1. ホーム
  2. 質問と答え
  3. java + spring security oauthトークンが404ページで返されない

java + spring security oauthトークンが404ページで返されない

2015-10-30 28 views
8

誰もが、すでに同様の種類の問題に対する解決策があることを認識していますが、この質問は異なります。java + spring security oauthトークンが404ページで返されない

私はlinkプレゼントも読んでいますが、解決策は私には当てはまりませんでした。

私の質問は、oauth2.0を使用してJava + Spring + Jerseyウェブサービスアプリケーションを保護しようとしており、spring-security-oauth2ライブラリバージョンを使用しています。

/oauth/tokenに電話するたびに、アプリケーションはヘッダー(client_secret, client_id and grant_type)の下に示された詳細を確認しますが、クライアントは正常に認証されますが、404ページが見つかりませんでした。以下

  1. web.xmlの

    <?xml version="1.0" encoding="UTF-8"?> 
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns="http://java.sun.com/xml/ns/javaee" 
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 
    version="2.5"> 
    <listener> 
     <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
    </listener> 
    <context-param> 
     <param-name>contextConfigLocation</param-name> 
     <param-value>WEB-INF/spring/dispatcher-servlet.xml</param-value> 
    </context-param> 

    <servlet> 
     <servlet-name>jersey-servlet</servlet-name> 
     <servlet-class>com.sun.jersey.spi.spring.container.servlet.SpringServlet</servlet-class> 
     <init-param> 
      <param-name>com.sun.jersey.config.property.packages</param-name> 
      <param-value>com.tprivity.babycenter.ws</param-value> 
     </init-param> 
     <init-param> 
      <param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name> 
      <param-value>true</param-value> 
     </init-param> 
     <load-on-startup>1</load-on-startup> 
    </servlet> 
    <servlet-mapping> 
     <servlet-name>jersey-servlet</servlet-name> 
     <url-pattern>/*</url-pattern> 
    </servlet-mapping> 

    <filter> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
    </filter> 
    <filter-mapping> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <url-pattern>/*</url-pattern> 
    </filter-mapping> 
</web-app>

  2. ディスパッチャ-servlet.xml

    <?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop" 
    xmlns:context="http://www.springframework.org/schema/context" 
    xmlns:jdbc="http://www.springframework.org/schema/jdbc" xmlns:oauth2="http://www.springframework.org/schema/security/oauth2" 
    xmlns:p="http://www.springframework.org/schema/p" xmlns:security="http://www.springframework.org/schema/security" 
    xmlns:tx="http://www.springframework.org/schema/tx" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd 
     http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.2.xsd 
     http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd 
     http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.2.xsd 
     http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd 
     http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd 
     http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd"> 

    <security:http pattern="/oauth/token" create-session="stateless" 
     authentication-manager-ref="authenticationManager"> 
     <security:intercept-url pattern="/oauth/token" 
      access="IS_AUTHENTICATED_FULLY" /> 
     <security:anonymous enabled="false" /> 
     <security:http-basic entry-point-ref="clientAuthenticationEntryPoint" /> 
     <security:custom-filter ref="clientCredentialsTokenEndpointFilter" 
      before="BASIC_AUTH_FILTER" /> 
     <security:access-denied-handler ref="oauthAccessDeniedHandler" /> 
    </security:http> 

    <security:http pattern="/ws/**" create-session="never" 
     authentication-manager-ref="authenticationManager" entry-point-ref="oauthAuthenticationEntryPoint"> 
     <security:anonymous enabled="false" /> 
     <security:intercept-url pattern="/ws/**" 
      method="GET" access="IS_AUTHENTICATED_FULLY" /> 
     <security:intercept-url pattern="/ws/**" 
      method="POST" access="IS_AUTHENTICATED_FULLY" /> 
     <security:custom-filter ref="resourceServerFilter" 
      before="PRE_AUTH_FILTER" /> 
     <security:access-denied-handler ref="oauthAccessDeniedHandler" /> 
    </security:http> 

    <bean id="oauthAuthenticationEntryPoint" 
     class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint"> 
    </bean> 

    <bean id="clientAuthenticationEntryPoint" 
     class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint"> 
     <property name="realmName" value="springsec/client" /> 
     <property name="typeName" value="Basic" /> 
    </bean> 

    <bean id="oauthAccessDeniedHandler" 
     class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" /> 


    <bean id="clientCredentialsTokenEndpointFilter" 
     class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter"> 
     <property name="authenticationManager" ref="authenticationManager" /> 
    </bean> 

    <security:authentication-manager alias="authenticationManager"> 
     <security:authentication-provider 
      user-service-ref="clientDetailsUserService" /> 
    </security:authentication-manager> 

