spring security oauth2多重登录无身份验证对象异常
我有一个使用spring security oauth2的应用程序。我有一个jdbc登录正在工作,我想添加另一个用另一个登录url映射的身份验证管理器。第一次登录有效,我可以获得令牌,但第二次登录出现此错误,我如何处理?谢谢spring security oauth2多重登录无身份验证对象异常,spring,security,login,oauth-2.0,Spring,Security,Login,Oauth 2.0,我有一个使用spring security oauth2的应用程序。我有一个jdbc登录正在工作,我想添加另一个用另一个登录url映射的身份验证管理器。第一次登录有效,我可以获得令牌,但第二次登录出现此错误,我如何处理?谢谢 <UnauthorizedException> <error>unauthorized</error> <error_description>An Authentication object was not found in
<UnauthorizedException>
<error>unauthorized</error>
<error_description>An Authentication object was not found in the SecurityContext</error_description>
未经授权
在SecurityContext中找不到身份验证对象
<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:sec="http://www.springframework.org/schema/security" xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd ">
<!-- @author Nagesh.Chauhan(neel4soft@gmail.com) -->
<!-- This is default url to get a token from OAuth -->
<http pattern="/oauth/token" create-session="stateless"
authentication-manager-ref="clientAuthenticationManager"
xmlns="http://www.springframework.org/schema/security">
<intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
<anonymous enabled="false" />
<http-basic entry-point-ref="clientAuthenticationEntryPoint" />
<!-- include this only if you need to authenticate clients via request
parameters -->
<custom-filter ref="clientCredentialsTokenEndpointFilter"
after="BASIC_AUTH_FILTER" />
<!-- <custom-filter ref="corsFilter" before="HEADERS_FILTER"/> -->
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
<http pattern="/oauth/token2" create-session="stateless"
authentication-manager-ref="authenticationManager2"
xmlns="http://www.springframework.org/schema/security">
<intercept-url pattern="/oauth/token2" access="IS_AUTHENTICATED_FULLY" />
<anonymous enabled="false" />
<!-- include this only if you need to authenticate clients via request
parameters -->
<http-basic entry-point-ref="clientAuthenticationEntryPoint" />
<custom-filter ref="clientCredentialsTokenEndpointFilter"
after="BASIC_AUTH_FILTER" />
<!-- <custom-filter ref="corsFilter" before="HEADERS_FILTER"/> -->
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
<!-- This is where we tells spring security what URL should be protected
and what roles have access to them -->
<http pattern="/restful/**" create-session="always"
entry-point-ref="oauthAuthenticationEntryPoint"
access-decision-manager-ref="accessDecisionManager"
xmlns="http://www.springframework.org/schema/security">
<anonymous enabled="false" />
<intercept-url pattern="/restful/**" access="ROLE_ADMIN" />
<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<custom-filter ref="corsFilter" before="HEADERS_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
<bean id="corsFilter" class="com.monimetric.security.JCLCORSFilter" />
<bean id="oauthAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="test" />
</bean>
<bean id="clientAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="test/client" />
<property name="typeName" value="Basic" />
</bean>
<bean id="oauthAccessDeniedHandler"
class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
<bean id="clientCredentialsTokenEndpointFilter"
class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
<property name="authenticationManager" ref="clientAuthenticationManager" />
</bean>
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased"
xmlns="http://www.springframework.org/schema/beans">
<constructor-arg>
<list>
<bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
<bean class="org.springframework.security.access.vote.RoleVoter" />
<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
</list>
</constructor-arg>
</bean>
<authentication-manager id="clientAuthenticationManager"
xmlns="http://www.springframework.org/schema/security">
<authentication-provider user-service-ref="clientDetailsUserService" />
</authentication-manager>
<sec:ldap-server id="ldapServer"
url="ldap://185.4.210.3:3268/dc=metric,dc=local" root="ou=Users,ou=Metric,dc=metric,dc=local"
manager-dn="cn=metricappsuser,ou=Users,ou=Metric,dc=metric,dc=local"
manager-password="fdGas5hja" />
<security:authentication-manager alias="authenticationManager"
erase-credentials="false" xmlns="http://www.springframework.org/schema/security">
<security:authentication-provider>
<sec:jdbc-user-service data-source-ref="metricAppsDS"
users-by-username-query="SELECT username, password, active, lastLoginTime FROM metricapps.tuser WHERE username=?"
