Spring 启动 OAuth2 - 无法从令牌中获取用户详细信息
Spring Boot OAuth2 - Could not obtain user details from token
我在网上搜索了这个问题的解决方案,但没有找到任何可行的解决方案。我正在尝试设置基本的 Spring 引导 OAuth2 授权提供程序和客户端。
我按照官方 Spring 引导说明创建了 Facebook 和 Github 单点登录。然后我按照说明创建安全 Spring Boot Web 应用程序。
我想创建自己的授权服务器,所以我按照 here 的说明向安全 Web 应用程序添加了 @EnableAuthorizationServer 注释。我还添加了 OAuth2 客户端的详细信息,如 link 中所述。我按照进一步的说明创建了一个 OAuth2 客户端。
我启动两个应用程序,访问 127.0.0.1:9999 打开客户端,客户端将我重定向到 localhost:8080/login,我输入用户详细信息,Authentication Provider 将我重定向到 127.0.0.1:9999/login我收到一条错误消息:
Authentication Failed: Could not obtain user details from token
这是记录的内容:
INFO 2800 --- [nio-9999-exec-3] o.s.b.a.s.o.r.UserInfoTokenServices : Getting user info from: http:// localhost:8080/me
DEBUG 2800 --- [nio-9999-exec-3] o.s.s.oauth2.client.OAuth2RestTemplate : Created GET request for http:// localhost:8080/me
DEBUG 2800 --- [nio-9999-exec-3] o.s.s.oauth2.client.OAuth2RestTemplate : Setting request Accept header to [application/json, application/*+json]
DEBUG 2800 --- [nio-9999-exec-3] o.s.s.oauth2.client.OAuth2RestTemplate : GET request for http:// localhost:8080/me resulted in 200 (OK)
INFO 2800 --- [nio-9999-exec-3] o.s.b.a.s.o.r.UserInfoTokenServices : Could not fetch user details: class org.springframework.web.client.RestClientException, Could not extract response: no suitable HttpMessageConverter found for response type [interface java.util.Map] and content type [text/html;charset=UTF-8]]
这是我的客户端应用程序:
@EnableAutoConfiguration
@Configuration
@EnableOAuth2Sso
@RestController
public class ClientApplication {
@RequestMapping("/")
public String home(Principal user) {
return "Hello " + user.getName();
}
public static void main(String[] args) {
SpringApplication.run(ClientApplication.class, args);
}
}
这是客户端应用 YML:
server:
port: 9999
security:
oauth2:
client:
client-id: acme
client-secret: acmesecret
access-token-uri: http://localhost:8080/oauth/token
user-authorization-uri: http://localhost:8080/oauth/authorize
resource:
user-info-uri: http://localhost:8080/me
这是我的授权提供商应用程序:
@SpringBootApplication
public class SecurityApp {
public static void main(String[] args) {
SpringApplication.run(SecurityApp.class, args);
}
}
@Configuration
@EnableWebSecurity
@EnableAuthorizationServer
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
}
@Configuration
public class MvcConfig extends WebMvcConfigurerAdapter {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/home").setViewName("home");
registry.addViewController("/").setViewName("home");
registry.addViewController("/hello").setViewName("hello");
registry.addViewController("/login").setViewName("login");
}
}
@RestController
public class Controller {
@RequestMapping({ "/user", "/me" })
public Map<String, String> user(Principal principal) {
Map<String, String> map = new LinkedHashMap<>();
map.put("name", principal.getName());
return map;
}
}
这是应用程序提供商 YML:
security:
oauth2:
client:
client-id: acme
client-secret: acmesecret
scope: read,write
auto-approve-scopes: '.*'
我解决了这个问题!我缺少处理用户端点 (user-info-uri) 请求的资源服务器。我向授权提供程序应用程序添加了此 class:
@Configuration
@EnableResourceServer
public class ResourceServer
extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/me")
.authorizeRequests().anyRequest().authenticated();
}
}
user-info-uri 应该在授权服务器中,因为所有 accounts/users 都在其中。
我在网上搜索了这个问题的解决方案,但没有找到任何可行的解决方案。我正在尝试设置基本的 Spring 引导 OAuth2 授权提供程序和客户端。
我按照官方 Spring 引导说明创建了 Facebook 和 Github 单点登录。然后我按照说明创建安全 Spring Boot Web 应用程序。
我想创建自己的授权服务器,所以我按照 here 的说明向安全 Web 应用程序添加了 @EnableAuthorizationServer 注释。我还添加了 OAuth2 客户端的详细信息,如 link 中所述。我按照进一步的说明创建了一个 OAuth2 客户端。
我启动两个应用程序,访问 127.0.0.1:9999 打开客户端,客户端将我重定向到 localhost:8080/login,我输入用户详细信息,Authentication Provider 将我重定向到 127.0.0.1:9999/login我收到一条错误消息:
Authentication Failed: Could not obtain user details from token
这是记录的内容:
INFO 2800 --- [nio-9999-exec-3] o.s.b.a.s.o.r.UserInfoTokenServices : Getting user info from: http:// localhost:8080/me
DEBUG 2800 --- [nio-9999-exec-3] o.s.s.oauth2.client.OAuth2RestTemplate : Created GET request for http:// localhost:8080/me
DEBUG 2800 --- [nio-9999-exec-3] o.s.s.oauth2.client.OAuth2RestTemplate : Setting request Accept header to [application/json, application/*+json]
DEBUG 2800 --- [nio-9999-exec-3] o.s.s.oauth2.client.OAuth2RestTemplate : GET request for http:// localhost:8080/me resulted in 200 (OK)
INFO 2800 --- [nio-9999-exec-3] o.s.b.a.s.o.r.UserInfoTokenServices : Could not fetch user details: class org.springframework.web.client.RestClientException, Could not extract response: no suitable HttpMessageConverter found for response type [interface java.util.Map] and content type [text/html;charset=UTF-8]]
这是我的客户端应用程序:
@EnableAutoConfiguration
@Configuration
@EnableOAuth2Sso
@RestController
public class ClientApplication {
@RequestMapping("/")
public String home(Principal user) {
return "Hello " + user.getName();
}
public static void main(String[] args) {
SpringApplication.run(ClientApplication.class, args);
}
}
这是客户端应用 YML:
server:
port: 9999
security:
oauth2:
client:
client-id: acme
client-secret: acmesecret
access-token-uri: http://localhost:8080/oauth/token
user-authorization-uri: http://localhost:8080/oauth/authorize
resource:
user-info-uri: http://localhost:8080/me
这是我的授权提供商应用程序:
@SpringBootApplication
public class SecurityApp {
public static void main(String[] args) {
SpringApplication.run(SecurityApp.class, args);
}
}
@Configuration
@EnableWebSecurity
@EnableAuthorizationServer
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
}
@Configuration
public class MvcConfig extends WebMvcConfigurerAdapter {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/home").setViewName("home");
registry.addViewController("/").setViewName("home");
registry.addViewController("/hello").setViewName("hello");
registry.addViewController("/login").setViewName("login");
}
}
@RestController
public class Controller {
@RequestMapping({ "/user", "/me" })
public Map<String, String> user(Principal principal) {
Map<String, String> map = new LinkedHashMap<>();
map.put("name", principal.getName());
return map;
}
}
这是应用程序提供商 YML:
security:
oauth2:
client:
client-id: acme
client-secret: acmesecret
scope: read,write
auto-approve-scopes: '.*'
我解决了这个问题!我缺少处理用户端点 (user-info-uri) 请求的资源服务器。我向授权提供程序应用程序添加了此 class:
@Configuration
@EnableResourceServer
public class ResourceServer
extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/me")
.authorizeRequests().anyRequest().authenticated();
}
}
user-info-uri 应该在授权服务器中,因为所有 accounts/users 都在其中。