[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 401 null

Question

[invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 401 null

Closed this issue 5 years ago · 15 comments

登录授权完成之后，就报这个错了。我觉得应该是我服务端配的有问题，但是找不到user/me这个路径在哪

Answer 1 · 2019-06-08T02:25:16.000Z

测试后未发现描述中的问题，
把显示截图以及错误日志粘贴上来看看

Answer 2 · 2019-06-10T01:23:26.000Z

org.springframework.security.oauth2.core.OAuth2AuthenticationException: [invalid_user_info_response] An error occurred while attempting to retrieve the UserInfo Resource: 401 null at org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService.loadUser(DefaultOAuth2UserService.java:126) ~[spring-security-oauth2-client-5.1.5.RELEASE.jar:5.1.5.RELEASE] at org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider.authenticate(OAuth2LoginAuthenticationProvider.java:116) ~[spring-security-oauth2-client-5.1.5.RELEASE.jar:5.1.5.RELEASE] at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:175) ~[spring-security-core-5.1.5.RELEASE.jar:5.1.5.RELEASE] at org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter.attemptAuthentication(OAuth2LoginAuthenticationFilter.java:186) ~[spring-security-oauth2-client-5.1.5.RELEASE.jar:5.1.5.RELEASE] at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) ~[spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE] at org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.doFilterInternal(OAuth2AuthorizationRequestRedirectFilter.java:160) [spring-security-oauth2-client-5.1.5.RELEASE.jar:5.1.5.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE] at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:74) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE] at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE] at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE] at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE] at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE] at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) [spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE] at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) [spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.19.jar:9.0.19] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.19.jar:9.0.19] at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.19.jar:9.0.19] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.19.jar:9.0.19] at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92) [spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.19.jar:9.0.19] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.19.jar:9.0.19] at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) [spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.19.jar:9.0.19] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.19.jar:9.0.19] at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:117) [spring-boot-actuator-2.1.5.RELEASE.jar:2.1.5.RELEASE] at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:106) [spring-boot-actuator-2.1.5.RELEASE.jar:2.1.5.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.19.jar:9.0.19] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.19.jar:9.0.19] at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) [spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.19.jar:9.0.19] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.19.jar:9.0.19] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200) [tomcat-embed-core-9.0.19.jar:9.0.19] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-9.0.19.jar:9.0.19] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490) [tomcat-embed-core-9.0.19.jar:9.0.19] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) [tomcat-embed-core-9.0.19.jar:9.0.19] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [tomcat-embed-core-9.0.19.jar:9.0.19] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [tomcat-embed-core-9.0.19.jar:9.0.19] at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678) [tomcat-embed-core-9.0.19.jar:9.0.19] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-embed-core-9.0.19.jar:9.0.19] at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) [tomcat-embed-core-9.0.19.jar:9.0.19] at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-9.0.19.jar:9.0.19] at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:836) [tomcat-embed-core-9.0.19.jar:9.0.19] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1747) [tomcat-embed-core-9.0.19.jar:9.0.19] at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.19.jar:9.0.19] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_201] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_201] at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.19.jar:9.0.19] at java.lang.Thread.run(Thread.java:748) [na:1.8.0_201] Caused by: org.springframework.web.client.HttpClientErrorException$Unauthorized: 401 null at org.springframework.web.client.HttpClientErrorException.create(HttpClientErrorException.java:81) ~[spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE] at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:122) ~[spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE] at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:102) ~[spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE] at org.springframework.security.oauth2.client.http.OAuth2ErrorResponseErrorHandler.handleError(OAuth2ErrorResponseErrorHandler.java:52) ~[spring-security-oauth2-client-5.1.5.RELEASE.jar:5.1.5.RELEASE] at org.springframework.web.client.ResponseErrorHandler.handleError(ResponseErrorHandler.java:63) ~[spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE] at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:778) ~[spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE] at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:736) ~[spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE] at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:647) ~[spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE] at org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService.loadUser(DefaultOAuth2UserService.java:108) ~[spring-security-oauth2-client-5.1.5.RELEASE.jar:5.1.5.RELEASE] ... 62 common frames omitted

Answer 3 · 2019-06-10T02:54:29.000Z

1、你用的哪个Oauth2 server？
2、oauth2-client/src/main/resources/application.properties 中的spring.security.oauth2.client.provider.sso-provider.user-info-uri=http://server.sso.com/user/me配置改了没有，这个是要和单点登录中心匹配