authorities-by-username-query="SELECT tuser.username, trole.name FROM tuser, trole, tuserrole WHERE tuser.username = tuserrole.username and trole.id = tuserrole.roleId and tuser.username=?" />
<security:password-encoder ref="base64PasswordEncoder" />
<ldap-authentication-provider user-search-base="ou=Metric" user-search-filter="sAMAccountName={0}"
server-ref="ldapServer" user-context-mapper-ref="customLdapContextMapper"/>
</security:authentication-manager>
<security:authentication-manager alias="authenticationManager2" id="authenticationManager2"
erase-credentials="false" xmlns="http://www.springframework.org/schema/security">
<sec:authentication-provider>
<sec:user-service>
<sec:user name="asd" password="asd" authorities="ROLE_ADMIN"/>
</sec:user-service>
</sec:authentication-provider>
</security:authentication-manager>
<bean id="customLdapContextMapper" class="com.monimetric.ldap.mapper.CustomLdapContextMapper"></bean>
<bean id="clientDetailsUserService"
class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
<constructor-arg ref="clientDetails" />
</bean>
<bean id="tokenStore"
class="org.springframework.security.oauth2.provider.token.store.JdbcTokenStore">
<constructor-arg ref="metricAppsDS" />
</bean>
<!-- This is where we defined token based configurations, token validity
and other things -->
<bean id="tokenServices"
class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
<property name="tokenStore" ref="tokenStore" />
<property name="supportRefreshToken" value="true" />
<property name="accessTokenValiditySeconds" value="12000" />
<property name="clientDetailsService" ref="clientDetails" />
</bean>
<bean id="userApprovalHandler"
class="org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler">
<property name="tokenStore" ref="tokenStore" />
<property name="requestFactory" ref="oauthRequestFactory" />
</bean>
<bean id="oauthRequestFactory"
class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory">
<constructor-arg name="clientDetailsService" ref="clientDetails" />
</bean>
<oauth:authorization-server
client-details-service-ref="clientDetails" token-services-ref="tokenServices"
user-approval-handler-ref="userApprovalHandler">
<oauth:authorization-code />
<oauth:implicit />
<oauth:refresh-token />
<oauth:client-credentials />
<oauth:password authentication-manager-ref="authenticationManager" />
</oauth:authorization-server>
<oauth:resource-server id="resourceServerFilter"
resource-id="test" token-services-ref="tokenServices" />
<oauth:client-details-service id="clientDetails">
<!-- client -->
<oauth:client client-id="restapp"
authorized-grant-types="authorization_code,client_credentials"
authorities="ROLE_ADMIN" scope="read,write,trust" secret="secret" />
<oauth:client client-id="restapp"
authorized-grant-types="password,authorization_code,refresh_token,implicit"
secret="restapp" scope="read,write,trust" authorities="ROLE_ADMIN" />
</oauth:client-details-service>
<sec:global-method-security
pre-post-annotations="enabled" proxy-target-class="true">
<sec:expression-handler ref="oauthExpressionHandler" />
</sec:global-method-security>
<oauth:expression-handler id="oauthExpressionHandler" />
<oauth:web-expression-handler id="oauthWebExpressionHandler" />
我想要的是有两个不同的url,每个url都有不同的登录系统,其中一个是JDBC,另一个是LDAP或类似的东西…这太多代码了,无法缩小问题的范围,但是我可以告诉你,你没有给SpringSecurity用户对象,它将被填充到SecurityContextHolder中。现在,你是怎么做的,你得到了这个错误,为什么你的AuthenticationManager被注释掉了?我想要的是有两个不同的url,每个url都有不同的登录系统,一个是JDBC,另一个是LDAP或类似的东西…没有LDAP的经验,但我建议首先运行JDBC身份验证,我可以帮助您。现在删除不必要的LDAP代码,进行备份,首先关注JDBC。你仍然没有告诉我为什么你的身份验证管理器被注释掉了。我删除了注释,这是为了测试。JDBC部分已经开始工作了。当我为LDAP或其他东西编写第二个authenticationManager时,令牌请求返回未经授权的错误,如上所述……这就是问题所在否,我不能这样做。相反,我为ldap身份验证创建了另一个应用程序。我有一个单独的应用程序,只用于ldap登录。如果我以后不得不使用另一个登录机制,我将为此再创建一个应用程序。在我找到一个明确的解决方案之前,这将一直有效。我想spring security没有一个好的清晰的解决方案。