spring-security问题记录---Could not decode JSON for additional information: BaseClientDetails

Posted xj-record

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了spring-security问题记录---Could not decode JSON for additional information: BaseClientDetails相关的知识,希望对你有一定的参考价值。

一、错误信息

  • Could not decode JSON for additional information: BaseClientDetails
2019-12-03 22:18:37.239  WARN 19120 --- [nio-8100-exec-4] o.s.s.o.p.c.JdbcClientDetailsService     : Could not decode JSON for additional information: BaseClientDetails [clientId=c1, clientSecret=$2a$10$NlBC84MVb7F95EXYTXwLneXgCca6/GipyWR5NHm8K0203bSQMLpvm, scope=[ROLE_ADMIN, ROLE_USER, ROLE_API], resourceIds=[res1], authorizedGrantTypes=[client_credentials, password, authorization_code, implicit, refresh_token], registeredRedirectUris=[http://www.baidu.com], authorities=[], accessTokenValiditySeconds=7200, refreshTokenValiditySeconds=259200, additionalInformation={}]

java.io.EOFException: No content to map to Object due to end of input
	at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) ~[jackson-mapper-asl-1.9.13.jar:1.9.13]
	at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) ~[jackson-mapper-asl-1.9.13.jar:1.9.13]
	at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1863) ~[jackson-mapper-asl-1.9.13.jar:1.9.13]
	at org.springframework.security.oauth2.provider.client.JdbcClientDetailsService$JacksonMapper.read(`JdbcClientDetailsService.java:309`) ~[spring-security-oauth2-2.3.4.RELEASE.jar:na]
	at org.springframework.security.oauth2.provider.client.JdbcClientDetailsService$ClientDetailsRowMapper.mapRow(JdbcClientDetailsService.java:268) [spring-security-oauth2-2.3.4.RELEASE.jar:na]
	at org.springframework.security.oauth2.provider.client.JdbcClientDetailsService$ClientDetailsRowMapper.mapRow(JdbcClientDetailsService.java:251) [spring-security-oauth2-2.3.4.RELEASE.jar:na]
	at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:94) [spring-jdbc-5.1.10.RELEASE.jar:5.1.10.RELEASE]
	at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:61) [spring-jdbc-5.1.10.RELEASE.jar:5.1.10.RELEASE]

根据错消息定位到 JdbcClientDetailsService.java 这个类,查看源码可以知道查出的数据中有一个空数据转json报错

查看数据库果然 additional_information 字段都是空的。然后在数据库中先添加了测试字符串,发现还是报同样的错误。

最后百度+google终于在网址找到了下面这两篇文章。

1.根据这篇文章里的介绍这是一个预留的字段 https://blog.csdn.net/u011676300/article/details/84390988

  1. Spring OAuth2:无法从ClientDetailsS​​ervice获取其他信息

二、错误信息

{"error":"method_not_allowed","error_description":"Request method 'GET' not supported"}

原因:security 默认只支持post方式获取token,如果需要实用get方式的话需要修改security的配置

@Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.authenticationManager(authenticationManager)
                .tokenServices(tokenService())
                .authorizationCodeServices(authorizationCodeServices())
                .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);// 默认只能通过post
    }

三、重定向问题

当使用授权码认证模式的话,通过zuul网关访问:`http://localhost:8111/security/oauth/authorize?client_id=c1&response_type=code`,会重定向到
认证服务器的ip和端口

解决:

zuul:
  routes:
  # 添加代理投
  add-proxy-headers: true
  # 此处解决后端服务重定向导致用户浏览的 host 变成 后端服务的 host 问题
  add-host-header: true

加上之后,ip和端口就不会改为认证服务器的地址 http://localhost:8111/security/oauth/authorize?client_id=c1&response_type=code

以上是关于spring-security问题记录---Could not decode JSON for additional information: BaseClientDetails的主要内容,如果未能解决你的问题,请参考以下文章

Spring-Security认证和授权

spring-security 个性化用户认证流程——自定义登录页面(可配置)

Spring-Security:认证后调用方法

Spring-Security:升级到 Spring-Security 4.1 后,用户名发送为空以进行登录

Spring-security /login 重定向

Spring-security - 无法访问 ServletException