Answer 4 · 2019-06-10T06:31:51.000Z

2的配置我已经改了的。用的server是我自己写的server，就报上面的错了。
然后我用您写的oauth2-sever作为服务（client也是用的您写的，就只改了配置），在访问授权确认?的页面点击同意一直停留在这个页面没有跳转。f12看redirect_url的请求是有的，也有code值，就是http状态是302。理论上不应该是跳到securedPage.html吗？

Answer 5 · 2019-06-10T10:07:22.000Z

如果用你写的oauth2 server的话，你写一个/user/me地址，返回一个包含用户基本信息的map就可以；
如果用我写的oauth2 server，你需要本地配置域名代理，要不然两个cookie会覆盖，会认为重新登录，一直在请求授权；
理论上授权成功到securedPage.html。

Answer 6 · 2019-06-10T12:25:56.000Z

确实迭代中出了小bug,你更新代码再试试

Answer 7 · 2019-06-11T02:17:56.000Z

我配了hosts和nginx，但是还是一直停留在访问授权确认?的页面

Answer 8 · 2019-06-11T02:43:16.000Z

我又测试了没问题的，server和client的日志都发一下

Answer 9 · 2019-06-11T02:54:38.000Z

server日志：
`2019-06-11 10:53:18.421 INFO 13856 --- [io-10380-exec-2] c.r.s.oauth2.server.WebRequestLogAspect : 192.168.243.193
Request from = 127.0.0.1;
uri = http://server.sso.com/signIn;
request method = GET;
content type = null;
request parameters = {};
request body = null;

2019-06-11 10:53:18.429 INFO 13856 --- [io-10380-exec-2] c.r.s.oauth2.server.WebRequestLogAspect : 192.168.243.193 Response from server :
"signIn"
2019-06-11 10:53:19.048 INFO 13856 --- [io-10380-exec-7] c.r.s.oauth2.server.WebRequestLogAspect : 192.168.243.193
Request from = 127.0.0.1;
uri = http://server.sso.com/captcha/graph;
request method = GET;
content type = null;
request parameters = {};
request body = null;

not found captcha.ttf .
try to load IBMPlexSans-Thin.ttf .
2019-06-11 10:53:19.127 INFO 13856 --- [io-10380-exec-7] c.r.s.oauth2.server.WebRequestLogAspect : 192.168.243.193 Response from server :
{"graphUrl":"/captcha/graph/print?graphId=48499e30-2add-4a3b-9410-a5bba2bebd70","graphId":"48499e30-2add-4a3b-9410-a5bba2bebd70","ttl":300,"status":1}
2019-06-11 10:53:19.163 INFO 13856 --- [io-10380-exec-8] c.r.s.oauth2.server.WebRequestLogAspect : 192.168.243.193
Request from = 127.0.0.1;
uri = http://server.sso.com/captcha/graph/print;
request method = GET;
content type = null;
request parameters = {"graphId":"[48499e30-2add-4a3b-9410-a5bba2bebd70]"};
request body = null;

2019-06-11 10:53:19.295 INFO 13856 --- [io-10380-exec-8] c.r.s.oauth2.server.WebRequestLogAspect : 192.168.243.193 Response from server :
null
2019-06-11 10:53:27.773 INFO 13856 --- [io-10380-exec-9] c.r.s.oauth2.server.WebRequestLogAspect : 192.168.243.193
Request from = 127.0.0.1;
uri = http://server.sso.com/captcha/graph;
request method = GET;
content type = null;
request parameters = {};
request body = null;

2019-06-11 10:53:27.774 INFO 13856 --- [io-10380-exec-9] c.r.s.oauth2.server.WebRequestLogAspect : 192.168.243.193 Response from server :
{"graphUrl":"/captcha/graph/print?graphId=1747a354-8722-43dc-8f19-ae79182a7f9b","graphId":"1747a354-8722-43dc-8f19-ae79182a7f9b","ttl":300,"status":1}
2019-06-11 10:53:27.784 INFO 13856 --- [o-10380-exec-10] c.r.s.oauth2.server.WebRequestLogAspect : 192.168.243.193
Request from = 127.0.0.1;
uri = http://server.sso.com/captcha/graph/print;
request method = GET;
content type = null;
request parameters = {"graphId":"[1747a354-8722-43dc-8f19-ae79182a7f9b]"};
request body = null;

