spring OAuth2 zuul - 访问令牌已过期，invalid

我有一个spring zuul OAuth2应用程序 .

authServer--

OAuth2ServerConfiguration:

@Configuration
public class  {
    @Bean
    public TokenStore tokenStore() {
        return new InMemoryTokenStore();
    }

    @Configuration
    @EnableResourceServer
    protected static class ResourceServerConfiguration extends
            ResourceServerConfigurerAdapter {

        @Override
        public void configure(ResourceServerSecurityConfigurer resources) {
            resources.resourceId(RESOURCE_ID);
        }

        @Override
        public void configure(HttpSecurity http) throws Exception {            http .authorizeRequests()
                    .antMatchers( "/oauth/authorize/**","/oauth/check_token/**").permitAll()

                    .anyRequest().authenticated();
            // @formatter:on
        }

    }

    @Configuration
    @EnableAuthorizationServer
    protected static class AuthorizationServerConfiguration extends
            AuthorizationServerConfigurerAdapter {

        //private TokenStore tokenStore = new InMemoryTokenStore();
        @Autowired
        @Qualifier("authenticationManagerBean")
        private AuthenticationManager authenticationManager;


        @Autowired
        TokenStore tokenStore;

        @Autowired
        private CustomUserDetailService customUserDetailService;



        @Override
        public void configure(AuthorizationServerEndpointsConfigurer endpoints)
                throws Exception {
            // @formatter:off
            endpoints
                    .tokenStore(this.tokenStore)
                    .authenticationManager(this.authenticationManager)
                    .userDetailsService(customUserDetailService);
            // @formatter:on
        }

        @Override
        public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
            // @formatter:off
            clients
                    .inMemory()
                    .withClient("kksdi2388wmkwe")
                    .authorizedGrantTypes("authorization_code","password", "refresh_token")
                    .scopes("read", "write")
                    .resourceIds("ReadAndWriteResource")
                    .secret("kksd23isdmsisdi2")
                    .autoApprove(true)
                    .accessTokenValiditySeconds(120)
                    .refreshTokenValiditySeconds(1200);
            // @formatter:on
        }

        @Bean
        @Primary
        public DefaultTokenServices tokenServices() {
            DefaultTokenServices tokenServices = new DefaultTokenServices();
            tokenServices.setSupportRefreshToken(true);
            tokenServices.setTokenStore(this.tokenStore);
            return tokenServices;
        }

    }
}

webSecurity：

@Configuration
@EnableWebSecurity
@Order(-20)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

     @Autowired
    private CustomAuthenticationProvider customAuthenticationProvider;



    @Override
     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.authenticationProvider(customAuthenticationProvider);

    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }



    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        http
                .authorizeRequests()
                .antMatchers("/login", "/").permitAll()
                .and()
                .formLogin()
                .loginPage("/login")
                .permitAll()

                .and()
                .csrf().disable()
                .requestMatchers().antMatchers("/login", "/oauth/authorize", "/oauth/confirm_access")
                .and()
                .authorizeRequests().anyRequest().authenticated()
        ;

        // @formatter:on
    }


    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder(11);
    }


}

zuul服务器：

security:
  user:
    password: none
  oauth2:
    client:
      accessTokenUri: http://localhost:9999/uaa/oauth/token
      userAuthorizationUri: http://localhost:9999/uaa/oauth/authorize
      clientId: kksdi2388wmkwe
      clientSecret: kksd23isdmsisdi2
        resource:
      userInfoUri: http://localhost:9999/uaa/user


zuul:
  routes:
    auth-server: /auth-server/**
    resource: /resource/**

zuul app：

@SpringBootApplication
@EnableZuulProxy
@EnableOAuth2Sso
public class Application extends WebSecurityConfigurerAdapter {

  public static void main(String[] args) {
    SpringApplication.run(Application.class, args);
  }

  @Override
  public void configure(HttpSecurity http) throws Exception {


    http
            .logout().permitAll()
            .and().authorizeRequests()
            .mvcMatchers("/login/**").permitAll()
                      .anyRequest().authenticated();
  }


}

problem:

登录后：

可以访问：AuthServer“http：// localhost：8080 / auth-server / uaa / user”和“http：// localhost：8080 / api / test”但是当access_token过期时，可以访问：“http：// localhost：8080 / api / test“，访问AuthServer时”http：// localhost：8080 / auth-server / uaa / user“遇到错误 -

<error_description>
Access token expired: 530c9247-2331-47e3-a6c0-ed61814642f5
</error_description>
<error>invalid_token</error>

我无法从请求标头获取access_token，

怎么解决？

2 回答

0
在检查您的OAUTH服务器应用程序服务器和客户端应用程序服务器时间和时区之前，如果它们在两台不同的计算机中分开，

您的OAUTH服务器配置我认为有一些问题 . OAUTH服务器本身受'BASIC ACCESS AUTHENTICATION'保护：https://en.wikipedia.org/wiki/Basic_access_authentication

在其请求 Headers 上使用令牌：'Authorization'：Basic = Base64.encode（用户名''密码） . 如果您错过了此令牌，则无法访问OAUTH服务器上的任何 endpoints . 我的工作正常，你可以测试一下：
```
@Override
protected void configure(HttpSecurity http) throws Exception {
    // @formatter:off
    http.formLogin().loginPage("/login").permitAll()
            .and().requestMatchers().antMatchers("/login", "/oauth/authorize", "/oauth/confirm_access", "/fonts/**", "/css/**")
            .and().authorizeRequests().antMatchers("/fonts/**", "/css/**").anonymous().anyRequest().authenticated();
    // @formatter:on
}
```
为什么你禁用了csrf保护？
回复于 2024-05-04T07:41:41+08:00

这些是我的令牌存储配置：

@Autowired
    @Qualifier("datasource")
    private DataSource dataSource;

    @Bean
    public TokenStore tokenStore() {
        return new JdbcTokenStore(dataSource);
    }


    @Bean
    protected AuthorizationCodeServices authorizationCodeServices() {
        return new JdbcAuthorizationCodeServices(dataSource);
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer)
            throws Exception {
        oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints)
            throws Exception {
        endpoints.authorizationCodeServices(authorizationCodeServices())
                .authenticationManager(authenticationManager).tokenStore(tokenStore())
                .approvalStoreDisabled();
    }

回复于 2024-05-04T07:41:41+08:00

spring OAuth2 zuul - 访问令牌已过期，invalid_token

2 回答

相关问题