@Override
protected void configure( HttpSecurity http ) throws Exception
{
http
.antMatcher( "/**" )
.authorizeRequests()
.antMatchers( HttpMethod.OPTIONS, "/" ).permitAll()
.antMatchers( HttpMethod.GET, "/app/**" ).permitAll()
.antMatchers( LOGIN_DESTINATION ).permitAll()
.anyRequest().authenticated()
.and()
.oauth2Login()
.successHandler( oAuth2AuthenticationSuccessHandler )
.and()
.sessionManagement()
.sessionCreationPolicy( SessionCreationPolicy.STATELESS );
}
В настоящее время у меня настроено приложение Spring Boot, настроенное следующим образом ..., которое в настоящее время перенаправляет на мой сервер аутентификации, что позволяет мне нормально проходить аутентификацию, а затем перенаправляет обратно в мое приложение, готовое к следующей части танца аутентификации.
По сути, я дошел до части 3) вот из того, что я могу сказать.
Мой входящий URL выглядит как запрос GET для:
http://localhost:8080/login?code=[redacted]
Насколько я понимаю, это URL-адрес безопасности Spring по умолчанию, который теперь должен быть включен в фильтр для выполнения следующей части танца безопасности. Тем не менее, в моем приложении эта страница в настоящее время 404 'с белым экраном смерти, как показано ниже:
Следует отметить, что запрос GET на /login без параметров инициирует страницу входа в систему безопасности Spring по умолчанию - так что независимо от того, что происходит за кулисами, ЭТА часть рукопожатия безопасности работает нормально.
Хотите знать, как / где / почему этот URL-адрес разрешается по-разному в контексте пружинных фильтров, и как заставить его выполнить следующий фрагмент рукопожатия автоматически. Похоже, что где-то в моей конфигурации безопасности, когда у /login есть параметры, то есть ?code=blah, возникает 404.
Правильно или неправильно. Некоторые вещи в моем приложении актуальны:
@EnableOAuth2Client добавлено в основной класс приложения. Возможно, это должно быть @EnableOAuth2Sso? или мне нужно вручную зарегистрировать фильтр?
ниже приложения yml config
security:
oauth2:
client:
registration:
myclient:
clientId: [clientidredacted]
clientSecret: [redacted]
authorization-grant-type: authorization_code
redirect-uri: '{baseUrl}/login'
provider:
propertypal:
authorizationUri: https://auth.authserver.com/oauth/authorize
tokenUri: https://auth.authserver.com/oauth/token
Вывод журнала:
2019-06-25 10:58:50.985 DEBUG 4166 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Request '/login' matched by universal pattern '/**'
2019-06-25 10:58:50.985 DEBUG 4166 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /login at position 1 of 15 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2019-06-25 10:58:50.985 DEBUG 4166 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /login at position 2 of 15 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2019-06-25 10:58:50.985 DEBUG 4166 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /login at position 3 of 15 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2019-06-25 10:58:50.985 DEBUG 4166 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /login at position 4 of 15 in additional filter chain; firing Filter: 'CsrfFilter'
2019-06-25 10:58:50.985 DEBUG 4166 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /login at position 5 of 15 in additional filter chain; firing Filter: 'LogoutFilter'
2019-06-25 10:58:50.986 DEBUG 4166 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /login' doesn't match 'POST /logout'
2019-06-25 10:58:50.986 DEBUG 4166 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /login at position 6 of 15 in additional filter chain; firing Filter: 'OAuth2AuthorizationRequestRedirectFilter'
2019-06-25 10:58:50.986 DEBUG 4166 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login'; against '/oauth2/authorization/{registrationId}'
2019-06-25 10:58:50.986 DEBUG 4166 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /login at position 7 of 15 in additional filter chain; firing Filter: 'OAuth2LoginAuthenticationFilter'
2019-06-25 10:58:50.986 DEBUG 4166 --- [nio-8080-exec-9] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using Ant [pattern='/login/oauth2/code/*']
2019-06-25 10:58:50.986 DEBUG 4166 --- [nio-8080-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login'; against '/login/oauth2/code/*'
2019-06-25 10:58:50.986 DEBUG 4166 --- [nio-8080-exec-9] o.s.s.w.util.matcher.AndRequestMatcher : Did not match
2019-06-25 10:58:50.986 DEBUG 4166 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : /login at position 8 of 15 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
2019-06-25 10:58:50.986 DEBUG 4166 --- [nio-8080-exec-9] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@3dba75bf
2019-06-25 10:58:50.986 DEBUG 4166 --- [nio-8080-exec-9] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2019-06-25 10:58:52.962 DEBUG 4166 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Request '/login' matched by universal pattern '/**'