2019-06-11 10:53:27.792 INFO 13856 --- [o-10380-exec-10] c.r.s.oauth2.server.WebRequestLogAspect : 192.168.243.193 Response from server :
null
2019-06-11 10:53:32.598 INFO 13856 --- [io-10380-exec-1] o.h.h.i.QueryTranslatorFactoryInitiator : 192.168.243.193 HHH000397: Using ASTQueryTranslatorFactory
2019-06-11 10:53:32.761 INFO 13856 --- [io-10380-exec-2] c.r.s.oauth2.server.WebRequestLogAspect : 192.168.243.193
Request from = 127.0.0.1;
uri = http://server.sso.com/signIn;
request method = GET;
content type = null;
request parameters = {"authentication_error":"[true]","error":"[验证码错误！]"};
request body = null;

2019-06-11 10:53:32.761 INFO 13856 --- [io-10380-exec-2] c.r.s.oauth2.server.WebRequestLogAspect : 192.168.243.193 Response from server :
"signIn"
2019-06-11 10:53:32.856 INFO 13856 --- [io-10380-exec-7] c.r.s.oauth2.server.WebRequestLogAspect : 192.168.243.193
Request from = 127.0.0.1;
uri = http://server.sso.com/captcha/graph;
request method = GET;
content type = null;
request parameters = {};
request body = null;

2019-06-11 10:53:32.857 INFO 13856 --- [io-10380-exec-7] c.r.s.oauth2.server.WebRequestLogAspect : 192.168.243.193 Response from server :
{"graphUrl":"/captcha/graph/print?graphId=076f270c-3bd3-4e9c-9cbc-e1035488328e","graphId":"076f270c-3bd3-4e9c-9cbc-e1035488328e","ttl":300,"status":1}
2019-06-11 10:53:32.884 INFO 13856 --- [io-10380-exec-9] c.r.s.oauth2.server.WebRequestLogAspect : 192.168.243.193
Request from = 127.0.0.1;
uri = http://server.sso.com/captcha/graph/print;
request method = GET;
content type = null;
request parameters = {"graphId":"[076f270c-3bd3-4e9c-9cbc-e1035488328e]"};
request body = null;

2019-06-11 10:53:32.895 INFO 13856 --- [io-10380-exec-9] c.r.s.oauth2.server.WebRequestLogAspect : 192.168.243.193 Response from server :
null
2019-06-11 10:53:42.589 INFO 13856 --- [io-10380-exec-1] c.r.s.oauth2.server.WebRequestLogAspect : 192.168.243.193
Request from = 127.0.0.1;
uri = http://server.sso.com/oauth/confirm_access;
request method = GET;
content type = null;
request parameters = {"scope":"[user_info]","response_type":"[code]","state":"[SSMpmjvPJT5ZWQDBDnK5wqljqf8nV1Z2ZIS7KixmdVc=]","redirect_uri":"[http://client.sso.com/login/oauth2/code/sso-login]","client_id":"[SampleClientId]"};
request body = null;

2019-06-11 10:53:42.615 INFO 13856 --- [io-10380-exec-1] c.r.s.oauth2.server.WebRequestLogAspect : 192.168.243.193 Response from server :
"accessConfirmation"
2019-06-11 10:53:45.171 INFO 13856 --- [io-10380-exec-8] c.r.s.oauth2.server.WebRequestLogAspect : 192.168.243.193
Request from = 127.0.0.1;
uri = http://server.sso.com/oauth/confirm_access;
request method = GET;
content type = null;
request parameters = {"scope":"[user_info]","response_type":"[code]","state":"[Zw-0i1KtCcBpoKvWCd4h2mnV_Vuqr9rNUtIquSWjkEM=]","redirect_uri":"[http://client.sso.com/login/oauth2/code/sso-login]","client_id":"[SampleClientId]"};
request body = null;

2019-06-11 10:53:45.184 INFO 13856 --- [io-10380-exec-8] c.r.s.oauth2.server.WebRequestLogAspect : 192.168.243.193 Response from server :
"accessConfirmation"
2019-06-11 10:53:47.535 INFO 13856 --- [io-10380-exec-4] c.r.s.oauth2.server.WebRequestLogAspect : 192.168.243.193
Request from = 127.0.0.1;
uri = http://server.sso.com/oauth/confirm_access;
request method = GET;
content type = null;
request parameters = {"scope":"[user_info]","response_type":"[code]","state":"[XbLzAS1qdVVd99l5LOchIetQPWasOKd9-_KB7QxY04I=]","redirect_uri":"[http://client.sso.com/login/oauth2/code/sso-login]","client_id":"[SampleClientId]"};
request body = null;

2019-06-11 10:53:47.545 INFO 13856 --- [io-10380-exec-4] c.r.s.oauth2.server.WebRequestLogAspect : 192.168.243.193 Response from server :
"accessConfirmation"`

Answer 10 · 2019-06-11T02:55:35.000Z

client日志：
2019-06-11 10:59:16.706 DEBUG 18616 --- [io-10480-exec-6] o.s.s.w.util.matcher.AndRequestMatcher : 192.168.243.193 Trying to match using Ant [pattern='/login/oauth2/code/']
2019-06-11 10:59:16.706 DEBUG 18616 --- [io-10480-exec-6] o.s.s.w.u.matcher.AntPathRequestMatcher : 192.168.243.193 Checking match of request : '/error'; against '/login/oauth2/code/'
2019-06-11 10:59:16.706 DEBUG 18616 --- [io-10480-exec-6] o.s.s.w.util.matcher.AndRequestMatcher : 192.168.243.193 Did not match
2019-06-11 10:59:16.706 DEBUG 18616 --- [io-10480-exec-6] o.s.security.web.FilterChainProxy : 192.168.243.193 /error?code=Hwp3Xh&state=XbLzAS1qdVVd99l5LOchIetQPWasOKd9-_KB7QxY04I%3D at position 7 of 14 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
2019-06-11 10:59:16.706 DEBUG 18616 --- [io-10480-exec-6] o.s.security.web.FilterChainProxy : 192.168.243.193 /error?code=Hwp3Xh&state=XbLzAS1qdVVd99l5LOchIetQPWasOKd9-_KB7QxY04I%3D at position 8 of 14 in additional filter chain; firing Filter: 'DefaultLogoutPageGeneratingFilter'
2019-06-11 10:59:16.706 DEBUG 18616 --- [io-10480-exec-6] o.s.security.web.FilterChainProxy : 192.168.243.193 /error?code=Hwp3Xh&state=XbLzAS1qdVVd99l5LOchIetQPWasOKd9-_KB7QxY04I%3D at position 9 of 14 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2019-06-11 10:59:16.706 DEBUG 18616 --- [io-10480-exec-6] o.s.s.w.s.DefaultSavedRequest : 192.168.243.193 pathInfo: both null (property equals)
2019-06-11 10:59:16.706 DEBUG 18616 --- [io-10480-exec-9] .s.o.c.w.OAuth2LoginAuthenticationFilter : 192.168.243.193 Updated SecurityContextHolder to contain null Authentication
2019-06-11 10:59:16.706 DEBUG 18616 --- [io-10480-exec-6] o.s.s.w.s.DefaultSavedRequest : 192.168.243.193 queryString: arg1=code=zASObt&state=Zw-0i1KtCcBpoKvWCd4h2mnV_Vuqr9rNUtIquSWjkEM%3D; arg2=code=Hwp3Xh&state=XbLzAS1qdVVd99l5LOchIetQPWasOKd9-_KB7QxY04I%3D (property not equals)
2019-06-11 10:59:16.707 DEBUG 18616 --- [io-10480-exec-9] .s.o.c.w.OAuth2LoginAuthenticationFilter : 192.168.243.193 Delegating to authentication failure handler org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@7adba959
2019-06-11 10:59:16.707 DEBUG 18616 --- [io-10480-exec-6] o.s.s.w.s.HttpSessionRequestCache : 192.168.243.193 saved request doesn't match
2019-06-11 10:59:16.707 DEBUG 18616 --- [io-10480-exec-9] .a.SimpleUrlAuthenticationFailureHandler : 192.168.243.193 Redirecting to /login?error
2019-06-11 10:59:16.707 DEBUG 18616 --- [io-10480-exec-6] o.s.security.web.FilterChainProxy : 192.168.243.193 /error?code=Hwp3Xh&state=XbLzAS1qdVVd99l5LOchIetQPWasOKd9-_KB7QxY04I%3D at position 10 of 14 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2019-06-11 10:59:16.707 DEBUG 18616 --- [io-10480-exec-9] o.s.s.web.DefaultRedirectStrategy : 192.168.243.193 Redirecting to '/login?error'
2019-06-11 10:59:16.707 DEBUG 18616 --- [io-10480-exec-6] o.s.security.web.FilterChainProxy : 192.168.243.193 /error?code=Hwp3Xh&state=XbLzAS1qdVVd99l5LOchIetQPWasOKd9-_KB7QxY04I%3D at position 11 of 14 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2019-06-11 10:59:16.707 DEBUG 18616 --- [io-10480-exec-9] o.s.s.w.header.writers.HstsHeaderWriter : 192.168.243.193 Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@35f3ce92
2019-06-11 10:59:16.707 DEBUG 18616 --- [io-10480-exec-9] w.c.HttpSessionSecurityContextRepository : 192.168.243.193 SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2019-06-11 10:59:16.707 DEBUG 18616 --- [io-10480-exec-6] o.s.s.w.a.AnonymousAuthenticationFilter : 192.168.243.193 Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@992be09c: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 2B0528DA531DFEA05F5D0A2FF3A1A990; Granted Authorities: ROLE_ANONYMOUS'
2019-06-11 10:59:16.707 DEBUG 18616 --- [io-10480-exec-9] s.s.w.c.SecurityContextPersistenceFilter : 192.168.243.193 SecurityContextHolder now cleared, as request processing completed
2019-06-11 10:59:16.707 DEBUG 18616 --- [io-10480-exec-6] o.s.security.web.FilterChainProxy : 192.168.243.193 /error?code=Hwp3Xh&state=XbLzAS1qdVVd99l5LOchIetQPWasOKd9-_KB7QxY04I%3D at position 12 of 14 in additional filter chain; firing Filter: 'SessionManagementFilter'
2019-06-11 10:59:16.707 DEBUG 18616 --- [io-10480-exec-6] o.s.security.web.FilterChainProxy : 192.168.243.193 /error?code=Hwp3Xh&state=XbLzAS1qdVVd99l5LOchIetQPWasOKd9-_KB7QxY04I%3D at position 13 of 14 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2019-06-11 10:59:16.707 DEBUG 18616 --- [io-10480-exec-6] o.s.security.web.FilterChainProxy : 192.168.243.193 /error?code=Hwp3Xh&state=XbLzAS1qdVVd99l5LOchIetQPWasOKd9-_KB7QxY04I%3D at position 14 of 14 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2019-06-11 10:59:16.708 DEBUG 18616 --- [io-10480-exec-6] o.s.s.w.a.i.FilterSecurityInterceptor : 192.168.243.193 Secure object: FilterInvocation: URL: /error?code=Hwp3Xh&state=XbLzAS1qdVVd99l5LOchIetQPWasOKd9-_KB7QxY04I%3D; Attributes: [authenticated]
2019-06-11 10:59:16.709 DEBUG 18616 --- [io-10480-exec-6] o.s.s.w.a.i.FilterSecurityInterceptor : 192.168.243.193 Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@992be09c: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 2B0528DA531DFEA05F5D0A2FF3A1A990; Granted Authorities: ROLE_ANONYMOUS
2019-06-11 10:59:16.709 DEBUG 18616 --- [io-10480-exec-6] o.s.s.access.vote.AffirmativeBased : 192.168.243.193 Voter: org.springframework.security.web.access.expression.WebExpressionVoter@455f222, returned: -1
2019-06-11 10:59:16.709 DEBUG 18616 --- [io-10480-exec-6] o.s.s.w.a.ExceptionTranslationFilter : 192.168.243.193 Access is denied (user is anonymous); redirecting to authentication entry point

