我有一个托管在 azure 上的 Spring Boot 应用程序,它使用 azure ad b2c 租户作为 openid 连接提供商。
用户通过 Azure AD B2C 帐户或 Facebook 或 Google 等社交提供商登录后,用户可以访问应用程序重定向 url。 登录后,应用程序可以将用户重定向到自定义策略,这些策略存在于 azure ad b2c 租户中,并通过 openid connect 进行保护,并执行这些策略。
但是,我无法通过 userinfo 端点访问已登录用户的信息,Spring Security 也没有填充Principal 参数。
此外,日志还包含有关 SecurityContext 为空或用户为匿名的错误,即使在用户尝试成功登录后也是如此。
我需要更改什么才能访问经过身份验证的用户信息,例如用户名或电子邮件?
@Controller
public class WebController {
@GetMapping(value = "/home")
public String home(Model model, HttpServletRequest request, Principal principal) {
//Principal is always null
}
我的安全配置类
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
http
.authorizeRequests()
.antMatchers("/home*", "/dev", "/static/**","/customPolicyRedirect/**","/oauth2/**").permitAll()
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.oauth2Login(withDefaults());
}
}
我的应用程序.yml
spring:
data.rest.basePath: /api
jackson.serialization.FAIL_ON_EMPTY_BEANS: false
messages:
basename: localization/messages
security:
require-ssl: false
oauth2:
client:
registration:
azure:
client-id: ${CLIENT_ID}
client-secret: ${CLIENT_SECRET}
authorization-grant-type: authorization_code
redirect-uri: https://myapp.azurewebsites.net/home
scope: openid
client-authentication-method: post
provider:
azure:
authorization-uri: https://thedevmycompany.b2clogin.com/thedevmycompany.onmicrosoft.com /b2c_1a_signinv1_profile/oauth2/v2.0/authorize?ui_entity=srgssr
token-uri: https://thedevmycompany.b2clogin.com/thedevmycompany.onmicrosoft.com/b2c_1a_signinv1_profile/oauth2/v2.0/token
user-info-uri: https://graph.microsoft.com/oidc/userinfo
jwk-set-uri: https://thedevmycompany.b2clogin.com/thedevmycompany.onmicrosoft.com/b2c_1a_signinv1_profile/discovery/v2.0/keys
日志条目:
[..]
Upgrade-Insecure-Requests: 1
X-IMForwards: 20
X-WAWS-Unencoded-URL: /
CLIENT-IP: 217.162.1.240:25323
X-ARR-LOG-ID: 1ad0ee82-3d74-4714-8073-8b715832cee6
DISGUISED-HOST: myapplication.azurewebsites.net
X-SITE-DEPLOYMENT-ID: myapplication
WAS-DEFAULT-HOSTNAME: myapplication.azurewebsites.net
X-Original-URL: /
X-Forwarded-For: 217.162.1.240:25323
]
o.a.t.util.http.Rfc6265CookieProcessor : Cookies: Parsing b[]: JSESSIONID=AA387E7A1BF46B097
o.a.catalina.connector.CoyoteAdapter : Requested cookie session id is AA387E7A1BF46B097
o.a.c.authenticator.AuthenticatorBase : Security checking request GET /
org.apache.catalina.realm.RealmBase : No applicable constraints defined
o.a.c.authenticator.AuthenticatorBase : Not subject to any constraint
o.s.security.web.FilterChainProxy : / at position 1 of 15 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
o.s.security.web.FilterChainProxy : / at position 2 of 15 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
o.s.security.web.FilterChainProxy : / at position 3 of 15 in additional filter chain; firing Filter: 'HeaderWriterFilter'
o.s.security.web.FilterChainProxy : / at position 4 of 15 in additional filter chain; firing Filter: 'CsrfFilter'
o.s.security.web.FilterChainProxy : / at position 5 of 15 in additional filter chain; firing Filter: 'LogoutFilter'
o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /' doesn't match 'POST /logout'
o.s.security.web.FilterChainProxy : / at position 6 of 15 in additional filter chain; firing Filter: 'OAuth2AuthorizationRequestRedirectFilter'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/'; against '/oauth2/authorization/{registrationId}'
org.apache.tomcat.util.http.Parameters : Set encoding to UTF-8
o.s.security.web.FilterChainProxy : / at position 7 of 15 in additional filter chain; firing Filter: 'OAuth2LoginAuthenticationFilter'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/'; against '/login/oauth2/code/*'
o.s.security.web.FilterChainProxy : / at position 8 of 15 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
o.s.security.web.FilterChainProxy : / at position 9 of 15 in additional filter chain; firing Filter: 'DefaultLogoutPageGeneratingFilter'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/'; against '/logout'
o.s.security.web.FilterChainProxy : / at position 10 of 15 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
o.s.s.w.s.HttpSessionRequestCache : saved request doesn't match
o.s.security.web.FilterChainProxy : / at position 11 of 15 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
o.s.security.web.FilterChainProxy : / at position 12 of 15 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@79768278: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 172.16.1.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
o.s.security.web.FilterChainProxy : / at position 13 of 15 in additional filter chain; firing Filter: 'SessionManagementFilter'
o.s.s.w.session.SessionManagementFilter : Requested session ID AA387E7A1BF46B097816689C3E3CC51F is invalid.
