0
使用以下参考实现了OAuth 2.0实现并能够实现。使用LDAP身份验证确保OAuth 2.0授权服务器的安全
源代码 https://github.com/Baeldung/spring-security-oauth
教程 http://www.baeldung.com/rest-api-spring-oauth2-angularjs
为了确保我们的应用程序更多,使用嵌入式LDAP取代auth.inMemoryAuthentication() with auth.ldapAuthentication()参照 https://spring.io/guides/gs/authenticating-ldap/ 和我们WebSecurityConfigurerAdapter看起来像
@Autowired
public void globalUserDetails(final AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups")
.contextSource(contextSource())
.passwordCompare()
.passwordEncoder(new LdapShaPasswordEncoder())
.passwordAttribute("userPassword");
}
现在身份验证正在成功,但在UI上抛出下面的错误消息。
This XML file does not appear to have any style information associated with it. The document tree is shown below.
<oauth>
<error_description>
Invalid access token: 51a2f56a-7db6-429e-a180-6b872a2ec521
</error_description>
<error>invalid_token</error>
</oauth>
还可以找到以下
2017-08-06 22:45:42.508 DEBUG 13744 --- [nio-8082-exec-2] o.s.jdbc.core.JdbcTemplate : Executing prepared SQL query
2017-08-06 22:45:42.511 DEBUG 13744 --- [nio-8082-exec-2] o.s.jdbc.core.JdbcTemplate : Executing prepared SQL statement [select token_id, token from oauth_access_token where token_id = ?]
2017-08-06 22:45:42.531 DEBUG 13744 --- [nio-8082-exec-2] o.s.jdbc.datasource.DataSourceUtils : Fetching JDBC Connection from DataSource
2017-08-06 22:45:42.532 DEBUG 13744 --- [nio-8082-exec-2] o.s.j.d.DriverManagerDataSource : Creating new JDBC DriverManager Connection to [jdbc:mysql://localhost:3306/auth]
2017-08-06 22:45:43.156 DEBUG 13744 --- [nio-8082-exec-2] o.s.jdbc.datasource.DataSourceUtils : Returning JDBC Connection to DataSource
2017-08-06 22:45:43.166 DEBUG 13744 --- [nio-8082-exec-2] o.s.jdbc.core.JdbcTemplate : Executing prepared SQL query
2017-08-06 22:45:43.166 DEBUG 13744 --- [nio-8082-exec-2] o.s.jdbc.core.JdbcTemplate : Executing prepared SQL statement [select token_id, authentication from oauth_access_token where token_id = ?]
2017-08-06 22:45:43.166 DEBUG 13744 --- [nio-8082-exec-2] o.s.jdbc.datasource.DataSourceUtils : Fetching JDBC Connection from DataSource
2017-08-06 22:45:43.166 DEBUG 13744 --- [nio-8082-exec-2] o.s.j.d.DriverManagerDataSource : Creating new JDBC DriverManager Connection to [jdbc:mysql://localhost:3306/auth]
2017-08-06 22:45:43.185 DEBUG 13744 --- [nio-8082-exec-2] o.a.c.loader.WebappClassLoaderBase : findClass(org.springframework.security.ldap.userdetails.LdapUserDetailsImpl)
2017-08-06 22:45:43.186 DEBUG 13744 --- [nio-8082-exec-2] o.a.c.loader.WebappClassLoaderBase : --> Returning ClassNotFoundException
2017-08-06 22:45:43.187 DEBUG 13744 --- [nio-8082-exec-2] o.a.c.loader.WebappClassLoaderBase : findClass(org.springframework.security.ldap.userdetails$LdapUserDetailsImpl)
2017-08-06 22:45:43.187 DEBUG 13744 --- [nio-8082-exec-2] o.a.c.loader.WebappClassLoaderBase : --> Returning ClassNotFoundException
2017-08-06 22:45:43.188 DEBUG 13744 --- [nio-8082-exec-2] o.s.jdbc.datasource.DataSourceUtils : Returning JDBC Connection to DataSource
2017-08-06 22:45:43.193 WARN 13744 --- [nio-8082-exec-2] o.s.s.o.p.token.store.JdbcTokenStore : Failed to deserialize authentication for 51a2f56a-7db6-429e-a180-6b872a2ec521
java.lang.IllegalArgumentException: java.lang.ClassNotFoundException: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
at org.springframework.security.oauth2.common.util.SerializationUtils.deserialize(SerializationUtils.java:50) ~[spring-security-oauth2-2.0.14.RELEASE.jar:na]
at org.springframework.security.oauth2.provider.token.store.JdbcTokenStore.deserializeAuthentication(JdbcTokenStore.java:405) [spring-security-oauth2-2.0.14.RELEASE.jar:na]
at org.springframework.security.oauth2.provider.token.store.JdbcTokenStore$3.mapRow(JdbcTokenStore.java:198) ~[spring-security-oauth2-2.0.14.RELEASE.jar:na]
at org.springframework.security.oauth2.provider.token.store.JdbcTokenStore$3.mapRow(JdbcTokenStore.java:196) ~[spring-security-oauth2-2.0.14.RELEASE.jar:na]
at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:93) ~[spring-jdbc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:60) ~[spring-jdbc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.jdbc.core.JdbcTemplate$1.doInPreparedStatement(JdbcTemplate.java:697) ~[spring-jdbc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:633) ~[spring-jdbc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:684) ~[spring-jdbc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:716) ~[spring-jdbc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:726) ~[spring-jdbc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.jdbc.core.JdbcTemplate.queryForObject(JdbcTemplate.java:800) ~[spring-jdbc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.security.oauth2.provider.token.store.JdbcTokenStore.readAuthentication(JdbcTokenStore.java:195) [spring-security-oauth2-2.0.14.RELEASE.jar:na]
at org.springframework.security.oauth2.provider.token.store.JdbcTokenStore.readAuthentication(JdbcTokenStore.java:188) [spring-security-oauth2-2.0.14.RELEASE.jar:na]
