我正在将具有Okta OAuth2登录功能的Spring Boot应用程序部署到Wildfly19。在部署过程中,我收到以下错误:
{"WFLYCTL0062: Composite operation failed and was rolled back. Steps
that failed:" => {"Operation step-2" => {"WFLYCTL0080: Failed services" => {"jbo
ss.deployment.subunit.\"OktaSpringBootDemoEAR.ear\".\"OktaSpringBootDemo.war\".u
ndertow-deployment" => "java.lang.RuntimeException: org.springframework.beans.fa
ctory.UnsatisfiedDependencyException: Error creating bean with name 'codeFlowExa
mpleApplication.WebConfig': Unsatisfied dependency expressed through method 'set
ContentNegotationStrategy' parameter 0; nested exception is org.springframework.
beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org
.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration$EnableWe
bMvcConfiguration': Unsatisfied dependency expressed through method 'setConfigur
ers' parameter 0; nested exception is org.springframework.beans.factory.Unsatisf
iedDependencyException: Error creating bean with name 'org.springframework.secur
ity.config.annotation.web.configuration.OAuth2ClientConfiguration$OAuth2ClientWe
bMvcSecurityConfiguration': Unsatisfied dependency expressed through method 'set
ClientRegistrationRepository' parameter 0; nested exception is org.springframewo
rk.beans.factory.BeanCreationException: Error creating bean with name 'clientReg
istrationRepository' defined in class path resource [org/springframework/boot/au
toconfigure/security/oauth2/client/servlet/OAuth2ClientRegistrationRepositoryCon
figuration.class]: Bean instantiation via factory method failed; nested exceptio
n is org.springframework.beans.BeanInstantiationException: Failed to instantiate
[org.springframework.security.oauth2.client.registration.InMemoryClientRegistra
tionRepository]: Factory method 'clientRegistrationRepository' threw exception;
nested exception is java.lang.IllegalArgumentException: Unable to resolve Config
uration with the provided Issuer of \"https://dev-494336.okta.com/oauth2/default
\"
Caused by: java.lang.RuntimeException: org.springframework.beans.factory.Uns
atisfiedDependencyException: Error creating bean with name 'codeFlowExampleAppli
cation.WebConfig': Unsatisfied dependency expressed through method 'setContentNe
gotationStrategy' parameter 0; nested exception is org.springframework.beans.fac
tory.UnsatisfiedDependencyException: Error creating bean with name 'org.springfr
amework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration$EnableWebMvcConfi
guration': Unsatisfied dependency expressed through method 'setConfigurers' para
meter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDepend
encyException: Error creating bean with name 'org.springframework.security.confi
g.annotation.web.configuration.OAuth2ClientConfiguration$OAuth2ClientWebMvcSecur
ityConfiguration': Unsatisfied dependency expressed through method 'setClientReg
istrationRepository' parameter 0; nested exception is org.springframework.beans.
factory.BeanCreationException: Error creating bean with name 'clientRegistration
Repository' defined in class path resource [org/springframework/boot/autoconfigu
re/security/oauth2/client/servlet/OAuth2ClientRegistrationRepositoryConfiguratio
n.class]: Bean instantiation via factory method failed; nested exception is org.
springframework.beans.BeanInstantiationException: Failed to instantiate [org.spr
ingframework.security.oauth2.client.registration.InMemoryClientRegistrationRepos
itory]: Factory method 'clientRegistrationRepository' threw exception; nested ex
ception is java.lang.IllegalArgumentException: Unable to resolve Configuration w
ith the provided Issuer of \"https://dev-494336.okta.com/oauth2/default\"
Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException:
Error creating bean with name 'codeFlowExampleApplication.WebConfig': Unsatisfi
ed dependency expressed through method 'setContentNegotationStrategy' parameter
0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyEx
ception: Error creating bean with name 'org.springframework.boot.autoconfigure.w
eb.servlet.WebMvcAutoConfiguration$EnableWebMvcConfiguration': Unsatisfied depen
dency expressed through method 'setConfigurers' parameter 0; nested exception is
org.springframework.beans.factory.UnsatisfiedDependencyException: Error creatin
g bean with name 'org.springframework.security.config.annotation.web.configurati
on.OAuth2ClientConfiguration$OAuth2ClientWebMvcSecurityConfiguration': Unsatisfi
ed dependency expressed through method 'setClientRegistrationRepository' paramet
er 0; nested exception is org.springframework.beans.factory.BeanCreationExceptio
n: Error creating bean with name 'clientRegistrationRepository' defined in class
path resource [org/springframework/boot/autoconfigure/security/oauth2/client/se
rvlet/OAuth2ClientRegistrationRepositoryConfiguration.class]: Bean instantiation
via factory method failed; nested exception is org.springframework.beans.BeanIn
stantiationException: Failed to instantiate [org.springframework.security.oauth2
.client.registration.InMemoryClientRegistrationRepository]: Factory method 'clie
ntRegistrationRepository' threw exception; nested exception is java.lang.Illegal
ArgumentException: Unable to resolve Configuration with the provided Issuer of \
"https://dev-494336.okta.com/oauth2/default\"
Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException:
Error creating bean with name 'org.springframework.boot.autoconfigure.web.servl
et.WebMvcAutoConfiguration$EnableWebMvcConfiguration': Unsatisfied dependency ex
pressed through method 'setConfigurers' parameter 0; nested exception is org.spr
ingframework.beans.factory.UnsatisfiedDependencyException: Error creating bean w
ith name 'org.springframework.security.config.annotation.web.configuration.OAuth
2ClientConfiguration$OAuth2ClientWebMvcSecurityConfiguration': Unsatisfied depen
dency expressed through method 'setClientRegistrationRepository' parameter 0; ne
sted exception is org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'clientRegistrationRepository' defined in class path re
source [org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OA
uth2ClientRegistrationRepositoryConfiguration.class]: Bean instantiation via fac
tory method failed; nested exception is org.springframework.beans.BeanInstantiat
ionException: Failed to instantiate [org.springframework.security.oauth2.client.
