Я использую весенний облачный шлюз в своем проекте и обнаружил, что шлюзу не удалось направить к нисходящему сервису и ответить на состояние 401, а в журнале нижестоящего сервера ресурсов показано, что токен jwt истек в ***,я думаю, что браузер должен перенаправлять на страницу входа, а не отвечать на страницу 401, или обновлять токен будет лучше (я установил тип гранта refresh_token на моем сервере аутентификации, но, похоже, он не работает). эта проблема возникает, когда я устанавливаю небольшой accessTokenValiditySeconds (например, 60-е годы в моем демонстрационном проекте), и я должен ждать, пока истечет время сеанса, тогда браузер будет перенаправлен на страницу входа. Как я могу это исправить? или accessTokenValiditySeconds должен быть установлен большое значение? приветствуется любая помощь.
это журнал шлюза:
2019-10-12 16:27:37.212 TRACE 5655 --- [ctor-http-nio-7] o.s.c.g.h.p.RoutePredicateFactory : Pattern "/rs/**" matches against value "/rs/"
2019-10-12 16:27:37.212 DEBUG 5655 --- [ctor-http-nio-7] o.s.c.g.h.RoutePredicateHandlerMapping : Route matched: rs
2019-10-12 16:27:37.213 DEBUG 5655 --- [ctor-http-nio-7] o.s.c.g.h.RoutePredicateHandlerMapping : Mapping [Exchange: GET http://localhost:20200/rs/] to Route{id='rs', uri=lb://resource-server/, order=0, predicate=Paths: [/rs/**], match trailing slash: true, gatewayFilters=[[org.springframework.cloud.security.oauth2.gateway.TokenRelayGatewayFilterFactory$$Lambda$333/2026873444@33e81b6e, order = 0], [[RemoveRequestHeader name = 'Cookie'], order = 0]]}
2019-10-12 16:27:37.213 DEBUG 5655 --- [ctor-http-nio-7] o.s.c.g.h.RoutePredicateHandlerMapping : [40a745ba] Mapped to org.springframework.cloud.gateway.handler.FilteringWebHandler@205ed470
2019-10-12 16:27:37.213 DEBUG 5655 --- [ctor-http-nio-7] o.s.c.g.handler.FilteringWebHandler : Sorted gatewayFilterFactories: [[GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.RemoveCachedBodyFilter@a1691c0}, order = -2147483648], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.AdaptCachedBodyGlobalFilter@3f8dfe74}, order = -2147482648], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.NettyWriteResponseFilter@5f08fe00}, order = -1], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.ForwardPathFilter@377949f1}, order = 0], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.GatewayMetricsFilter@1a21f43f}, order = 0], [org.springframework.cloud.security.oauth2.gateway.TokenRelayGatewayFilterFactory$$Lambda$333/2026873444@33e81b6e, order = 0], [[RemoveRequestHeader name = 'Cookie'], order = 0], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.RouteToRequestUrlFilter@7c5df615}, order = 10000], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.LoadBalancerClientFilter@6b63abdc}, order = 10100], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.WebsocketRoutingFilter@9df564f}, order = 2147483646], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.NettyRoutingFilter@7b351446}, order = 2147483647], [GatewayFilterAdapter{delegate=org.springframework.cloud.gateway.filter.ForwardRoutingFilter@2f995afc}, order = 2147483647]]
2019-10-12 16:27:47.858 TRACE 5655 --- [ctor-http-nio-7] o.s.c.g.filter.RouteToRequestUrlFilter : RouteToRequestUrlFilter start
2019-10-12 16:27:47.859 TRACE 5655 --- [ctor-http-nio-7] o.s.c.g.filter.LoadBalancerClientFilter : LoadBalancerClientFilter url before: lb://resource-server/rs/
2019-10-12 16:27:47.860 TRACE 5655 --- [ctor-http-nio-7] o.s.c.g.filter.LoadBalancerClientFilter : LoadBalancerClientFilter url chosen: http://172.29.0.33:20300/rs/
2019-10-12 16:27:47.863 TRACE 5655 --- [ctor-http-nio-4] o.s.c.gateway.filter.NettyRoutingFilter : outbound route: aa28700f, inbound: [40a745ba]
2019-10-12 16:27:47.869 TRACE 5655 --- [ctor-http-nio-4] o.s.c.g.filter.NettyWriteResponseFilter : NettyWriteResponseFilter start inbound: aa28700f, outbound: [40a745ba]
2019-10-12 16:27:47.870 TRACE 5655 --- [ctor-http-nio-4] o.s.c.g.filter.GatewayMetricsFilter : gateway.requests tags: [tag(httpMethod=GET),tag(httpStatusCode=401),tag(outcome=CLIENT_ERROR),tag(routeId=rs),tag(routeUri=lb://resource-server/),tag(status=UNAUTHORIZED)]
это журнал сервера ресурсов:
2019-10-12 16:27:47.865 DEBUG 5529 --- [io-20300-exec-9] o.s.security.web.FilterChainProxy : / at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2019-10-12 16:27:47.865 DEBUG 5529 --- [io-20300-exec-9] o.s.security.web.FilterChainProxy : / at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2019-10-12 16:27:47.865 DEBUG 5529 --- [io-20300-exec-9] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2019-10-12 16:27:47.865 DEBUG 5529 --- [io-20300-exec-9] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2019-10-12 16:27:47.865 DEBUG 5529 --- [io-20300-exec-9] o.s.security.web.FilterChainProxy : / at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2019-10-12 16:27:47.866 DEBUG 5529 --- [io-20300-exec-9] o.s.security.web.FilterChainProxy : / at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
2019-10-12 16:27:47.866 DEBUG 5529 --- [io-20300-exec-9] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using org.springframework.security.web.csrf.CsrfFilter$DefaultRequiresCsrfMatcher@118dce83
2019-10-12 16:27:47.866 DEBUG 5529 --- [io-20300-exec-9] o.s.s.w.util.matcher.AndRequestMatcher : Did not match
2019-10-12 16:27:47.866 DEBUG 5529 --- [io-20300-exec-9] o.s.security.web.FilterChainProxy : / at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2019-10-12 16:27:47.866 DEBUG 5529 --- [io-20300-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /' doesn't match 'POST /logout'
2019-10-12 16:27:47.866 DEBUG 5529 --- [io-20300-exec-9] o.s.security.web.FilterChainProxy : / at position 6 of 12 in additional filter chain; firing Filter: 'BearerTokenAuthenticationFilter'
2019-10-12 16:27:47.866 DEBUG 5529 --- [io-20300-exec-9] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider
2019-10-12 16:27:47.868 DEBUG 5529 --- [io-20300-exec-9] .s.a.DefaultAuthenticationEventPublisher : No event was found for the exception org.springframework.security.oauth2.core.OAuth2AuthenticationException
2019-10-12 16:27:47.868 DEBUG 5529 --- [io-20300-exec-9] .o.s.r.w.BearerTokenAuthenticationFilter : Authentication request for failed: org.springframework.security.oauth2.core.OAuth2AuthenticationException: An error occurred while attempting to decode the Jwt: Jwt expired at 2019-10-12T07:55:34Z
2019-10-12 16:27:47.868 DEBUG 5529 --- [io-20300-exec-9] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@27643cdf
2019-10-12 16:27:47.868 DEBUG 5529 --- [io-20300-exec-9] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2019-10-12 16:27:47.868 DEBUG 5529 --- [io-20300-exec-9] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed