登录后,我被重定向到 redirect_uri,访问令牌附加在浏览器的 URL 上,但我无法访问访问令牌,并且 OAuth2AuthenticationToken 未与上下文安全一起填充
2023-04-01 20:51:49.468 DEBUG 20844 --- [nio-8080-exec-5] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to c.b.b.bat.controller.HomeRestController#index(Model, OAuth2AuthenticationToken)
**2023-04-01 20:51:49.468 INFO 20844 --- [nio-8080-exec-5] c.b.b.bat.controller.HomeRestController : Principal **
2023-04-01 20:51:49.468 DEBUG 20844 --- [nio-8080-exec-5] o.s.w.s.v.ContentNegotiatingViewResolver : Selected '*/*' given [image/webp, image/apng, image/svg+xml, image/*, */*;q=0.8]
2023-04-01 20:51:49.469 DEBUG 20844 --- [nio-8080-exec-5] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2023-04-01 20:51:49.470 DEBUG 20844 --- [nio-8080-exec-5] o.s.web.servlet.DispatcherServlet : Completed 200 OK
2023-04-01 20:51:49.470 DEBUG 20844 --- [nio-8080-exec-5] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2023-04-01 20:51:49.471 DEBUG 20844 --- [nio-8080-exec-5] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
家庭控制器
@GetMapping("/**")
public ModelAndView index(Model model, OAuth2AuthenticationToken authentication) {
ModelAndView mav = new ModelAndView("index");
// mav.addObject("user", authentication.isAuthenticated());//gives error that authentication is null
LOG.info("Principal ", authentication);
return mav;
}
安全配置
@EnableWebSecurity
@Configuration
public class SecurityConfig {
@Value("${spring.security.oauth2.client.registration.xxxx.client-id}")
private String CLIENT_ID;
@Value("${spring.security.oauth2.client.registration.xxxx.client-secret}")
private String CLIENT_SECRET;
@Value("${spring.security.oauth2.client.registration.xxxx.redirect-uri}")
private String REDIRECT_URI;
@Value("${spring.security.oauth2.client.provider.xxxx.authorization-uri}")
private String AUTHORIZATION_URI;
@Value("${spring.security.oauth2.client.registration.xxxx.scope}")
private String SCOPE;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests().antMatchers("/secured", "/bat/secured").authenticated().anyRequest().permitAll();
http.oauth2Login()
.loginProcessingUrl("/process-login")
.defaultSuccessUrl("/secured")
.loginPage(AUTHORIZATION_URI + "?client_id=" + CLIENT_ID + "&response_type=id_token%20token&scope=openid%20profile%20groups&redirect_uri=" + REDIRECT_URI + "&nonce=none&client_secret=" + CLIENT_SECRET);
http.csrf().disable();
return http.build();
}
}