2019-06-25 10:58:52.962 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /login?code=[redacted]&state=[redacted] at position 1 of 15 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2019-06-25 10:58:52.962 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /login?code=[redacted]&state=[redacted] at position 2 of 15 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2019-06-25 10:58:52.962 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /login?code=[redacted]&state=[redacted] at position 3 of 15 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2019-06-25 10:58:52.962 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /login?code=[redacted]&state=[redacted] at position 4 of 15 in additional filter chain; firing Filter: 'CsrfFilter'
2019-06-25 10:58:52.962 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /login?code=[redacted]&state=[redacted] at position 5 of 15 in additional filter chain; firing Filter: 'LogoutFilter'
2019-06-25 10:58:52.962 DEBUG 4166 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /login' doesn't match 'POST /logout'
2019-06-25 10:58:52.962 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /login?code=[redacted]&state=[redacted] at position 6 of 15 in additional filter chain; firing Filter: 'OAuth2AuthorizationRequestRedirectFilter'
2019-06-25 10:58:52.962 DEBUG 4166 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login'; against '/oauth2/authorization/{registrationId}'
2019-06-25 10:58:52.962 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /login?code=[redacted]&state=[redacted] at position 7 of 15 in additional filter chain; firing Filter: 'OAuth2LoginAuthenticationFilter'
2019-06-25 10:58:52.962 DEBUG 4166 --- [io-8080-exec-10] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using Ant [pattern='/login/oauth2/code/*']
2019-06-25 10:58:52.962 DEBUG 4166 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login'; against '/login/oauth2/code/*'
2019-06-25 10:58:52.962 DEBUG 4166 --- [io-8080-exec-10] o.s.s.w.util.matcher.AndRequestMatcher : Did not match
2019-06-25 10:58:52.962 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /login?code=[redacted]&state=[redacted] at position 8 of 15 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
2019-06-25 10:58:52.962 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /login?code=[redacted]&state=[redacted] at position 9 of 15 in additional filter chain; firing Filter: 'DefaultLogoutPageGeneratingFilter'
2019-06-25 10:58:52.963 DEBUG 4166 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login'; against '/logout'
2019-06-25 10:58:52.963 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /login?code=[redacted]&state=[redacted] at position 10 of 15 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2019-06-25 10:58:52.963 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /login?code=[redacted]&state=[redacted] at position 11 of 15 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2019-06-25 10:58:52.963 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /login?code=[redacted]&state=[redacted] at position 12 of 15 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2019-06-25 10:58:52.963 DEBUG 4166 --- [io-8080-exec-10] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6bc44a5c: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 7AE9900602736997387E290E40F7986C; Granted Authorities: ROLE_ANONYMOUS'
2019-06-25 10:58:52.963 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /login?code=[redacted]&state=[redacted] at position 13 of 15 in additional filter chain; firing Filter: 'SessionManagementFilter'
2019-06-25 10:58:52.963 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /login?code=[redacted]&state=[redacted] at position 14 of 15 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2019-06-25 10:58:52.963 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /login?code=[redacted]&state=[redacted] at position 15 of 15 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2019-06-25 10:58:52.963 DEBUG 4166 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /login' doesn't match 'OPTIONS /'
2019-06-25 10:58:52.963 DEBUG 4166 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login'; against '/app/**'
2019-06-25 10:58:52.963 DEBUG 4166 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login'; against '/login'
2019-06-25 10:58:52.963 DEBUG 4166 --- [io-8080-exec-10] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /login?code=[redacted]&state=[redacted]; Attributes: [permitAll]
2019-06-25 10:58:52.963 DEBUG 4166 --- [io-8080-exec-10] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6bc44a5c: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 7AE9900602736997387E290E40F7986C; Granted Authorities: ROLE_ANONYMOUS
2019-06-25 10:58:52.963 DEBUG 4166 --- [io-8080-exec-10] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2b3f7dfc, returned: 1
2019-06-25 10:58:52.963 DEBUG 4166 --- [io-8080-exec-10] o.s.s.w.a.i.FilterSecurityInterceptor : Authorization successful
2019-06-25 10:58:52.964 DEBUG 4166 --- [io-8080-exec-10] o.s.s.w.a.i.FilterSecurityInterceptor : RunAsManager did not change Authentication object
