本文介紹了Spring OAuth2登錄-不允許匿名?的處理方法,對大家解決問題具有一定的參考價值,需要的朋友們下面隨著小編來一起學習吧!
問題描述
按照manual我實現了連接到Facebook圖形API并從用戶檢索信息。當我想要訪問(登錄)Facebook時,出現了這個問題,我收到了這個錯誤:
org.springframework.security.authentication.InsufficientAuthenticationException: Authentication is required to obtain an access token (anonymous not allowed)
at org.springframework.security.oauth2.client.token.AccessTokenProviderChain.obtainAccessToken(AccessTokenProviderChain.java:88) ~[spring-security-oauth2-2.0.7.RELEASE.jar:na]
at org.springframework.security.oauth2.client.OAuth2RestTemplate.acquireAccessToken(OAuth2RestTemplate.java:221) ~[spring-security-oauth2-2.0.7.RELEASE.jar:na]
at org.springframework.security.oauth2.client.OAuth2RestTemplate.getAccessToken(OAuth2RestTemplate.java:173) ~[spring-security-oauth2-2.0.7.RELEASE.jar:na]
at org.springframework.security.oauth2.client.OAuth2RestTemplate.createRequest(OAuth2RestTemplate.java:105) ~[spring-security-oauth2-2.0.7.RELEASE.jar:na]
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:565) ~[spring-web-4.1.6.RELEASE.jar:4.1.6.RELEASE]
at org.springframework.security.oauth2.client.OAuth2RestTemplate.doExecute(OAuth2RestTemplate.java:128) ~[spring-security-oauth2-2.0.7.RELEASE.jar:na]
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:530) ~[spring-web-4.1.6.RELEASE.jar:4.1.6.RELEASE]
at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:237) ~[spring-web-4.1.6.RELEASE.jar:4.1.6.RELEASE]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_25]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_25]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_25]
at java.lang.reflect.Method.invoke(Method.java:483) ~[na:1.8.0_25]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) ~[spring-aop-4.1.6.RELEASE.jar:4.1.6.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) ~[spring-aop-4.1.6.RELEASE.jar:4.1.6.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) ~[spring-aop-4.1.6.RELEASE.jar:4.1.6.RELEASE]
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) ~[spring-aop-4.1.6.RELEASE.jar:4.1.6.RELEASE]
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) ~[spring-aop-4.1.6.RELEASE.jar:4.1.6.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.1.6.RELEASE.jar:4.1.6.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207) ~[spring-aop-4.1.6.RELEASE.jar:4.1.6.RELEASE]
at com.sun.proxy.$Proxy79.getForObject(Unknown Source) ~[na:na]
at com.xxxx.xxxx.controllers.FacebookController.login(FacebookController.java:39) ~[classes/:na]
錯誤清楚地顯示為”不允許匿名用戶獲取訪問令牌”。當然,該用戶是匿名的,并且正在嘗試進行身份驗證。那我該怎么做呢?也許我在控制器上所做的不是正確的登錄方式?
控制器:
@RequestMapping("/facebookLogin")
@ResponseBody
public User login() {
ObjectNode result = facebookRestTemplate
.getForObject(
"https://graph.facebook.com/me/?fields=name,email,third_party_id",
ObjectNode.class);
...
}
我正在使用spring-security:4.0.1.RELEASE和spring-security-oauth2:2.0.7.RELEASE
注意:在此方案中,我使用的是Facebook,但該問題也應該出現在Google、Twitter等網站上。
推薦答案
Hi在tonr2項目中檢查此代碼
https://github.com/spring-projects/spring-security-oauth/blob/master/samples/oauth2/tonr/src/main/java/org/springframework/security/oauth/examples/config/WebMvcConfig.java
@Bean
public OAuth2ProtectedResourceDetails facebook() {
AuthorizationCodeResourceDetails details = new AuthorizationCodeResourceDetails();
details.setId("facebook");
details.setClientId("233668646673605");
details.setClientSecret("33b17e044ee6a4fa383f46ec6e28ea1d");
details.setAccessTokenUri("https://graph.facebook.com/oauth/access_token");
details.setUserAuthorizationUri("https://www.facebook.com/dialog/oauth");
details.setTokenName("oauth_token");
details.setAuthenticationScheme(AuthenticationScheme.query);
details.setClientAuthenticationScheme(AuthenticationScheme.form);
return details;
}
相應地在OAuth2ProtectedResourceDetail上添加您的Facebook憑據。
然后,當您嘗試從Facebook獲取數據時,此Bean將由Spring Security OAuth AuthationProvider引用,一旦FacebookController嘗試訪問FB數據,該數據就會被自動檢測到。
但您必須了解以下配置:
https://github.com/spring-projects/spring-security-oauth/blob/master/samples/oauth2/tonr/src/main/java/org/springframework/security/oauth/examples/config/SecurityConfig.java
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("marissa").password("wombat").roles("USER").and().withUser("sam")
.password("kangaroo").roles("USER");
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.authorizeRequests()
.antMatchers("/sparklr/**","/facebook/**").hasRole("USER")
.anyRequest().permitAll()
.and()
.logout()
.logoutSuccessUrl("/login.jsp")
.permitAll()
.and()
.formLogin()
.loginProcessingUrl("/login")
.loginPage("/login.jsp")
.failureUrl("/login.jsp?authentication_error=true")
.permitAll();
// @formatter:on
}
}
假設您將使用tonr2應用程序,inMemory身份驗證使用用戶”marissa”和密碼”袋熊”在Spring安全上提供身份驗證。因此,在您的UI中,嘗試首先針對Spring Security進行身份驗證。
一旦通過身份驗證,您將擁有”User”角色。只有這一次,您才能訪問名為FaceBookController的資源,該資源試圖從Facebook本身檢索數據,請參閱此代碼段
http.authorizeRequests()
.antMatchers("/sparklr/**","/facebook/**").hasRole("USER")
.anyRequest().permitAll()
.and()
因此只需相應地調整代碼即可。
更新
注意:給定的Spring Security示例應用程序尚未配置為具有動態客戶端密鑰,為了簡單演示,它仍然在OAuth2ProtectedResourceDetail中使用單個密鑰進行硬編碼。從經過身份驗證的Facebook用戶檢索動態Facebook客戶端密鑰需要額外的更多步驟。或者,如果您只想測試Facebook檢索,請將上面的代碼調整為如下所示:
http.authorizeRequests()
.anyRequest().permitAll()
.and()
刪除要求用戶具有角色USER的限制,只允許所有請求,而無需首先在Spring Security上進行身份驗證。
這篇關于Spring OAuth2登錄-不允許匿名?的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,