    <bean id="clientDetailsUserService" 
     class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService"> 
     <constructor-arg ref="clientDetails" /> 
    </bean> 

    <bean id="clientDetails" 
     class="org.springframework.security.oauth2.provider.client.JdbcClientDetailsService"> 
     <constructor-arg index="0"> 
      <ref bean="dataSource" /> 
     </constructor-arg> 
    </bean> 

    <security:authentication-manager id="userAuthenticationManager"> 
     <security:authentication-provider 
      ref="customUserAuthenticationProvider" /> 
    </security:authentication-manager> 

    <bean id="customUserAuthenticationProvider" 
     class="com.tprivity.babycenter.ws.security.CustomUserAuthenticationProvider"> 
    </bean> 

    <!-- Authorization Server Configuration of the server is used to provide 
     implementations of the client details service and token services and to enable 
     or disable certain aspects of the mechanism globally. --> 
    <oauth2:authorization-server 
     client-details-service-ref="clientDetails" token-services-ref="tokenServices" 
     user-approval-handler-ref="userApprovalHandler"> 
     <oauth2:authorization-code /> 
     <oauth2:implicit /> 
     <oauth2:refresh-token /> 
     <oauth2:client-credentials /> 
     <oauth2:password authentication-manager-ref="userAuthenticationManager" /> 
    </oauth2:authorization-server> 

    <oauth2:resource-server id="resourceServerFilter" 
     resource-id="springsec" token-services-ref="tokenServices" /> 

    <bean id="tokenStore" 
     class="org.springframework.security.oauth2.provider.token.store.JdbcTokenStore"> 
     <constructor-arg name="dataSource" ref="dataSource"></constructor-arg> 
    </bean> 

    <!-- Configure Authentication manager --> 
    <bean id="passwordEncoder" 
     class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"> 
     <constructor-arg name="strength" value="11" /> 
    </bean> 

    <!-- Grants access if only grant (or abstain) votes were received. We can 
     protect REST resource methods with JSR-250 annotations such as @RolesAllowed --> 
    <bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased"> 
     <property name="decisionVoters"> 
      <list> 
       <bean class="org.springframework.security.access.annotation.Jsr250Voter" /> 
      </list> 
     </property> 
    </bean> 

    <bean id="tokenServices" 
     class="org.springframework.security.oauth2.provider.token.DefaultTokenServices"> 
     <property name="tokenStore" ref="tokenStore" /> 
     <property name="supportRefreshToken" value="true" /> 
     <property name="accessTokenValiditySeconds" value="120"></property> 
     <property name="clientDetailsService" ref="clientDetails" /> 
    </bean> 

    <!-- A user approval handler that remembers approval decisions by consulting 
     existing tokens --> 
    <bean id="oAuth2RequestFactory" 
     class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory"> 
     <constructor-arg ref="clientDetails" /> 
    </bean> 

    <bean id="userApprovalHandler" 
     class="org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler"> 
     <property name="requestFactory" ref="oAuth2RequestFactory" /> 
     <property name="tokenStore" ref="tokenStore" /> 
    </bean> 
</beans>