registration.InMemoryClientRegistrationRepository]: Factory method 'clientRegist
rationRepository' threw exception; nested exception is java.lang.IllegalArgument
Exception: Unable to resolve Configuration with the provided Issuer of \"https:/
/dev-494336.okta.com/oauth2/default\"
Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException:
Error creating bean with name 'org.springframework.security.config.annotation.w
eb.configuration.OAuth2ClientConfiguration$OAuth2ClientWebMvcSecurityConfigurati
on': Unsatisfied dependency expressed through method 'setClientRegistrationRepos
itory' parameter 0; nested exception is org.springframework.beans.factory.BeanCr
eationException: Error creating bean with name 'clientRegistrationRepository' de
fined in class path resource [org/springframework/boot/autoconfigure/security/oa
uth2/client/servlet/OAuth2ClientRegistrationRepositoryConfiguration.class]: Bean
instantiation via factory method failed; nested exception is org.springframewor
k.beans.BeanInstantiationException: Failed to instantiate [org.springframework.s
ecurity.oauth2.client.registration.InMemoryClientRegistrationRepository]: Factor
y method 'clientRegistrationRepository' threw exception; nested exception is jav
a.lang.IllegalArgumentException: Unable to resolve Configuration with the provid
ed Issuer of \"https://dev-494336.okta.com/oauth2/default\"
Caused by: org.springframework.beans.factory.BeanCreationException: Error cr
eating bean with name 'clientRegistrationRepository' defined in class path resou
rce [org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth
2ClientRegistrationRepositoryConfiguration.class]: Bean instantiation via factor
y method failed; nested exception is org.springframework.beans.BeanInstantiation
Exception: Failed to instantiate [org.springframework.security.oauth2.client.reg
istration.InMemoryClientRegistrationRepository]: Factory method 'clientRegistrat
ionRepository' threw exception; nested exception is java.lang.IllegalArgumentExc
eption: Unable to resolve Configuration with the provided Issuer of \"https://de
v-494336.okta.com/oauth2/default\"
Caused by: org.springframework.beans.BeanInstantiationException: Failed to i
nstantiate [org.springframework.security.oauth2.client.registration.InMemoryClie
ntRegistrationRepository]: Factory method 'clientRegistrationRepository' threw e
xception; nested exception is java.lang.IllegalArgumentException: Unable to reso
lve Configuration with the provided Issuer of \"https://dev-494336.okta.com/oaut
h2/default\"
Caused by: java.lang.IllegalArgumentException: Unable to resolve Configurati
on with the provided Issuer of \"https://dev-494336.okta.com/oauth2/default\"
Caused by: org.springframework.web.client.ResourceAccessException: I/O error
on GET request for \"https://dev-494336.okta.com/oauth2/default/.well-known/ope
nid-configuration\": sun.security.validator.ValidatorException: PKIX path buildi
ng failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target; nested exception is javax.ne
t.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX pat
h building failed: sun.security.provider.certpath.SunCertPathBuilderException: u
nable to find valid certification path to requested target
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.Valid
atorException: PKIX path building failed: sun.security.provider.certpath.SunCert
PathBuilderException: unable to find valid certification path to requested targe
t
Caused by: sun.security.validator.ValidatorException: PKIX path building fai
led: sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unabl
e to find valid certification path to requested target"}}}}
下面是我的application.properties文件:
okta.oauth2.issuer=https://dev-494336.okta.com/oauth2/default
okta.oauth2.client-id=<my client id>
okta.oauth2.client-secret=<my client secret>
okta.oauth2.redirect-uri=/authorization-code/callback
okta.oauth2.scopes=profile,email,openid
okta.oauth2.postLogoutRedirectUri=https://<myUrl>/OktaSpringBootDemo
server.use-forward-headers=true
spring.security.oauth2.client.provider.okta.user-name-attribute=email
Okta配置:
Allowed Grant Types: Authorization Code
Application Type: Web
Login redirect URIs: https://<myUrl>/OktaSpringBootDemo/authorization-code/callback
Logout redirect URIs: https://<myUrl>/OktaSpringBootDemo
Login initiated by: App Only
Initiate login URI: https://<myUrl>/OktaSpringBootDemo
我的授权服务器是Okta提供的默认服务器
Name: default
Audience: api://default
Issuer URI: https://dev-494336.okta.com/oauth2/default
Metadata URI: https://dev-494336.okta.com/oauth2/default/.well-known/oauth-authorization-server
我在网上看到有关需要修改的可选证书链字段的帖子,但是在Okta Dev Console的任何地方都看不到。我还尝试将okta证书添加到我的密钥库和cacerts文件中,但那里没有解决方案。此应用程序可以在我的本地Wildfly服务器上正常运行,并且使用localhost:8080作为URL。
我通过从okta.com下载公共证书并将其添加到jre/lib/security/下的cacerts文件中解决了此问题。然后,我重新启动服务器并成功部署。