无法获取用户详细信息:..springframework.security.oauth2.client.resource.UserRedirectRequiredException

Posted

技术标签:

【中文标题】无法获取用户详细信息:..springframework.security.oauth2.client.resource.UserRedirectRequiredException【英文标题】:Could not fetch user details: ..springframework.security.oauth2.client.resource.UserRedirectRequiredException 【发布时间】:2019-02-18 22:23:29 【问题描述】:

当我在 accessTokenUri 中提供域名时,它不起作用并报告错误,但是当我提供 localhost 时它起作用。为什么?

授权服务器配置.java

@Configuration
@EnableAuthorizationServer
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter 

@Autowired
private AuthenticationManager authenticationManager;


@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception 

    security.tokenKeyAccess("permitAll()")
            .checkTokenAccess("isAuthenticated()");



@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception 
    clients
            .inMemory()
            .withClient("QWE123")
            .secret("abc")
            .authorizedGrantTypes("password")
            .scopes("user_info").accessTokenValiditySeconds(0)
            .autoApprove(true);



@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception 

    endpoints.authenticationManager(authenticationManager);



@EnableResourceServer
@Configuration
public class ResourceServerConfig extends WebSecurityConfigurerAdapter 

@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception 
    return super.authenticationManagerBean();

@Autowired
private UserDetailsService customUserDetailsService;

@Override
protected void configure(HttpSecurity http) throws Exception 

    http.authorizeRequests()
            .antMatchers("/login").permitAll()
            .anyRequest()
            .authenticated()
            .and()
            .formLogin()
            .permitAll();


@Override
public void configure(WebSecurity web) throws Exception 
    web.ignoring().antMatchers("/user/**","/swagger-ui.html", "/v2/api-docs", "/swagger-resources/**");

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception 

    auth
            .userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder());


@Bean
public BCryptPasswordEncoder passwordEncoder() 
    return new BCryptPasswordEncoder();




App.properties
security:
  basic:
    enabled: false
  oauth2:
    resource:
      filter-order: 3

ResourceServerConfig.java

@EnableOAuth2Sso
@Configuration
public class OauthConfig extends WebSecurityConfigurerAdapter


    @Override
    protected void configure(HttpSecurity http) throws Exception 

        http
                .authorizeRequests()
                .antMatchers("/")
                .permitAll()
                .anyRequest()
                .authenticated();

    

    @Override
    public void configure(WebSecurity web) throws Exception 
        web.ignoring().antMatchers("/swagger-ui.html", "/v2/api-docs", "/swagger-resources/**");
    


@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class Oauth2ResourceServerConfig extends GlobalMethodSecurityConfiguration 

    @Override
    protected MethodSecurityExpressionHandler createExpressionHandler() 
        return new OAuth2MethodSecurityExpressionHandler();
    


App.properties

security:
  basic:
    enabled: false
  oauth2:
      client:
        clientId: QWE123
        clientSecret: abc
        accessTokenUri: https://example.net/auth/oauth/token
        userAuthorizationUri: https://example.net/auth/oauth/authorize
      resource:
        userInfoUri: https://example.net/auth/logged-in/principal
        filter-order: 3

错误:

2018-09-14 12:00:13.083 信息 25836 --- [主要] o.s.j.e.a.AnnotationMBeanExporter : 定位托管 bean “environmentManager”:向 JMX 服务器注册为 MBean [org.springframework.cloud.context.environment:name=environmentManager,type=EnvironmentManager] 2018-09-14 12:00:13.095 信息 25836 --- [主要] o.s.j.e.a.AnnotationMBeanExporter : 定位托管 bean 'restartEndpoint':向 JMX 服务器注册为 MBean [org.springframework.cloud.context.restart:name=restartEndpoint,type=RestartEndpoint] 2018-09-14 12:00:13.106 信息 25836 --- [主要] o.s.j.e.a.AnnotationMBeanExporter : 定位托管 bean 'refreshScope':向 JMX 服务器注册为 MBean [org.springframework.cloud.context.scope.refresh:name=refreshScope,type=RefreshScope] 2018-09-14 12:00:13.116 信息 25836 --- [主要] o.s.j.e.a.AnnotationMBeanExporter : 定位托管 bean 'configurationPropertiesRebinder':向 JMX 服务器注册为 MBean [org.springframework.cloud.context.properties:name=configurationPropertiesRebinder,context=35d08e6c,type=ConfigurationPropertiesRebinder] 2018-09-14 12:00:13.123 信息 25836 --- [主要] o.s.j.e.a.AnnotationMBeanExporter : 定位托管 bean 'refreshEndpoint':向 JMX 服务器注册为 MBean [org.springframework.cloud.endpoint:name=refreshEndpoint,type=RefreshEndpoint] 2018-09-14 12:00:13.424 信息 25836 --- [主要] o.s.c.support.DefaultLifecycleProcessor :在阶段 0 启动 bean 2018-09-14 12:00:13.482 信息 25836 --- [主要] o.s.c.support.DefaultLifecycleProcessor :分阶段启动 bean 2147483647 2018-09-14 12:00:13.483 信息 25836 --- [主要] d.s.w.p.DocumentationPluginsBootstrapper : 上下文刷新 2018-09-14 12:00:13.509 信息 25836 --- [主要] d.s.w.p.DocumentationPluginsBootstrapper:找到 1 个自定义 文档插件 2018-09-14 12:00:13.530 INFO 25836 --- [ main] s.d.s.w.s.ApiListingReferenceScanner : 扫描 api 列出参考 2018-09-14 12:00:13.870 INFO 25836 --- [ main] s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat 启动 端口:8080 (http) 2018-09-14 12:00:13.882 INFO 25836 --- [ main] c.h.dfsc.DfscServiceApplication : 已启动 DfscServiceApplication 44.8 秒(JVM 运行 45.324) 2018-09-14 12:01:52.271 信息 25836 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/api]:初始化 Spring FrameworkServlet 'dispatcherServlet' 2018-09-14 12:01:52.271 信息 25836 --- [nio-8080-exec-1] os.web.servlet.DispatcherServlet: FrameworkServlet 'dispatcherServlet':初始化开始 2018-09-14 12:01:52.292 信息 25836 --- [nio-8080-exec-1] os.web.servlet.DispatcherServlet : FrameworkServlet “dispatcherServlet”:初始化在 21 毫秒内完成 2018-09-14 12:01:52.990 警告 25836 --- [nio-8080-exec-1] o.s.b.a.s.o.r.UserInfoTokenServices:无法获取用户详细信息:类 org.springframework.security.oauth2.client.resource.UserRedirectRequiredException, 需要重定向才能获得用户的批准

我在这方面找到了很多但没有成功,你能帮帮我吗?

【问题讨论】:

【参考方案1】:

我已经找到了解决方案。 它是由于集群而发生的。有多个服务器实例对令牌进行身份验证和授权。当请求生成令牌时,它将令牌存储在一个实例上,但当授权请求到来时,它会命中另一个实例。它没有找到令牌并生成异常。 在本地主机上,我只有一台服务器,因此工作正常。

【讨论】:

最好将令牌保存在 Redis 等内存数据库中。 Spring 有一个特性可以做到这一点。 @EnableRedisHttpSession.

以上是关于无法获取用户详细信息:..springframework.security.oauth2.client.resource.UserRedirectRequiredException的主要内容,如果未能解决你的问题,请参考以下文章

无法获取用户详细信息:..springframework.security.oauth2.client.resource.UserRedirectRequiredException

Spring Boot OAuth2 - 无法从令牌获取用户详细信息

Spring Boot OAuth2 - GoogleApi - 无法从令牌获取用户详细信息

资源服务器获取用户信息,java - Spring Security OAuth2资源服务器无法获取包含详细信息的主体 - 堆栈内存溢出...

资源服务器获取用户信息,java - Spring Security OAuth2资源服务器无法获取包含详细信息的主体 - 堆栈内存溢出...

资源服务器获取用户信息,java - Spring Security OAuth2资源服务器无法获取包含详细信息的主体 - 堆栈内存溢出...