o.s.security.web.FilterChainProxy : / at position 14 of 15 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
o.s.security.web.FilterChainProxy : / at position 15 of 15 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/'; against '/home*'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/'; against '/dev'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/'; against '/static/**'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/'; against '/customPolicyRedirect/**'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/'; against '/oauth2/**'
o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /; Attributes: [authenticated]
o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@79768278: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 172.16.1.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@5bc96dec, returned: -1
o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123) ~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90) ~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118) ~[spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:158) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter.doFilterInternal(DefaultLogoutPageGeneratingFilter.java:52) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:216) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.doFilterInternal(OAuth2AuthorizationRequestRedirectFilter.java:160) [spring-security-oauth2-client-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) [spring-security-web-5.3.2.RELEASE.jar!/:5.3.2.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) [spring-web-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) [spring-web-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) [spring-web-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) [spring-web-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) [spring-web-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.6.RELEASE.jar!/:5.2.6.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_242]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_242]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_242]
[..]
o.s.s.w.a.ExceptionTranslationFilter : Calling Authentication entry point.
[..]
s.w.a.DelegatingAuthenticationEntryPoint : Match found! Executing org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint@6aafc904
o.s.s.web.DefaultRedirectStrategy : Redirecting to 'http://myapplication.azurewebsites.net/oauth2/authorization/azure'
o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@5a4e31c9
w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
o.a.tomcat.util.net.SocketWrapperBase : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@5ce93b5a:org.apache.tomcat.util.net.NioChannel@1c9e4d20:java.nio.channels.SocketChannel[connected local=/172.16.1.2:80 remote=/172.16.1.1:12995]], Read from buffer: [0]
o.apache.coyote.http11.Http11Processor : Error parsing HTTP request header
java.io.EOFException: null
at org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper.fillReadBuffer(NioEndpoint.java:1231) ~[tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper.read(NioEndpoint.java:1141) ~[tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.apache.coyote.http11.Http11InputBuffer.fill(Http11InputBuffer.java:780) ~[tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:356) ~[tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:260) ~[tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_242]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_242]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.35.jar!/:9.0.35]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_242]
o.apache.coyote.http11.Http11Processor : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@5ce93b5a:org.apache.tomcat.util.net.NioChannel@1c9e4d20:java.nio.channels.SocketChannel[connected local=/172.16.1.2:80 remote=/172.16.1.1:12995]], Status in: [OPEN_READ], State out: [CLOSED]
o.apache.tomcat.util.threads.LimitLatch : Counting down[http-nio-80-exec-6] latch=1
org.apache.tomcat.util.net.NioEndpoint : Calling [org.apache.tomcat.util.net.NioEndpoint@1e3750d0].closeSocket([org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@5ce93b5a:org.apache.tomcat.util.net.NioChannel@1c9e4d20:java.nio.channels.SocketChannel[connected local=/172.16.1.2:80 remote=/172.16.1.1:12995]])
