2. 질의 응답
  3. 액세스 토큰을 요청할 때 500 HTTP 오류 발생 OAuth2 Spring 구현

액세스 토큰을 요청할 때 500 HTTP 오류 발생 OAuth2 Spring 구현

2014-10-20 3 views
1

이것은 Problems redirecting to access token entry point Oauth Token의 순서입니다.액세스 토큰을 요청할 때 500 HTTP 오류 발생 OAuth2 Spring 구현

일부 수정 작업에 도움이되었지만/oauth/token을 가져 오는 동안 권한/사용 권한 오류가 발생했습니다. 나는 Spring 4.0.5.RELEASE, Spring-Security 3.2.5.RELEASE 그리고 2.0.3.RELEASE 대신 Spring-Oauth2 2.0.4-build를 사용하고있다.

오류는 다음과 같으며 진입 점 보안 또는 oauth2 : 권한 부여 서버에 문제가 있다고 생각됩니다. 암호

<oauth2:authorization-server client-details-service-ref="webServiceClientService" 
    token-services-ref="tokenServices" user-approval-page="/oauth/userapproval" 
    error-page="/oauth/error" authorization-endpoint-url="/oauth/authorize" 
    token-endpoint-url="/oauth/token" user-approval-handler-ref="userApprovalHandler" 
    redirect-resolver-ref="resolver"> 
    <oauth2:authorization-code 
     authorization-code-services-ref="codes" /> 
    <oauth2:implicit/> 
    <oauth2:refresh-token/> 
    <oauth2:client-credentials/> 
    <oauth2:password authentication-manager-ref="userAuthenticationManager"/> 
</oauth2:authorization-server>

내 userAuthenticationManager은 다음과 같습니다 : userService이 경우 UserDetailsService의 구현입니다

<sec:authentication-manager alias="userAuthenticationManager"> 
<sec:authentication-provider user-service-ref="userService"> 
<sec:password-encoder ref="passwordEncoder"/> 
</sec:authentication-provider> 
</sec:authentication-manager> 


HTTP Status 500 - Request processing failed; nested exception is error="access_denied", error_description="Error requesting access token." 

org.springframework.web.util.NestedServletException: Request processing failed; nested exception is error="access_denied", error_description="Error requesting access token." 
    org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:973) 
    org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:852) 
    javax.servlet.http.HttpServlet.service(HttpServlet.java:618) 
    org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:837) 
    javax.servlet.http.HttpServlet.service(HttpServlet.java:725) 
    org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) 
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) 
    org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118) 
    org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) 
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
    org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter.doFilter(OAuth2ClientContextFilter.java:57) 
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
    org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) 
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
    org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) 
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
    org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) 
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
    org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) 
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
    org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) 
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
    org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) 
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
    org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) 
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
    org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:85) 
    org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
    org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) 
    org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
    org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) 
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) 
    org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) 
    org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) 
    org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) 
    org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261) 
    org.apache.logging.log4j.core.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:66)

은 여기 내 인증 서버 설정입니다.

패턴 = "/ oauth/token"에 대해 사용자 롤에 정의한 access = "hasAuthority ('OAUTH_CLIENT')"액세스 권한이 있습니다. 세션 생성 세션 = "stateless"및 my authentication-manager-ref = "oauthClientAuthenticationManager"입니다. oauthClientAuthenticationManager는 UserDetailsService 구현 인 인증 공급자 user-service-ref = "clientDetailsUserService"를 가지고 있습니다. 엔트리 포인트 참조 = "oauthAuthenticationEntryPoint"(org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoin t 및 영역 또는 TypeName을 변경하지 않습니다.

도 있습니다. clientAuthenticationEntryPoint는 OAuth2AuthenticationEntryPoint이기도하지만 realName이 기본 oauth를 reamins하는 동안 typeName은 Basic으로 설정되어 있습니다.

는 또한 clientCredentialsTokenEndpointFilter가 oauthClientAuthenticationManager와 org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpoi ntFilter가 인증 매니저입니다 
<sec:custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER" /><sec:access-denied-handler ref="oauthAccessDeniedHandler" /> 
<sec:expression-handler ref="webSecurityExpressionHandler" />

을 설정합니다. 

<sec:authentication-manager id="oauthClientAuthenticationManager"> 
<sec:authentication-provider user-serviceref="clientDetailsUserService"> </sec:authentication-provider> 
</sec:authentication-manager>

는 또한 

<sec:access-denied-handler ref="oauthAccessDeniedHandler" /> 
<sec:expression-handler ref="webSecurityExpressionHandler" />

oauthAccessDeniedHandler = org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler

있습니다. 는 그리고 webSecurityExpressionHandler = org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpress ionHandler

또한 내 진입 점은 다음과 같다 :

<beans:bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter"> 
    <beans:property name="authenticationManager" ref="oauthClientAuthenticationManager"/> 
</beans:bean>
: 

<sec:http use-expressions="true" create-session="stateless" 
    authentication-manager-ref="oauthClientAuthenticationManager" 
    entry-point-ref="oauthAuthenticationEntryPoint" pattern="/oauth/token"> 
    <sec:intercept-url pattern="/oauth/token" access="hasAuthority('OAUTH_CLIENT')" /> 
    <!-- <sec:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" /> --> 
    <!-- <sec:http-basic entry-point-ref="oauthAuthenticationEntryPoint"/> --> 
    <sec:http-basic entry-point-ref="clientAuthenticationEntryPoint"/> 
    <!-- <sec:http-basic/> --> 
    <sec:anonymous enabled="false" /> 
    <sec:custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER" /> 
    <sec:access-denied-handler ref="oauthAccessDeniedHandler" /> 
    <sec:expression-handler ref="webSecurityExpressionHandler" /> 
    <!-- <sec:custom-filter ref="corsFilter" after="LAST"/> --> 
</sec:http>

clientCredentialsTokenEndpointFilter는 다음과 같이 정의되는 경우 

<sec:authentication-manager id="oauthClientAuthenticationManager"> 
    <sec:authentication-provider user-service-ref="clientDetailsUserService"> 
    </sec:authentication-provider> 
</sec:authentication-manager> 

<beans:bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService"> 
     <beans:constructor-arg ref="webServiceClientService" /> 
    </beans:bean>

거기에 어떤 제안이 있습니까? 감사.

출처

2014-10-20 Carlos Antunes

+0

스택 추적은 클라이언트 응용 프로그램의 권한입니까? 인증 서버 (/ oauth/토큰 엔드 포인트를 호스트하는 인증 서버)는 어떻습니까? –

답변

0

나는 당신의 스프링 버전을 의심하고있다. Spring 4.0.5.RELEASE, Spring-Security 3.2.5.해제. Check Spring 4.0.5는 Spring-Security 3.2.5에 적합합니다. 스프링 4.0.5를 3.xx.xx 등급으로 내려야한다고 생각합니다.

출처

2014-10-20 08:25:56 Thuta

+1

사례가 없습니다. 그들은 호환이 잘되고 잘 작동합니다. –

관련 문제

 관련 문제