Spring security Spring Boot OAuth2-GoogleApi-无法从令牌获取用户详细信息
我正在从事一个项目,该项目对Gmail身份验证有要求,并且可以扩展。 我正在学习本教程,其中有Facebook和GitHub身份验证的示例。所以我尝试了Gmail,我得到了这个我无法解决的错误,并且在尝试解决时出现了新的异常。请帮助我,因为我相信这是代码受我的添加影响最小的地方。有了这么多的配置和代码,它可以为github和fb工作,但不能为google工作 SocialApplication.javaSpring security Spring Boot OAuth2-GoogleApi-无法从令牌获取用户详细信息,spring-security,spring-boot,google-oauth,spring-security-oauth2,Spring Security,Spring Boot,Google Oauth,Spring Security Oauth2,我正在从事一个项目,该项目对Gmail身份验证有要求,并且可以扩展。 我正在学习本教程,其中有Facebook和GitHub身份验证的示例。所以我尝试了Gmail,我得到了这个我无法解决的错误,并且在尝试解决时出现了新的异常。请帮助我,因为我相信这是代码受我的添加影响最小的地方。有了这么多的配置和代码,它可以为github和fb工作,但不能为google工作 SocialApplication.java @SpringBootApplication @RestController @Enable
@SpringBootApplication
@RestController
@EnableOAuth2Client
@EnableAuthorizationServer
@Order(6)
public class SocialApplication extends WebSecurityConfigurerAdapter {
@Autowired
OAuth2ClientContext oauth2ClientContext;
@RequestMapping({ "/user", "/me" })
public Map<String, String> user(Principal principal) {
Map<String, String> map = new LinkedHashMap<>();
map.put("name", principal.getName());
return map;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**").permitAll().anyRequest()
.authenticated().and().exceptionHandling()
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout()
.logoutSuccessUrl("/").permitAll().and().csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
// @formatter:on
}
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.antMatcher("/me").authorizeRequests().anyRequest().authenticated();
// @formatter:on
}
}
public static void main(String[] args) {
SpringApplication.run(SocialApplication.class, args);
}
@Bean
public FilterRegistrationBean oauth2ClientFilterRegistration(OAuth2ClientContextFilter filter) {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(filter);
registration.setOrder(-100);
return registration;
}
@Bean
@ConfigurationProperties("github")
ClientResources github() {
return new ClientResources();
}
@Bean
@ConfigurationProperties("facebook")
ClientResources facebook() {
return new ClientResources();
}
**@Bean
@ConfigurationProperties("gmail")
ClientResources gmail(){return new ClientResources();}**
private Filter ssoFilter() {
CompositeFilter filter = new CompositeFilter();
List<Filter> filters = new ArrayList<>();
filters.add(ssoFilter(facebook(), "/login/facebook"));
filters.add(ssoFilter(github(), "/login/github"));
**filters.add(ssoFilter(gmail(), "/login/gmail"));**
filter.setFilters(filters);
return filter;
}
private Filter ssoFilter(ClientResources client, String path) {
OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationFilter = new OAuth2ClientAuthenticationProcessingFilter(
path);
OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(client.getClient(), oauth2ClientContext);
oAuth2ClientAuthenticationFilter.setRestTemplate(oAuth2RestTemplate);
UserInfoTokenServices tokenServices = new UserInfoTokenServices(client.getResource().getUserInfoUri(),
client.getClient().getClientId());
tokenServices.setRestTemplate(oAuth2RestTemplate);
oAuth2ClientAuthenticationFilter.setTokenServices(tokenServices);
return oAuth2ClientAuthenticationFilter;
}
}
class ClientResources {
private OAuth2ProtectedResourceDetails client = new AuthorizationCodeResourceDetails();
private ResourceServerProperties resource = new ResourceServerProperties();
public OAuth2ProtectedResourceDetails getClient() {
return client;
}
public ResourceServerProperties getResource() {
return resource;
}
}
日志
org.springframework.security.authentication.BadCredentialsException:
无法从处的令牌获取用户详细信息
org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter.attemptAuthentication(OAuth2ClientAuthenticationProcessingFilter.java:122)
~[spring-security-oauth2-2.0.10.RELEASE.jar:na]at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
[spring-security-web-4.1.1.RELEASE.jar:4.1.1.RELEASE]
org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:112)
[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:73)
[spring-web-4.3.2.RELEASE.jar:4.3.2.RELEASE]
**原因:
org.springframework.security.oauth2.common.exceptions.InvalidTokenException:
ya*************dCCnRbsve3
在
org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices.loadAuthentication(UserInfoTokenServices.java:91)
~[spring-boot-autoconfigure-1.4.0.RELEASE.jar:1.4.0.RELEASE]位于
org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter.attemptAuthentication(OAuth2ClientAuthenticationProcessingFilter.java:112)
~[spring-security-oauth2-2.0.10.RELEASE.jar:na]。。。66通用框架
省略
在谷歌API控制台上
重定向我在应用程序中指定的URL:8080/login/gmail。yml确认后,我找不到定义的userinfo URL?
<div>
With Facebook: <a href="/login/facebook">click here</a>
</div>
<div>
With Github: <a href="/login/github">click here</a>
</div>
**<div>
With Gmail: <a href="/login/gmail">click here</a>
</div>**
我有以下谷歌配置为我工作:
google:
client:
clientId: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
clientSecret: YYYYYYYYYYYYYYYYYY
accessTokenUri: https://accounts.google.com/o/oauth2/token
userAuthorizationUri: https://accounts.google.com/o/oauth2/auth
clientAuthenticationScheme: form
scope: profile email
resource:
userInfoUri: https://www.googleapis.com/userinfo/v2/me
仅供参考:您不应该使用userInfoUri进行身份验证,正如谷歌文档中指定的那样,您可以这样做,任何恶意资源提供商都可以冒充您的一个用户。oAuth2用于授权,OpenidConnect用于身份验证。
google:
client:
clientId: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
clientSecret: YYYYYYYYYYYYYYYYYY
accessTokenUri: https://accounts.google.com/o/oauth2/token
userAuthorizationUri: https://accounts.google.com/o/oauth2/auth
clientAuthenticationScheme: form
scope: profile email
resource:
userInfoUri: https://www.googleapis.com/userinfo/v2/me