Pac4j 一段时间后重定向到白页

Question

我正在使用 Keycloak、Pac4j 和 Shiro...

我不知道，但过了一会儿我得到一个白页并重定向到： http://localhost:8080/oauth/callback?client_name=KeycloakOidcClient&session_state=ec6f1a5c-a992-4f66-8d7e-277d05e6cc1a&iss=http%3A%2F%2Flocalhost%3A9009%2Fauth%2Frealms%2Fgixx&code=2e14eabd-7e63-4400 -a340- b6062690d97c.ec6f1a5c-a992-4f66-8d7e-277d05e6cc1a.db37becc-2ebe-4d5c-9b28-238e59ba9b73

代币选项卡：

它目前是我项目的一个亮点。

这是我的 shiro.ini：

[main]
#### Session
sessionIdCookie=org.apache.shiro.web.servlet.SimpleCookie
sessionIdCookie.path = /
sessionIdCookie.httpOnly = true
sessionIdCookie.name = sid
sessionIdCookie.domain = localhost
sessionIdCookie.maxAge=36000000
sessionIdCookie.secure = true
sessionIdCookie.sameSite = LAX

sessionManager =org.apache.shiro.web.session.mgt.DefaultWebSessionManager
sessionManager.sessionIdCookie =$sessionIdCookie
sessionManager.sessionIdCookieEnabled =true
securityManager.sessionManager= $sessionManager

# 3,600,000 milliseconds = 1 hour -> set to 10 hours
sessionManager.globalSessionTimeout= 36000000



#Keycloack
oidcConfig = org.pac4j.oidc.config.KeycloakOidcConfiguration
oidcConfig.realm = gixx
oidcConfig.baseUri = http://localhost:9009/auth
oidcConfig.discoveryURI = http://localhost:9009/auth/realms/myapp/.well-known/openid-configuration
oidcConfig.clientId = myapp-frontend
oidcConfig.secret = XXXXXXXXXXXXXXX
oidcConfig.clientAuthenticationMethodAsString = client_secret_basic
oidcConfig.useNonce = false
oidcConfig.scope = openid
oidcConfig.responseType = code
oidcConfig.withState = false
oidcConfig.disablePkce = true

keycloakOidClient = org.pac4j.oidc.client.KeycloakOidcClient
keycloakOidClient.name = KeycloakOidcClient
keycloakOidClient.configuration = $oidcConfig


roleAdminAuthGenerator = de.dpunkt.myaktion.util.shiropac4j.Pac4jRoleAdminAuthGenerator
keycloakOidClient.authorizationGenerator = $roleAdminAuthGenerator

clients = org.pac4j.core.client.Clients
clients.callbackUrl = http://localhost:8080/oauth/callback
clients.clients = $keycloakOidClient

pac4jRealm = io.buji.pac4j.realm.Pac4jRealm
pac4jRealm.principalNameAttribute = preferred_username

pac4jSubjectFactory = io.buji.pac4j.subject.Pac4jSubjectFactory
securityManager.subjectFactory = $pac4jSubjectFactory

config = org.pac4j.core.config.Config
config.clients = $clients


oidcSecurityFilter = org.pac4j.jee.filter.SecurityFilter
oidcSecurityFilter.config = $config
oidcSecurityFilter.clients = KeycloakOidcClient

customAuthorizer = de.dpunkt.myaktion.util.shiropac4j.Pac4jCustomAuthorizer
config.authorizers = authorizerCustom:$customAuthorizer

oidcSecurityFilter.authorizers = authorizerCustom

### Callback Filters
callbackFilter = org.pac4j.jee.filter.CallbackFilter
callbackFilter.config = $config

customCallbackLogic = de.dpunkt.myaktion.util.shiropac4j.Pac4jForceDefaultURLCallbackLogic
callbackFilter.callbackLogic = $customCallbackLogic

ajaxRequestResolver = org.pac4j.core.http.ajax.DefaultAjaxRequestResolver
ajaxRequestResolver.addRedirectionUrlAsHeader = true
keycloakOidClient.ajaxRequestResolver = $ajaxRequestResolver

logoutFilter = org.pac4j.jee.filter.LogoutFilter
logoutFilter.config = $config
logoutFilter.localLogout = true
logoutFilter.centralLogout = true
logoutFilter.destroySession = true


# AuthStrategy
#authenticator = org.apache.shiro.authc.pam.ModularRealmAuthenticator
authcStrategy = org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy

authenticator = org.apache.shiro.authc.pam.ModularRealmAuthenticator
securityManager.authenticator = $authenticator
securityManager.authenticator.authenticationStrategy = $authcStrategy
securityManager.realms = $pac4jRealm