2019-06-25 10:58:52.964 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /login?code=[redacted]&state=[redacted] reached end of additional filter chain; proceeding with original chain
2019-06-25 10:58:52.965 WARN 4166 --- [io-8080-exec-10] o.s.web.servlet.PageNotFound : No mapping for GET /login
2019-06-25 10:58:52.965 DEBUG 4166 --- [io-8080-exec-10] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@3dba75bf
2019-06-25 10:58:52.966 DEBUG 4166 --- [io-8080-exec-10] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
2019-06-25 10:58:52.966 DEBUG 4166 --- [io-8080-exec-10] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2019-06-25 10:58:52.966 DEBUG 4166 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Request '/error' matched by universal pattern '/**'
2019-06-25 10:58:52.966 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /error?code=[redacted]&state=[redacted] at position 1 of 15 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2019-06-25 10:58:52.966 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /error?code=[redacted]&state=[redacted] at position 2 of 15 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2019-06-25 10:58:52.966 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /error?code=[redacted]&state=[redacted] at position 3 of 15 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2019-06-25 10:58:52.966 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /error?code=[redacted]&state=[redacted] at position 4 of 15 in additional filter chain; firing Filter: 'CsrfFilter'
2019-06-25 10:58:52.966 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /error?code=[redacted]&state=[redacted] at position 5 of 15 in additional filter chain; firing Filter: 'LogoutFilter'
2019-06-25 10:58:52.966 DEBUG 4166 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /error' doesn't match 'POST /logout'
2019-06-25 10:58:52.966 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /error?code=[redacted]&state=[redacted] at position 6 of 15 in additional filter chain; firing Filter: 'OAuth2AuthorizationRequestRedirectFilter'
2019-06-25 10:58:52.966 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /error?code=[redacted]&state=[redacted] at position 7 of 15 in additional filter chain; firing Filter: 'OAuth2LoginAuthenticationFilter'
2019-06-25 10:58:52.966 DEBUG 4166 --- [io-8080-exec-10] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using Ant [pattern='/login/oauth2/code/*']
2019-06-25 10:58:52.966 DEBUG 4166 --- [io-8080-exec-10] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/login/oauth2/code/*'
2019-06-25 10:58:52.966 DEBUG 4166 --- [io-8080-exec-10] o.s.s.w.util.matcher.AndRequestMatcher : Did not match
2019-06-25 10:58:52.966 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /error?code=[redacted]&state=[redacted] at position 8 of 15 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
2019-06-25 10:58:52.967 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /error?code=[redacted]&state=[redacted] at position 9 of 15 in additional filter chain; firing Filter: 'DefaultLogoutPageGeneratingFilter'
2019-06-25 10:58:52.967 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /error?code=[redacted]&state=[redacted] at position 10 of 15 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2019-06-25 10:58:52.967 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /error?code=[redacted]&state=[redacted] at position 11 of 15 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2019-06-25 10:58:52.967 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /error?code=[redacted]&state=[redacted] at position 12 of 15 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2019-06-25 10:58:52.967 DEBUG 4166 --- [io-8080-exec-10] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6bc44a5c: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffc7f0c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 7AE9900602736997387E290E40F7986C; Granted Authorities: ROLE_ANONYMOUS'
2019-06-25 10:58:52.967 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /error?code=[redacted]&state=[redacted] at position 13 of 15 in additional filter chain; firing Filter: 'SessionManagementFilter'
2019-06-25 10:58:52.967 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /error?code=[redacted]&state=[redacted] at position 14 of 15 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2019-06-25 10:58:52.967 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /error?code=[redacted]&state=[redacted] at position 15 of 15 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2019-06-25 10:58:52.967 DEBUG 4166 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy : /error?code=[redacted]&state=[redacted] reached end of additional filter chain; proceeding with original chain
2019-06-25 10:58:52.970 DEBUG 4166 --- [io-8080-exec-10] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
2019-06-25 10:58:52.970 DEBUG 4166 --- [io-8080-exec-10] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed