Spring错误持续更新贴......
问题一 |
springcloud-OAuth2.0配置的时候报错 |
Method springSecurityFilterChain in org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration required a bean of type 'org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoRestTemplateFactory' that could not be found. The following candidates were found but could not be injected:
Consider revisiting the entries above or defining a bean of type 'org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoRestTemplateFactory' in your configuration. |
问题原因: (1)做服务器端OAuth,引用了客户端的相关jar,并且还没有配置; |
问题二: |
spring cloud security oauth2.0 默认是禁用Client模式进行授权的;Oauth2.0 client模式无法授权; |
|
问题三: |
密码模式获取token的情况下, Basic校验写错了 |
{ |
解决: 这个一种情况是Basic用户名密码写错了,在拦截器BasicAuthenticationFilter中校验不通过抛出异常 |
问题三:springSeurity明明配置了password授权,但是在做改动的时候提示如下 |
{ |
解答: AuthorizationServerEndpointsConfigurer类中获取所有的granter的时候,需要判断authenticationmananager是否为空,才能默认加载password权限分配器 |
问题四: |
java.lang.IllegalStateException: Cannot apply org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer@6d8b7ea9 to already built object at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.add(AbstractConfiguredSecurityBuilder.java:196) ~[spring-security-config-5.1.4.RELEASE.jar:5.1.4.RELEASE] at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.apply(AbstractConfiguredSecurityBuilder.java:133) ~[spring-security-config-5.1.4.RELEASE.jar:5.1.4.RELEASE] at org.springframework.security.config.annotation.web.builders.HttpSecurity.getOrApply(HttpSecurity.java:1501) ~[spring-security-config-5.1.4.RELEASE.jar:5.1.4.RELEASE] at org.springframework.security.config.annotation.web.builders.HttpSecurity.authorizeRequests(HttpSecurity.java:654) ~[spring-security-config-5.1.4.RELEASE.jar:5.1.4.RELEASE] at org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer.configure(ResourceServerSecurityConfigurer.java:222) ~[spring-security-oauth2-2.3.4.RELEASE.jar:na] at org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer.configure(ResourceServerSecurityConfigurer.java:59) ~[spring-security-oauth2-2.3.4.RELEASE.jar:na] at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.configure(AbstractConfiguredSecurityBuilder.java:384) ~[spring-security-config-5.1.4.RELEASE.jar:5.1.4.RELEASE] at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:330) ~[spring-security-config-5.1.4.RELEASE.jar:5.1.4.RELEASE] at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41) ~[spring-security-config-5.1.4.RELEASE.jar:5.1.4.RELEASE] at org.springframework.security.config.annotation.web.builders.WebSecurity.performBuild(WebSecurity.java:294) ~[spring-security-config-5.1.4.RELEASE.jar:5.1.4.RELEASE] at org.springframework.security.config.annotation.web.builders.WebSecurity.performBuild(WebSecurity.java:79) ~[spring-security-config-5.1.4.RELEASE.jar:5.1.4.RELEASE] at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:334) ~[spring-security-config-5.1.4.RELEASE.jar:5.1.4.RELEASE] at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41) ~[spring-security-config-5.1.4.RELEASE.jar:5.1.4.RELEASE] at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:104) ~[spring-security-config-5.1.4.RELEASE.jar:5.1.4.RELEASE] at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$415a6f9.CGLIB$springSecurityFilterChain$2(<generated>) ~[spring-security-config-5.1.4.RELEASE.jar:5.1.4.RELEASE] at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$415a6f9$$FastClassBySpringCGLIB$$55f25315.invoke(<generated>) ~[spring-security-config-5.1.4.RELEASE.jar:5.1.4.RELEASE] at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244) ~[spring-core-5.1.5.RELEASE.jar:5.1.5.RELEASE] at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:363) ~[spring-context-5.1.5.RELEASE.jar:5.1.5.RELEASE] at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$415a6f9.springSecurityFilterChain(<generated>) ~[spring-security-config-5.1.4.RELEASE.jar:5.1.4.RELEASE] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_162] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_162] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_162] at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_162] at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154) ~[spring-beans-5.1.5.RELEASE.jar:5.1.5.RELEASE] ... 22 common frames omitted |
问题5: |
{ "error": "invalid_token", "error_description": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsidXNlci1zZXJ2aWNlcyJdLCJleHAiOjE1NTg2NzcwNjgsInVzZXJfbmFtZSI6ImFkbWluIiwianRpIjoiYjlkMjY5YjgtOGE4Yi00ZDI1LTk4YzktMzkwNzRlNGNhMzk3IiwiY2xpZW50X2lkIjoibGl4aWFvaGFvIiwic2NvcGUiOlsidXNlciJdfQ.Pa03fAoN0APHQMh5FSUWRtxtQbn5vVN1JQGLu-Ql8k4" } |
解决: 原因多样,总的来说就是去服务器端根据token查询用户信息错误(1)就是token失效等 (2)地址在没有配置ssl的时候使用https等 |
问题6: |
{ "error": "access_denied", "error_description": "Invalid token does not contain resource id (oauth2-resource)" } |
解决: 用户去资源服务器锁清秋的资源标识,在token中不存在; 如你生成的token中可用资源包括 查询用户信息,但是在请求用户信息的时候,它有拦截会查看你token中的标识是否跟自己的标识相同 |
问题7: |
java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens |
解决:请求协议不一致,应该都为http或https |
问题8: |
Caused by: feign.FeignException: status 403 reading OAuthUserService#testautherization() at feign.FeignException.errorStatus(FeignException.java:78) at feign.codec.ErrorDecoder$Default.decode(ErrorDecoder.java:93) at feign.SynchronousMethodHandler.executeAndDecode(SynchronousMethodHandler.java:149) at feign.SynchronousMethodHandler.invoke(SynchronousMethodHandler.java:78) at feign.ReflectiveFeign$FeignInvocationHandler.invoke(ReflectiveFeign.java:103) at com.sun.proxy.$Proxy138.testautherization(Unknown Source) at com.enci.test.server.module.controller.PolicyController.feignRequest(PolicyController.java:151) at com.enci.test.server.module.controller.PolicyController$$FastClassBySpringCGLIB$$c9349f5f.invoke(<generated>) at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:749) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) at org.springframework.aop.framework.adapter.MethodBeforeAdviceInterceptor.invoke(MethodBeforeAdviceInterceptor.java:56) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:93) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688) at com.enci.test.server.module.controller.PolicyController$$EnhancerBySpringCGLIB$$6f5b74e0.feignRequest(<generated>) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:189) at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138) at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:102) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:800) at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1038) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005) ... 102 more |
解决:权限不足, 获取的token中锁允许访问的resource与实际访问的resource信息不匹配,被拒绝访问 |