同じのログです:ここ

は、以下の構成であります。

DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] - <Checking match of request : '/oauth/token'; against '/oauth/token'> 
DEBUG [org.springframework.security.web.FilterChainProxy] - </oauth/token at position 1 of 7 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'> 
DEBUG [org.springframework.security.web.FilterChainProxy] - </oauth/token at position 2 of 7 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'> 
DEBUG [org.springframework.security.web.FilterChainProxy] - </oauth/token at position 3 of 7 in additional filter chain; firing Filter: 'ClientCredentialsTokenEndpointFilter'> 
DEBUG [org.springframework.security.web.FilterChainProxy] - </oauth/token at position 4 of 7 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'> 
DEBUG [org.springframework.security.web.authentication.www.BasicAuthenticationFilter] - <Basic Authentication Authorization header found for user 'bccws'> 
DEBUG [org.springframework.security.authentication.ProviderManager] - <Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider> 
WARN [org.springframework.context.support.ResourceBundleMessageSource] - <ResourceBundle [messages] not found for MessageSource: Can't find bundle for base name messages, locale en_US> 
WARN [org.springframework.context.support.ResourceBundleMessageSource] - <ResourceBundle [labels] not found for MessageSource: Can't find bundle for base name labels, locale en_US> 
WARN [org.springframework.context.support.ResourceBundleMessageSource] - <ResourceBundle [errors] not found for MessageSource: Can't find bundle for base name errors, locale en_US> 
DEBUG [org.springframework.jdbc.core.JdbcTemplate] - <Executing prepared SQL query> 
DEBUG [org.springframework.jdbc.core.JdbcTemplate] - <Executing prepared SQL statement [select client_id, client_secret, resource_ids, scope, authorized_grant_types, web_server_redirect_uri, authorities, access_token_validity, refresh_token_validity, additional_information, autoapprove from oauth_client_details where client_id = ?]> 
DEBUG [org.springframework.jdbc.datasource.DataSourceUtils] - <Fetching JDBC Connection from DataSource> 
DEBUG [org.springframework.jdbc.datasource.DataSourceUtils] - <Returning JDBC Connection to DataSource> 
DEBUG [org.springframework.security.web.authentication.www.BasicAuthenticationFilter] - <Authentication success: org.springframew[email protected]f9d8c511: Principal: [email protected]: Username: bccws; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ADMIN> 
DEBUG [org.springframework.security.web.FilterChainProxy] - </oauth/token at position 5 of 7 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'> 
DEBUG [org.springframework.security.web.FilterChainProxy] - </oauth/token at position 6 of 7 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'> 
DEBUG [org.springframework.security.web.FilterChainProxy] - </oauth/token at position 7 of 7 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'> 
DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] - <Checking match of request : '/oauth/token'; against '/oauth/token'> 
DEBUG [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] - <Secure object: FilterInvocation: URL: /oauth/token; Attributes: [IS_AUTHENTICATED_FULLY]> 
DEBUG [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] - <Previously Authenticated: org.springframew[email protected]f9d8c511: Principal: [email protected]: Username: bccws; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ADMIN> 
DEBUG [org.springframework.security.access.vote.AffirmativeBased] - <Voter: [email protected], returned: 0> 
DEBUG [org.springframework.security.access.vote.AffirmativeBased] - <Voter: [email protected]bbb3, returned: 1> 
DEBUG [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] - <Authorization successful> 
DEBUG [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] - <RunAsManager did not change Authentication object> 
DEBUG [org.springframework.security.web.FilterChainProxy] - </oauth/token reached end of additional filter chain; proceeding with original chain> 
DEBUG [org.springframework.security.web.access.ExceptionTranslationFilter] - <Chain processed normally> 
DEBUG [org.springframework.security.web.context.SecurityContextPersistenceFilter] - <SecurityContextHolder now cleared, as request processing completed>

私はまだ問題を見ていますが、解決策はありません。どんな助けもありがとう。

出典

2015-10-30 Vivek Singh

+0

として、あなたのWebアプリケーション(例えば。実行可能バージョン)の関連部分のソースコードをアップロードすることは可能でしょうか?私は何が間違っているかもしれないかについていくつかのアイデアを持っていますが、デバッグすることができないと確かに伝えるのは難しいです。 –

答えて

2

これは、セキュリティフィルタのコンテキストにoauth/token endpointがない場合に発生します。 springSecurityFilterChain

<filter> 
<filter-name>springSecurityFilterChain</filter-name> 
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
<init-param> 
    <param-name>contextAttribute</param-name> 
    <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher</param-value> 
</init-param> 


<filter-mapping> 
<filter-name>springSecurityFilterChain</filter-name> 
<url-pattern>/*</url-pattern>

出典

2015-11-04 14:04:55 Imrank

0

を登録中のシーンの後ろに起こって物事が/のOAuth /トークン要求は、エンドポイント以下で提供する必要があるということであるweb.xmlにコンテキスト属性を追加してみてくださいクラス

http://docs.spring.io/spring-security/oauth/xref/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.html

@RequestMapping(value = "/oauth/token") 
public ResponseEntity<OAuth2AccessToken> getAccessToken(Principal principal, @RequestParam

TokenEndpointインスタンスは、 oauth2:authorization-server タグで作成されます。 ログからは、クライアントとユーザーの資格情報が、ログに記録されているすべてのセキュリティフィルターの検証に合格しています。 その後、リクエストはMVC WebフレームワークによってTokenEndpointに渡されるはずですが、そうではないようです。

何が起きているのかを確認するには、org.springframework.webトレースログを有効にする必要があります。

web.xmlをチェックすると、/ oauth /トークンのバインディングをSpring MVC Dispatcher Servletに設定する必要があります。

このような

<servlet> 
    <servlet-name>spring-mvc</servlet-name> 
    <servlet-class>org.springframework.web.servlet.DispatcherServlet 
    </servlet-class> 
    <init-param> 
     <param-name>contextConfigLocation</param-name> 
     <param-value>/WEB-INF/spring/webmvc-config.xml</param-value> 
    </init-param> 
    <load-on-startup>1</load-on-startup> 
</servlet> 

<servlet-mapping> 
    <servlet-name>spring-mvc</servlet-name> 
    <url-pattern>/oauth/*</url-pattern> 
</servlet-mapping>

出典

2015-12-16 10:58:30 Popeye

+0

これは私の問題を解決しません。 –

関連する問題

 関連する問題