# Caching
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager

# Using default form based security filter org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authc = org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authc.loginUrl = /common/login.jsf

anyofpermission = com.myapp.util.shiropac4j.CustomPermissionsAuthorizationFilter

# Protected URLs
[urls]

## PAC4J Filter
/oauth/callback = callbackFilter
/oauth/logout = logoutFilter

堆栈跟踪：

21:11:28,820 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /oauth/callback: jakarta.servlet.ServletException: org.pac4j.core.exception.TechnicalException: Bad token response, error=invalid_grant, description=Code not valid
    at deployment.myapp.war//org.apache.shiro.web.servlet.AdviceFilter.cleanup(AdviceFilter.java:196)
    at deployment.myapp.war//org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:148)
    at deployment.myapp.war//org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:154)
    at deployment.myapp.war//org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
    at deployment.myapp.war//org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:458)
    at deployment.myapp.war//org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:373)
    at deployment.myapp.war//org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
    at deployment.myapp.war//org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
    at deployment.myapp.war//org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387)
    at deployment.myapp.war//org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:370)
    at deployment.myapp.war//org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:154)
    at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
    at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
    at [email protected]//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
    at [email protected]//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
    at [email protected]//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
    at [email protected]//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
    at [email protected]//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.lambda$handleRequest$1(ElytronRunAsHandler.java:68)
    at [email protected]//org.wildfly.security.auth.server.FlexibleIdentityAssociation.runAsFunctionEx(FlexibleIdentityAssociation.java:103)
    at [email protected]//org.wildfly.security.auth.server.Scoped.runAsFunctionEx(Scoped.java:161)
    at [email protected]//org.wildfly.security.auth.server.Scoped.runAs(Scoped.java:73)
    at [email protected]//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.handleRequest(ElytronRunAsHandler.java:67)
    at [email protected]//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
    at [email protected]//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
    at [email protected]//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
    at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at [email protected]//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
    at [email protected]//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
    at [email protected]//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
    at org.wildfly.security.elytron-web.undertow-server-servlet@4.0.0.Final//org.wildfly.elytron.web.undertow.server.servlet.CleanUpHandler.handleRequest(CleanUpHandler.java:38)
    at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at [email protected]//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:44)
    at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at [email protected]//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:51)
    at [email protected]//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
    at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:276)
    at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
    at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:132)
    at [email protected]//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
    at [email protected]//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
    at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1413)
    at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1413)
    at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1413)
    at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1413)
    at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1413)
    at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:256)
    at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:101)
    at [email protected]//io.undertow.server.Connectors.executeRootHandler(Connectors.java:393)
    at [email protected]//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:859)
    at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
    at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
    at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
    at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
    at [email protected]//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282)
    at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: org.pac4j.core.exception.TechnicalException: Bad token response, error=invalid_grant, description=Code not valid
    at deployment.myapp.war//org.pac4j.oidc.credentials.authenticator.OidcAuthenticator.executeTokenRequest(OidcAuthenticator.java:206)
    at deployment.myapp.war//org.pac4j.oidc.credentials.authenticator.OidcAuthenticator.validate(OidcAuthenticator.java:165)
    at deployment.myapp.war//org.pac4j.core.client.BaseClient.lambda$retrieveCredentials$0(BaseClient.java:75)
    at java.base/java.util.Optional.ifPresent(Optional.java:183)
    at deployment.myapp.war//org.pac4j.core.client.BaseClient.retrieveCredentials(BaseClient.java:72)
    at deployment.myapp.war//org.pac4j.core.client.IndirectClient.getCredentials(IndirectClient.java:145)
    at deployment.myapp.war//org.pac4j.core.engine.DefaultCallbackLogic.perform(DefaultCallbackLogic.java:75)
    at deployment.myapp.war//org.pac4j.jee.filter.CallbackFilter.internalFilter(CallbackFilter.java:71)
    at deployment.myapp.war//org.pac4j.jee.config.AbstractConfigFilter.doFilter(AbstractConfigFilter.java:72)
    at deployment.myapp.war//org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
    at deployment.myapp.war//org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
    at deployment.myapp.war//org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
    ... 54 more

Keycloak 中的设置：

有什么想法吗？

Answer 1

在客户端，您会收到以下错误：“令牌响应错误，错误=invalid_grant，描述=代码无效”。看起来这是 Keycloak 返回的错误：您在 Keycloak 日志中看到更多吗？该代码是否使用了两次或多次？代码验证是否需要太多时间？

Pac4j 一段时间后重定向到白页

问题描述投票：0回答：1

1个回答

最新问题

Pac4j 一段时间后重定向到白页

问题描述 投票：0回答：1

1个回答

最新问题

问题描述投票：0回答：1