java – 为什么我的Spring OAuth2服务器无法使用SSL自签名ssl?
内容导读
互联网集市收集整理的这篇技术教程文章主要介绍了java – 为什么我的Spring OAuth2服务器无法使用SSL自签名ssl?,小编现在分享给大家,供广大互联网技能从业者学习和参考。文章包含6673字,纯文字阅读大概需要10分钟。
内容图文
![java – 为什么我的Spring OAuth2服务器无法使用SSL自签名ssl?](/upload/InfoBanner/zyjiaocheng/767/0533f0593edb40d1bb38ddccd968927f.jpg)
我在我的应用程序上使用OAuth 2.0.我有2个使用Spring Boot开发的应用程序,一个使用url https://192.168.1.30:2999/autenticador进行身份验证,第二个使用客户端https://192.168.1.30:2901/进行身份验证.
当我使用没有SSL的服务器(http://192.168.1.30:2999/autenticador和https://192.168.1.30:2901/)时,授权成功.但是,当我使用自签名证书时,我遇到了问题,返回错误401,未授权,身份验证失败:无法获取访问令牌.我不知道它是如何以及为什么会发生的.
观察:证书在我的计算机上注册,如信任,然后我看到地址栏为绿色.
客户端:
@SpringBootApplication
@EnableOAuth2Sso
public class Application {
public static void main(String[] args) throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException {
SpringApplication.run(Application.class, args);
}
}
服务器上的OAuth 2.0配置:
@Configuration
@EnableAuthorizationServer
public class OAuthConfiguration extends AuthorizationServerConfigurerAdapter{
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("client")
.authorizedGrantTypes("authorization_code")
.scopes("read", "trust")
.resourceIds("RESOURCE_ID")
.secret("secret");
}
}
这是服务器登录成功后的客户端日志:
2016-06-06 16:47:27.376 DEBUG [nio-2901-exec-4] o.s.security.web.FilterChainProxy / at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2016-06-06 16:47:27.377 DEBUG [nio-2901-exec-4] o.s.security.web.FilterChainProxy / at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2016-06-06 16:47:27.378 DEBUG [nio-2901-exec-4] w.c.HttpSessionSecurityContextRepository No HttpSession currently exists
2016-06-06 16:47:27.378 DEBUG [nio-2901-exec-4] w.c.HttpSessionSecurityContextRepository No SecurityContext was available from the HttpSession: null. A new one will be created.
2016-06-06 16:47:27.381 DEBUG [nio-2901-exec-4] o.s.security.web.FilterChainProxy / at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2016-06-06 16:47:27.382 DEBUG [nio-2901-exec-4] o.s.security.web.FilterChainProxy / at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
2016-06-06 16:47:27.383 DEBUG [nio-2901-exec-4] o.s.security.web.FilterChainProxy / at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2016-06-06 16:47:27.383 DEBUG [nio-2901-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher Request 'GET /' doesn't match 'POST /logout
2016-06-06 16:47:27.383 DEBUG [nio-2901-exec-4] o.s.security.web.FilterChainProxy / at position 6 of 12 in additional filter chain; firing Filter: 'OAuth2ClientAuthenticationProcessingFilter'
2016-06-06 16:47:27.384 DEBUG [nio-2901-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher Checking match of request : '/'; against '/login'
2016-06-06 16:47:27.384 DEBUG [nio-2901-exec-4] o.s.security.web.FilterChainProxy / at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2016-06-06 16:47:27.384 DEBUG [nio-2901-exec-4] o.s.security.web.FilterChainProxy / at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2016-06-06 16:47:27.386 DEBUG [nio-2901-exec-4] o.s.security.web.FilterChainProxy / at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2016-06-06 16:47:27.389 DEBUG [nio-2901-exec-4] o.s.s.w.a.AnonymousAuthenticationFilter Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 192.168.1.30; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2016-06-06 16:47:27.389 DEBUG [nio-2901-exec-4] o.s.security.web.FilterChainProxy / at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2016-06-06 16:47:27.389 DEBUG [nio-2901-exec-4] o.s.s.w.session.SessionManagementFilter Requested session ID CBA2CC9F09D613F91D95FD4764E48A50 is invalid.
2016-06-06 16:47:27.389 DEBUG [nio-2901-exec-4] o.s.security.web.FilterChainProxy / at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2016-06-06 16:47:27.389 DEBUG [nio-2901-exec-4] o.s.security.web.FilterChainProxy / at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2016-06-06 16:47:27.390 DEBUG [nio-2901-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor Secure object: FilterInvocation: URL: /; Attributes: [authenticated]
2016-06-06 16:47:27.390 DEBUG [nio-2901-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 192.168.1.30; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2016-06-06 16:47:27.399 DEBUG [nio-2901-exec-4] o.s.s.access.vote.AffirmativeBased Voter: org.springframework.security.web.access.expression.WebExpressionVoter@3fcae110, returned: -1
2016-06-06 16:47:27.404 DEBUG [nio-2901-exec-4] o.s.s.w.a.ExceptionTranslationFilter Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
解决方法:
你能检查一下“spring-security.xml”中的配置,看看’requires-channel’属性是否设置为https而不是http?如果没有,请将all设置为https并尝试.
关于这个问题的更多信息在这里.
http://docs.spring.io/spring-security/site/faq/faq.html#faq-tomcat-https-session
样品:
<intercept-url pattern="/login.html" access="hasRole('ROLE_ANONYMOUS')" requires-channel="https"/>
<intercept-url pattern="/resources/**" access="permitAll" requires-channel="https"/>
<intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" requires-channel="https"/>
<intercept-url pattern="/rest/**" access="hasRole('ROLE_USER')" requires-channel="https"/>
<intercept-url pattern="/index" access="hasRole('ROLE_USER')" requires-channel="https"/>
<intercept-url pattern="/upload/**" access="hasRole('ROLE_USER')" requires-channel="https"/>
内容总结
以上是互联网集市为您收集整理的java – 为什么我的Spring OAuth2服务器无法使用SSL自签名ssl?全部内容,希望文章能够帮你解决java – 为什么我的Spring OAuth2服务器无法使用SSL自签名ssl?所遇到的程序开发问题。 如果觉得互联网集市技术教程内容还不错,欢迎将互联网集市网站推荐给程序员好友。
内容备注
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 gblab@vip.qq.com 举报,一经查实,本站将立刻删除。
内容手机端
扫描二维码推送至手机访问。