
@EnableOAuth2Client
@EnableAuthorizationServer
@Order(6)
public class SocialApplication extends WebSecurityConfigurerAdapter {

    @Autowired
    OAuth2ClientContext oauth2ClientContext;

    @RequestMapping({ "/user", "/me" })
    public Map<String, String> user(Principal principal) {
        Map<String, String> map = new LinkedHashMap<>();
        map.put("name", principal.getName());
        return map;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**").permitAll().anyRequest()
                .authenticated().and().exceptionHandling()
                .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout()
                .logoutSuccessUrl("/").permitAll().and().csrf()
                .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
                .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
        // @formatter:on
    }

    @Configuration
    @EnableResourceServer
    protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
        @Override
        public void configure(HttpSecurity http) throws Exception {
            // @formatter:off
            http.antMatcher("/me").authorizeRequests().anyRequest().authenticated();
            // @formatter:on
        }
    }

    public static void main(String[] args) {
        SpringApplication.run(SocialApplication.class, args);
    }

    @Bean
    public FilterRegistrationBean oauth2ClientFilterRegistration(OAuth2ClientContextFilter filter) {
        FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setFilter(filter);
        registration.setOrder(-100);
        return registration;
    }

    @Bean
    @ConfigurationProperties("github")
    ClientResources github() {
        return new ClientResources();
    }

    @Bean
    @ConfigurationProperties("facebook")
    ClientResources facebook() {
        return new ClientResources();
    }

    **@Bean
    @ConfigurationProperties("gmail")
    ClientResources gmail(){return new ClientResources();}**

    private Filter ssoFilter() {
        CompositeFilter filter = new CompositeFilter();
        List<Filter> filters = new ArrayList<>();
        filters.add(ssoFilter(facebook(), "/login/facebook"));
        filters.add(ssoFilter(github(), "/login/github"));
        **filters.add(ssoFilter(gmail(), "/login/gmail"));**
        filter.setFilters(filters);
        return filter;
    }

    private Filter ssoFilter(ClientResources client, String path) {
        OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationFilter = new OAuth2ClientAuthenticationProcessingFilter(
                path);
        OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(client.getClient(), oauth2ClientContext);
        oAuth2ClientAuthenticationFilter.setRestTemplate(oAuth2RestTemplate);
        UserInfoTokenServices tokenServices = new UserInfoTokenServices(client.getResource().getUserInfoUri(),
                client.getClient().getClientId());
        tokenServices.setRestTemplate(oAuth2RestTemplate);
        oAuth2ClientAuthenticationFilter.setTokenServices(tokenServices);
        return oAuth2ClientAuthenticationFilter;
    }

}

class ClientResources {
    private OAuth2ProtectedResourceDetails client = new AuthorizationCodeResourceDetails();
    private ResourceServerProperties resource = new ResourceServerProperties();

    public OAuth2ProtectedResourceDetails getClient() {
        return client;
    }

    public ResourceServerProperties getResource() {
        return resource;
    }
}

日志

org.springframework.security.authentication.BadCredentialsException：无法从处的令牌获取用户详细信息 org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter.attemptAuthentication（OAuth2ClientAuthenticationProcessingFilter.java:122） ~[spring-security-oauth2-2.0.10.RELEASE.jar:na]at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter（AbstractAuthenticationProcessingFilter.java:212） [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter（CompositeFilter.java:112） [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter（AbstractAuthenticationProcessingFilter.java:200） [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter（CompositeFilter.java:112） [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter（AbstractAuthenticationProcessingFilter.java:200） [spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE] org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter（CompositeFilter.java:112） [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE] org.springframework.web.filter.CompositeFilter.doFilter（CompositeFilter.java:73） [spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]

**原因： org.springframework.security.oauth2.common.exceptions.InvalidTokenException： ya*************dCCnRbsve3 在 org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices.loadAuthentication（UserInfoTokenServices.java:91） ~[spring-boot-autoconfigure-1.4.0.RELEASE.jar:1.4.0.RELEASE]位于 org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter.attemptAuthentication（OAuth2ClientAuthenticationProcessingFilter.java:112） ~[spring-security-oauth2-2.0.10.RELEASE.jar:na]。。。66通用框架省略

在谷歌API控制台上

重定向我在应用程序中指定的URL:8080/login/gmail

。yml确认后，我找不到定义的userinfo URL？

<div>
    With Facebook: <a href="/login/facebook">click here</a>
</div>
<div>
    With Github: <a href="/login/github">click here</a>
</div>
**<div>
    With Gmail: <a href="/login/gmail">click here</a>
</div>**

我有以下谷歌配置为我工作：

google:
  client:
    clientId: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    clientSecret: YYYYYYYYYYYYYYYYYY
    accessTokenUri: https://accounts.google.com/o/oauth2/token
    userAuthorizationUri: https://accounts.google.com/o/oauth2/auth
    clientAuthenticationScheme: form
    scope: profile email
  resource:
    userInfoUri: https://www.googleapis.com/userinfo/v2/me

仅供参考：您不应该使用userInfoUri进行身份验证，正如谷歌文档中指定的那样，您可以这样做，任何恶意资源提供商都可以冒充您的一个用户。oAuth2用于授权，OpenidConnect用于身份验证。

google:
  client:
    clientId: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    clientSecret: YYYYYYYYYYYYYYYYYY
    accessTokenUri: https://accounts.google.com/o/oauth2/token
    userAuthorizationUri: https://accounts.google.com/o/oauth2/auth
    clientAuthenticationScheme: form
    scope: profile email
  resource:
    userInfoUri: https://www.googleapis.com/userinfo/v2/me