文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >为什么我的Spring服务器不使用OAuth2自签名ssl?

为什么我的Spring服务器不使用OAuth2自签名ssl?
EN

Stack Overflow用户
提问于 2016-06-06 20:21:18
回答 3查看 4.3K关注 0票数 4

我在我的应用程序上使用OAuth 2.0。我有两个使用Spring开发的应用程序,一个是使用url https://192.168.1.30:2999/autenticador的身份验证,另一个是客户机https://192.168.1.30:2901/

当我使用没有SSL (http://192.168.1.30:2999/autenticadorhttps://192.168.1.30:2901/)的服务器时,授权有成功。但是,当我使用自签名证书时我有问题,返回错误401,未经授权的,身份验证失败:无法获得访问令牌。我不知道它是怎么发生的,为什么会发生。

注意:证书在我的计算机上注册,就像可信的一样,然后我看到地址栏绿色。

客户:

代码语言:javascript
复制
@SpringBootApplication
@EnableOAuth2Sso
public class Application {
    public static void main(String[] args) throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException {
        SpringApplication.run(Application.class, args);
    }
}

服务器上的OAuth 2.0配置:

代码语言:javascript
复制
@Configuration
@EnableAuthorizationServer
public class OAuthConfiguration extends AuthorizationServerConfigurerAdapter{
    @Autowired
    private AuthenticationManager authenticationManager;

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
         endpoints.authenticationManager(authenticationManager);
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
        .withClient("client")
        .authorizedGrantTypes("authorization_code")
        .scopes("read", "trust")
        .resourceIds("RESOURCE_ID")
        .secret("secret");
    }
}

以下是在服务器上成功登录后的客户机日志:

代码语言:javascript
复制
  2016-06-06 16:47:27.376  DEBUG  [nio-2901-exec-4]  o.s.security.web.FilterChainProxy          / at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
  2016-06-06 16:47:27.377  DEBUG  [nio-2901-exec-4]  o.s.security.web.FilterChainProxy          / at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
  2016-06-06 16:47:27.378  DEBUG  [nio-2901-exec-4]  w.c.HttpSessionSecurityContextRepository   No HttpSession currently exists
  2016-06-06 16:47:27.378  DEBUG  [nio-2901-exec-4]  w.c.HttpSessionSecurityContextRepository   No SecurityContext was available from the HttpSession: null. A new one will be created.
  2016-06-06 16:47:27.381  DEBUG  [nio-2901-exec-4]  o.s.security.web.FilterChainProxy          / at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
  2016-06-06 16:47:27.382  DEBUG  [nio-2901-exec-4]  o.s.security.web.FilterChainProxy          / at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
  2016-06-06 16:47:27.383  DEBUG  [nio-2901-exec-4]  o.s.security.web.FilterChainProxy          / at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
  2016-06-06 16:47:27.383  DEBUG  [nio-2901-exec-4]  o.s.s.w.u.matcher.AntPathRequestMatcher    Request 'GET /' doesn't match 'POST /logout
  2016-06-06 16:47:27.383  DEBUG  [nio-2901-exec-4]  o.s.security.web.FilterChainProxy          / at position 6 of 12 in additional filter chain; firing Filter: 'OAuth2ClientAuthenticationProcessingFilter'
  2016-06-06 16:47:27.384  DEBUG  [nio-2901-exec-4]  o.s.s.w.u.matcher.AntPathRequestMatcher    Checking match of request : '/'; against '/login'
  2016-06-06 16:47:27.384  DEBUG  [nio-2901-exec-4]  o.s.security.web.FilterChainProxy          / at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
  2016-06-06 16:47:27.384  DEBUG  [nio-2901-exec-4]  o.s.security.web.FilterChainProxy          / at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
  2016-06-06 16:47:27.386  DEBUG  [nio-2901-exec-4]  o.s.security.web.FilterChainProxy          / at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
  2016-06-06 16:47:27.389  DEBUG  [nio-2901-exec-4]  o.s.s.w.a.AnonymousAuthenticationFilter    Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 192.168.1.30; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
  2016-06-06 16:47:27.389  DEBUG  [nio-2901-exec-4]  o.s.security.web.FilterChainProxy          / at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
  2016-06-06 16:47:27.389  DEBUG  [nio-2901-exec-4]  o.s.s.w.session.SessionManagementFilter    Requested session ID CBA2CC9F09D613F91D95FD4764E48A50 is invalid.
  2016-06-06 16:47:27.389  DEBUG  [nio-2901-exec-4]  o.s.security.web.FilterChainProxy          / at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
  2016-06-06 16:47:27.389  DEBUG  [nio-2901-exec-4]  o.s.security.web.FilterChainProxy          / at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
  2016-06-06 16:47:27.390  DEBUG  [nio-2901-exec-4]  o.s.s.w.a.i.FilterSecurityInterceptor      Secure object: FilterInvocation: URL: /; Attributes: [authenticated]
  2016-06-06 16:47:27.390  DEBUG  [nio-2901-exec-4]  o.s.s.w.a.i.FilterSecurityInterceptor      Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 192.168.1.30; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
  2016-06-06 16:47:27.399  DEBUG  [nio-2901-exec-4]  o.s.s.access.vote.AffirmativeBased         Voter: org.springframework.security.web.access.expression.WebExpressionVoter@3fcae110, returned: -1
  2016-06-06 16:47:27.404  DEBUG  [nio-2901-exec-4]  o.s.s.w.a.ExceptionTranslationFilter       Access is denied (user is anonymous); redirecting to authentication entry point