at org.springframework.security.oauth2.provider.token.DefaultTokenServices.loadAuthentication(DefaultTokenServices.java:238) [spring-security-oauth2-2.0.14.RELEASE.jar:na]
at org.springframework.security.oauth2.provider.token.DefaultTokenServices$$FastClassBySpringCGLIB$$5a1f25c.invoke(<generated>) [spring-security-oauth2-2.0.14.RELEASE.jar:na]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) [spring-core-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:669) [spring-aop-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.security.oauth2.provider.token.DefaultTokenServices$$EnhancerBySpringCGLIB$$b4290941.loadAuthentication(<generated>) [spring-security-oauth2-2.0.14.RELEASE.jar:na]
at org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationManager.authenticate(OAuth2AuthenticationManager.java:83) [spring-security-oauth2-2.0.14.RELEASE.jar:na]
at org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter.doFilter(OAuth2AuthenticationProcessingFilter.java:150) [spring-security-oauth2-2.0.14.RELEASE.jar:na]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:105) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
at com.tcs.springhadoop.ResourceApplication.CorsFilter.doFilter(CorsFilter.java:35) [classes/:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455) [tomcat-embed-core-8.5.15.jar:8.5.15]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-8.5.15.jar:8.5.15]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.8.0_141]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.8.0_141]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.5.15.jar:8.5.15]
at java.lang.Thread.run(Unknown Source) [na:1.8.0_141]
Caused by: java.lang.ClassNotFoundException: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedWebappClassLoader.loadClass(TomcatEmbeddedWebappClassLoader.java:52) ~[spring-boot-1.5.4.RELEASE.jar:1.5.4.RELEASE]
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1119) ~[tomcat-embed-core-8.5.15.jar:8.5.15]
at org.springframework.util.ClassUtils.forName(ClassUtils.java:250) ~[spring-core-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.core.ConfigurableObjectInputStream.resolveClass(ConfigurableObjectInputStream.java:74) ~[spring-core-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source) ~[na:1.8.0_141]
at java.io.ObjectInputStream.readClassDesc(Unknown Source) ~[na:1.8.0_141]
at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source) ~[na:1.8.0_141]
at java.io.ObjectInputStream.readObject0(Unknown Source) ~[na:1.8.0_141]
at java.io.ObjectInputStream.defaultReadFields(Unknown Source) ~[na:1.8.0_141]
at java.io.ObjectInputStream.readSerialData(Unknown Source) ~[na:1.8.0_141]
at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source) ~[na:1.8.0_141]
at java.io.ObjectInputStream.readObject0(Unknown Source) ~[na:1.8.0_141]
at java.io.ObjectInputStream.defaultReadFields(Unknown Source) ~[na:1.8.0_141]
at java.io.ObjectInputStream.readSerialData(Unknown Source) ~[na:1.8.0_141]
at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source) ~[na:1.8.0_141]
at java.io.ObjectInputStream.readObject0(Unknown Source) ~[na:1.8.0_141]
at java.io.ObjectInputStream.readObject(Unknown Source) ~[na:1.8.0_141]
at org.springframework.security.oauth2.common.util.SerializationUtils.deserialize(SerializationUtils.java:43) ~[spring-security-oauth2-2.0.14.RELEASE.jar:na]
2017-08-06 22:56:32.188 DEBUG 13744 --- [nio-8082-exec-3] o.s.jdbc.core.JdbcTemplate : Executing prepared SQL update
2017-08-06 22:56:32.188 DEBUG 13744 --- [nio-8082-exec-3] o.s.jdbc.core.JdbcTemplate : Executing prepared SQL statement [delete from oauth_access_token where token_id = ?]
2017-08-06 22:56:32.188 DEBUG 13744 --- [nio-8082-exec-3] o.s.jdbc.datasource.DataSourceUtils : Fetching JDBC Connection from DataSource
2017-08-06 22:56:32.188 DEBUG 13744 --- [nio-8082-exec-3] o.s.j.d.DriverManagerDataSource : Creating new JDBC DriverManager Connection to [jdbc:mysql://localhost:3306/auth]
2017-08-06 22:56:32.196 DEBUG 13744 --- [nio-8082-exec-3] o.s.jdbc.core.JdbcTemplate : SQL update affected 1 rows
2017-08-06 22:56:32.200 DEBUG 13744 --- [nio-8082-exec-3] o.s.jdbc.datasource.DataSourceUtils : Returning JDBC Connection to DataSource
2017-08-06 22:56:32.200 DEBUG 13744 --- [nio-8082-exec-3] p.a.OAuth2AuthenticationProcessingFilter : Authentication request failed: error="invalid_token", error_description="Invalid access token: f8c3ebb0-5eb0-4170-9437-4d67e2192f37"
2017-08-06 22:56:32.200 DEBUG 13744 --- [nio-8082-exec-3] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2017-08-06 22:56:32.200 DEBUG 13744 --- [nio-8082-exec-3] s.s.o.p.e.DefaultOAuth2ExceptionRenderer : Written [error="invalid_token", error_description="Invalid access token: f8c3ebb0-5eb0-4170-9437-4d67e2192f37"] as "application/xhtml+xml" using [org.springframework.security[email protected]47716661]
2017-08-06 22:56:32.200 DEBUG 13744 --- [nio-8082-exec-3] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
... 72 common frames omitted
错误跟踪堆栈跟踪,然后从数据库中删除访问令牌。请指导我们解决问题。在此先感谢
你确定'spring-security-ldap'依赖在pom.xml中声明吗? – jlumietu