我正在撰写RESTful网络服务(Jersey上运行的Tomcat),需要对用户的电子邮件地址进行身份验证,并可能访问其Google日历。
该计划是用户将被重定向到OAuth2
我的网络服务已受Spring Security保护。它适用于基本身份验证(即硬连接的用户和密码列表。)如果我尝试访问任何受保护的资源,我会被提示登录。
现在我正在尝试连接Spring Security OAuth2。我的理解是,如果我尝试访问受保护的资源,我将重定向到Google。
然而,无论我尝试什么,我似乎无法让OAuth解雇。没有记录控制台错误,资源受到保护(我收到错误“访问此资源需要完全身份验证”)。
出了点问题;可能是我的配置,我的理解,或两者兼而有之。建议将不胜感激。
web.xml(部分):
<servlet-mapping>
<servlet-name>Jersey REST Service</servlet-name>
<url-pattern>/V1/*</url-pattern>
</servlet-mapping>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/spring-security.xml</param-value>
</context-param>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
spring-security.xml(隐藏了谷歌键):
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/security/oauth2
http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd">
<debug />
<oauth:client id="oauth2ClientFilter" />
<oauth:resource id="googleOauth2Resource"
type="authorization_code"
client-id="hidden"
client-secret="hidden"
access-token-uri="https://accounts.google.com/o/oauth2/v3/token"
user-authorization-uri="https://accounts.google.com/o/oauth2/auth"
scope="email" />
<http xmlns="http://www.springframework.org/schema/security" entry-point-ref="oauthAuthenticationEntryPoint" create-session="stateless">
<intercept-url pattern="/V1/**" access="IS_AUTHENTICATED_FULLY" />
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<custom-filter ref="oauth2ClientFilter" after="EXCEPTION_TRANSLATION_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
<oauth:rest-template id="googleOauthRestTemplate"
resource="googleOauth2Resource" />
<beans:bean id="oauthAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
</beans:bean>
<beans:bean id="oauthAccessDeniedHandler"
class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler">
</beans:bean>
<authentication-manager>
</authentication-manager>
</beans:beans>
更新:我确实找到了working demo(该名称具有误导性 - 它使用的是OAuth2,而不是OpenID。)访问受保护资源会触发按预期方式重定向到Google。我没有任何运气将他的带注释的类翻译成XML,但我并没有在Spring Boot或Spring MVC下运行,因此我很难切换到使用注释。
**更新2:**使用调试器,我可以看到OAuth2ClientContextFilter.doFilter被调用,但它决定不重定向,因为过滤器链没有抛出UserRedirectRequiredException。 (过滤器链抛出的异常是AccessDeniedException。)
答案 0 :(得分:3)
您收到回复的原因:"Full authentication is required to access this resource"是因为OAuth2AuthenticationEntryPoint期待访问令牌。
如果您是 资源服务器 接受具有访问权限的请求,则会使用OAuth2AuthenticationEntryPoint。但是,在您的情况下,您的目的似乎是 依赖方 ,它依赖于Google提供访问令牌,以便您可以在Google上访问用户的数据他代表。
所以你必须遵循的流程与你在GitHub上找到的演示应用程序相同:
/test /login LoginUrlAuthenticationEntryPoint
/login的请求再次通过过滤链,并在OpenIDConnectAuthenticationFilter中被截获,其中OAuth2RestTemplate配置的UserRedirectRequiredException尝试检索用户信息。这会抛出OAuth2ClientContextFilter,因为OAuth2ClientContext还没有访问令牌来检索用户的信息。UserRedirectRequiredException抓住引发的2016-09-11 02:32:34.361 DEBUG 41435 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /test at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2016-09-11 02:32:34.366 DEBUG 41435 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /test at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2016-09-11 02:32:34.367 DEBUG 41435 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2016-09-11 02:32:34.367 DEBUG 41435 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2016-09-11 02:32:34.375 DEBUG 41435 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /test at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2016-09-11 02:32:34.378 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@38511637
2016-09-11 02:32:34.379 DEBUG 41435 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /test at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
2016-09-11 02:32:34.381 DEBUG 41435 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /test at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
2016-09-11 02:32:34.382 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /test' doesn't match 'POST /logout
2016-09-11 02:32:34.382 DEBUG 41435 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /test at position 6 of 13 in additional filter chain; firing Filter: 'OAuth2ClientContextFilter'
2016-09-11 02:32:34.382 DEBUG 41435 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /test at position 7 of 13 in additional filter chain; firing Filter: 'OpenIDConnectAuthenticationFilter'
2016-09-11 02:32:34.383 DEBUG 41435 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /test at position 8 of 13 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2016-09-11 02:32:34.383 DEBUG 41435 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /test at position 9 of 13 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2016-09-11 02:32:34.385 DEBUG 41435 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /test at position 10 of 13 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2016-09-11 02:32:34.396 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2016-09-11 02:32:34.396 DEBUG 41435 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /test at position 11 of 13 in additional filter chain; firing Filter: 'SessionManagementFilter'
2016-09-11 02:32:34.405 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.session.SessionManagementFilter : Requested session ID D2C2005BFB0AD21F3380BC0BE8326094 is invalid.
2016-09-11 02:32:34.405 DEBUG 41435 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /test at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2016-09-11 02:32:34.406 DEBUG 41435 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : /test at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2016-09-11 02:32:34.407 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/test'; against '/'
2016-09-11 02:32:34.415 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/test'; against '/test'
2016-09-11 02:32:34.421 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /test; Attributes: [authenticated]
2016-09-11 02:32:34.422 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2016-09-11 02:32:34.650 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@3f726a43, returned: -1
2016-09-11 02:32:34.676 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:206)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter.doFilter(OAuth2ClientContextFilter.java:57)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:85)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:57)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter.doFilter(OAuth2ClientContextFilter.java:57)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1736)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1695)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
2016-09-11 02:32:34.678 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using Ant [pattern='/**', GET]
2016-09-11 02:32:34.678 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Request '/test' matched by universal pattern '/**'
2016-09-11 02:32:34.679 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern='/**/favicon.ico']]
2016-09-11 02:32:34.679 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/test'; against '/**/favicon.ico'
2016-09-11 02:32:34.679 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.u.matcher.NegatedRequestMatcher : matches = true
2016-09-11 02:32:34.679 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@7f127599, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]]
2016-09-11 02:32:34.689 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : httpRequestMediaTypes=[text/html, application/xhtml+xml, image/webp, application/xml;q=0.9, */*;q=0.8]
2016-09-11 02:32:34.689 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing text/html
2016-09-11 02:32:34.689 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : application/json .isCompatibleWith text/html = false
2016-09-11 02:32:34.689 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing application/xhtml+xml
2016-09-11 02:32:34.691 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : application/json .isCompatibleWith application/xhtml+xml = false
2016-09-11 02:32:34.692 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing image/webp
2016-09-11 02:32:34.692 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : application/json .isCompatibleWith image/webp = false
2016-09-11 02:32:34.697 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing application/xml;q=0.9
2016-09-11 02:32:34.699 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : application/json .isCompatibleWith application/xml;q=0.9 = false
2016-09-11 02:32:34.703 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Processing */*;q=0.8
2016-09-11 02:32:34.705 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Ignoring
2016-09-11 02:32:34.707 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.u.m.MediaTypeRequestMatcher : Did not match any media types
2016-09-11 02:32:34.707 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.u.matcher.NegatedRequestMatcher : matches = true
2016-09-11 02:32:34.707 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]]
2016-09-11 02:32:34.708 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.u.matcher.NegatedRequestMatcher : matches = true
2016-09-11 02:32:34.709 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.util.matcher.AndRequestMatcher : All requestMatchers returned true
2016-09-11 02:32:34.759 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.s.HttpSessionRequestCache : DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/test]
2016-09-11 02:32:34.759 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.w.a.ExceptionTranslationFilter : Calling Authentication entry point.
2016-09-11 02:32:34.760 DEBUG 41435 --- [nio-8080-exec-1] o.s.s.web.DefaultRedirectStrategy : Redirecting to 'http://localhost:8080/login'
2016-09-11 02:32:34.761 DEBUG 41435 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2016-09-11 02:32:34.761 DEBUG 41435 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2016-09-11 02:32:35.059 DEBUG 41435 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /login at position 1 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2016-09-11 02:32:35.059 DEBUG 41435 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /login at position 2 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2016-09-11 02:32:35.059 DEBUG 41435 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
2016-09-11 02:32:35.059 DEBUG 41435 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@7ff7af51. A new one will be created.
2016-09-11 02:32:35.060 DEBUG 41435 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /login at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2016-09-11 02:32:35.060 DEBUG 41435 --- [nio-8080-exec-2] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@38511637
2016-09-11 02:32:35.060 DEBUG 41435 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /login at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
2016-09-11 02:32:35.060 DEBUG 41435 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /login at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
2016-09-11 02:32:35.061 DEBUG 41435 --- [nio-8080-exec-2] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /login' doesn't match 'POST /logout
2016-09-11 02:32:35.061 DEBUG 41435 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /login at position 6 of 13 in additional filter chain; firing Filter: 'OAuth2ClientContextFilter'
2016-09-11 02:32:35.062 DEBUG 41435 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : /login at position 7 of 13 in additional filter chain; firing Filter: 'OpenIDConnectAuthenticationFilter'
2016-09-11 02:32:35.187 DEBUG 41435 --- [nio-8080-exec-2] o.s.s.web.DefaultRedirectStrategy : Redirecting to 'https://accounts.google.com/o/oauth2/auth?client_id=%3Cclient_id%3E&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Flogin&response_type=code&scope=openid&state=19P08W'
2016-09-11 02:32:35.187 DEBUG 41435 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2016-09-11 02:32:35.188 DEBUG 41435 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
并将用户重定向到Google的授权页面。这是DEBUG日志,向您展示流程:
@EnableOAuth2Client此外,在示例代码中,请注意导入OAuth2ClientConfiguration的{{1}}。