[nio-80-Acceptor] o.apache.tomcat.util.threads.LimitLatch : Counting up[http-nio-80-Acceptor] latch=1
[p-nio-80-exec-7] o.a.tomcat.util.net.SocketWrapperBase : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@48fcffb4:org.apache.tomcat.util.net.NioChannel@1c9e4d20:java.nio.channels.SocketChannel[connected local=/172.16.1.2:80 remote=/172.16.1.1:12997]], Read from buffer: [0]
[p-nio-80-exec-7] org.apache.tomcat.util.net.NioEndpoint : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@48fcffb4:org.apache.tomcat.util.net.NioChannel@1c9e4d20:java.nio.channels.SocketChannel[connected local=/172.16.1.2:80 remote=/172.16.1.1:12997]], Read direct from socket: [925]
[p-nio-80-exec-7] o.a.coyote.http11.Http11InputBuffer : Received [GET /oauth2/authorization/azure HTTP/1.1
Host: myapplication.azurewebsites.net
X-Client-IP: 217.162.1.240
X-Client-Port: 25323
Connection: Keep-Alive
Via: 1.1 somehost.zh.mycompany.ch:3128 (Cisco-WSA/11.7.1-006)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip
Accept-Language: en-US,en;q=0.5
Cookie: JSESSIONID=686A5DE6AD683B139E6D67176C7E4357
Max-Forwards: 10
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Upgrade-Insecure-Requests: 1
X-IMForwards: 20
X-WAWS-Unencoded-URL: /oauth2/authorization/azure
CLIENT-IP: 217.162.1.240:25323
X-ARR-LOG-ID: a8f1fbf4-fa56-4c56-82ef-cb21370676ee
DISGUISED-HOST: myapplication.azurewebsites.net
X-SITE-DEPLOYMENT-ID: myapplication
WAS-DEFAULT-HOSTNAME: myapplication.azurewebsites.net
X-Original-URL: /oauth2/authorization/azure
X-Forwarded-For: 217.162.1.240:25323
]
o.a.t.util.http.Rfc6265CookieProcessor : Cookies: Parsing b[]: JSESSIONID=686A5DE6AD683B139E6D67176C7E4357
o.a.catalina.connector.CoyoteAdapter : Requested cookie session id is 686A5DE6AD683B139E6D67176C7E4357
o.a.c.authenticator.AuthenticatorBase : Security checking request GET /oauth2/authorization/azure
org.apache.catalina.realm.RealmBase : No applicable constraints defined
o.a.c.authenticator.AuthenticatorBase : Not subject to any constraint
o.s.security.web.FilterChainProxy : /oauth2/authorization/azure at position 1 of 15 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
o.s.security.web.FilterChainProxy : /oauth2/authorization/azure at position 2 of 15 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@463b18db. A new one will be created.
o.s.security.web.FilterChainProxy : /oauth2/authorization/azure at position 3 of 15 in additional filter chain; firing Filter: 'HeaderWriterFilter'
o.s.security.web.FilterChainProxy : /oauth2/authorization/azure at position 4 of 15 in additional filter chain; firing Filter: 'CsrfFilter'
o.s.security.web.FilterChainProxy : /oauth2/authorization/azure at position 5 of 15 in additional filter chain; firing Filter: 'LogoutFilter'
o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /oauth2/authorization/azure' doesn't match 'POST /logout'
o.s.security.web.FilterChainProxy : /oauth2/authorization/azure at position 6 of 15 in additional filter chain; firing Filter: 'OAuth2AuthorizationRequestRedirectFilter'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth2/authorization/azure'; against '/oauth2/authorization/{registrationId}'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth2/authorization/azure'; against '/oauth2/authorization/{registrationId}'
org.apache.tomcat.util.http.Parameters : Set encoding to UTF-8
o.s.s.web.DefaultRedirectStrategy : Redirecting to 'https://thedevmycompany.b2clogin.com/thedevmycompany.onmicrosoft.com/b2c_1a_mettler_signinv1_profile/oauth2/v2.0/authorize?ui_entity=thessr&response_type=code&client_id=c2a5e81c-4b70-4077-b600-9e56cf69be62&scope=openid&state=tQ_6FRRaYbNpAYtgFAPH0U6yI-nTWPAwxT8GSu1tJKA%3D&redirect_uri=https://myapplication.azurewebsites.net/home&nonce=qjuRfc5vV_ajSngIAuhh-V40LUZRvwYkTDUXoUipeg0'
o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@5a4e31c9
w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
o.a.tomcat.util.net.SocketWrapperBase : Socket: [org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@48fcffb4:org.apache.tomcat.util.net.NioChannel@1c9e4d20:java.nio.channels.SocketChannel[connected local=/172.16.1.2:80 remote=/172.16.1.1:12997]], Read from buffer: [0]
你需要询问用户的详细信息,所以我会替换
scope: openid
与:
scope: openid email profile
这将允许电子邮件和用户个人资料详细信息返回给客户。