org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124) ~[spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) ~[spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119) ~[spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:206) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) [spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) [spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) [spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) [spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:712) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:461) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:384) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:312) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:394) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:253) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.core.StandardHostValve.throwable(StandardHostValve.java:348) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:173) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:836) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1747) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.19.jar:9.0.19]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_201]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_201]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.19.jar:9.0.19]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_201]

Answer 11 · 2019-06-11T02:57:32.000Z

code拿到之后，去取token的时候，好像没有拿到token

Answer 12 · 2019-06-11T12:09:45.000Z

你有空更新代码，重建数据库，初始化数据，然后再试试，刚我重新配置测试正常

Answer 13 · 2019-06-12T15:23:58.000Z

我把数据删除，用最新的代码重新生成，测试是没有问题的，重现不了你的错误

Answer 14 · 2019-06-13T09:51:12.000Z

重新搭建环境之后，现在可以了。但是还有点问题，logout之后，访问过api还是可以继续访问的。
然后我有点逻辑上的问题，请教一下。就是必须先访问client，才能访问api吗，不能访问api没有token跳转到client上吗？

Answer 15 · 2019-06-13T11:42:34.000Z

1、目前token没有采用黑名单，也就是没有吊销机制，在有效期内一直有效；你可以很容易扩展实现黑名单，注销后放入黑名单，然后使用时验证token。
2、通常api都是json接口不涉及到页面视图，api返回401代码后，调用端可以重新去获取token，或者重定向到client登录页，然后完成token获取