org.springframework.security.access.AccessDeniedException: Access is denied
java
spring
ssl
oauth
spring-boot
EN

回答 3

Stack Overflow用户

发布于 2016-06-14 06:45:36

您能否检查"spring-security.xml"中的配置并查看'requires-channel'属性是否为set to https and not http?如果没有,则将所有设置为https并尝试.。

关于这个问题的更多信息在这里。http://docs.spring.io/spring-security/site/faq/faq.html#faq-tomcat-https-session

示例:

代码语言:javascript
复制
    <intercept-url pattern="/login.html" access="hasRole('ROLE_ANONYMOUS')" requires-channel="https"/>
    <intercept-url pattern="/resources/**" access="permitAll" requires-channel="https"/>
    <intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" requires-channel="https"/>
    <intercept-url pattern="/rest/**" access="hasRole('ROLE_USER')" requires-channel="https"/>
    <intercept-url pattern="/index" access="hasRole('ROLE_USER')" requires-channel="https"/>
    <intercept-url pattern="/upload/**" access="hasRole('ROLE_USER')" requires-channel="https"/>
票数 0
EN

Stack Overflow用户

发布于 2016-06-14 12:00:53

@Ignacio Ocampo发现了这个问题。

问题:

由于我在开发模式下使用的是WSO2身份服务器,并且有一个自签名的证书,所以Java不信任它。而且,在对WSO2端点的某些HTTP请求中,此无效证书导致连接失败。

临时解决办法:

在您的开发模式中关闭SSL检查。

解决方案:

在生产环境中,请确保您的WSO2标识服务器具有有效的证书。

资源地点:

  1. Troubleshooting 401 Unauthorized with x509 (OpenSSL or Self Signed Certificate)
  2. OpenID Connect with the WSO2 Identity Server 4.5.0 & the WSO2 OAuth2 Playground
  3. 401 Unauthorized when using Self-Signed certificate in SharePoint 2013
票数 0
EN

Stack Overflow用户

发布于 2016-06-14 21:05:53

与其拥有自签名证书,不如创建一个本地根CA,然后从它生成SSL证书。确保JVM信任库拥有根CA公钥的副本

票数 0
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/37666218

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档