Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)

这篇具有很好参考价值的文章主要介绍了Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)。希望对大家有所帮助。如果存在错误或未考虑完全的地方,请大家不吝赐教,您也可以点击"举报违法"按钮提交疑问。

目录

背景

demo地址

版本

Spring Boot 3.1

Spring Authorization Server 1.1.0

基础

spring security

OAuth2

模块构成

授权方式

认证方式

集成过程

官方demo

代码集成

依赖

授权服务AuthorizationServerConfig配置

重要组件

测试

查看授权服务配置

访问授权服务

授权

回调

获取 access_token

获取用户信息

个性化改造

目标

基础知识

Spring Security OAuth2 Client

改造过程

auth-server改造

POM

持久化改造

AuthorizationServerConfig改造

sql脚本

DefaultSecurityConfig修改

UserService配置

异常处理

测试

根据刷新码 refresh_token 换token

自定义用户信息

userService新增方法

定义用户信息格式返回handler

SecurityFilterChain改造

测试

 auth-client客户端添加

 配置

 controller

测试

控制台

集成GateWay

代办事项 

sql脚本


背景

基于 Spring Cloud Alibaba  架构下,需要一个统一授权中心,与 gateway 配合使用实现微服务的授权与认证,下面主要介绍整个集成过程,基于springboot3.1最新版

demo地址

我放到了github上,还包括 spring-cloud-alibaba其他的集成

ricardo-m-yu/spring-cloud-alibaba (github.com)

版本

Spring Boot 3.1

最新发布的springboot3.1版本对 oauth2 提供了默认的支持,可以引用下面的依赖来快速构建,为了体验新版本特性,我这边切换到了 3.1版本

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)

Spring Boot 3.1 提供了一个 spring-boot-starter-oauth2-authorization-server 启动器,可以支持 Spring Authorization Server 的自动配置,轻松配置基于 Servlet 的 OAuth2 授权服务器,同时@EnableAuthorizationServer这些注解也早已废弃

Spring Authorization Server 1.1.0

官方文档

Spring Authorization Server

基础

spring security

关于springsecurity的基础知识,之前写过一篇 springboot 与 Spring Security 集成的基于 jwt的授权的,可以看下面的

(296条消息) springboot 2.7整合spring security 5.7整合jwt实现用户登录注册与鉴权全记录_ricardo.M.Yu的博客-CSDN博客

OAuth2

 OAuth2可以提供一个统一的认证服务。主要模块如下:

模块构成

  • Resource owner(资源拥有者):拥有该资源的服务或用户,如我们自己或者资源网站
  • Authorization server(认证服务器):即用来认证与颁发令牌(如token)的服务
  • Resource server(资源服务器):拥有资源的服务,如我们要访问的网站
  • Client(客户端):即访问的客户端,如我们自己用的访问网站

授权方式

  • 授权码模式(authorization_code):最正规的模式,客户端先将用户导向认证服务器,登录后获取授权码,然后进行授权,最后根据授权码获取访问令牌
  • 刷新模式(refresh_token):用刷新码获取
  • 客户端模式(client_credentials):第三方应用自己本身需要获取资源

详见  AuthorizationGrantType 这个类

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)

下面的密码模式已经被废弃

  • 密码模式(resource owner password credentials):直接带用户名和密码去向认证服务器申请令牌

认证方式

  • client_secret_basic:最常用,客户端的 client_id 和 client_secret,传递给授权服务器

  • client_secret_post:常用,客户端的 client_id 和 client_secret,传递给授权服务器,参数传递方式不同

  • client_secret_jwt:利用 JWT 进行认证

  • private_key_jwt:方式就是利用 JWT 进行认证。请求方拥有自己的公私钥(密钥对)

  • none

详见 ClientAuthenticationMethod

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)

集成过程

我下面会分为三个阶段逐次递进改造,

  • 第一阶段:官方demo演示与组件讲解测试
  • 第二阶段:个性化改造
  • 第三阶段:集成 springcloud gateway 完成分布式授权改造

官方demo

代码集成

依赖

只需要下面的这一个依赖,springboot 版本为 3.1

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>3.1.0</version>
    <relativePath/>
</parent>


<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-oauth2-authorization-server</artifactId>
</dependency>

授权服务AuthorizationServerConfig配置

spring 官方在快速开始里面给出了下面的默认最小配置,

Getting Started (spring.io)

我先粘下来再介绍,代码结构大概这样,一共两个配置类

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)

 AuthorizationServerConfig


@Configuration
public class AuthorizationServerConfig {

    @Bean
    @Order(1)
    public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
            throws Exception {
        //针对 Spring Authorization Server 最佳实践配置
        OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
        http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
                .oidc(Customizer.withDefaults());	// Enable OpenID Connect 1.0

        http
                // Redirect to the login page when not authenticated from the
                // authorization endpoint
                .exceptionHandling((exceptions) -> exceptions
                        .defaultAuthenticationEntryPointFor(
                                new LoginUrlAuthenticationEntryPoint("/login"),
                                new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
                        )
                )
                // Accept access tokens for User Info and/or Client Registration
                .oauth2ResourceServer((resourceServer) -> resourceServer
                        .jwt(Customizer.withDefaults()));

        return http.build();
    }

    @Bean
    public RegisteredClientRepository registeredClientRepository() {
        RegisteredClient oidcClient = RegisteredClient.withId(UUID.randomUUID().toString())
                .clientId("oidc-client")
                .clientSecret("{noop}secret")
                .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
                .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
                .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
                .redirectUri("http://www.baidu.com")
                .redirectUri("http://localhost:9001/login/oauth2/code/oidc-client")
                .redirectUri("http://localhost:9001/api/login/welcome")
                .postLogoutRedirectUri("http://127.0.0.1:8080/")
                .scope(OidcScopes.OPENID)
                .scope(OidcScopes.PROFILE)
                .scope("message.read")
                .scope("message.write")
                .scope("all")
                // 设置 Client 需要页面审核授权
                .clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build())
                .build();

        return new InMemoryRegisteredClientRepository(oidcClient);
    }

    /**
     * 默认发放令牌
     * @return
     */
    @Bean
    public JWKSource<SecurityContext> jwkSource() {
        KeyPair keyPair = generateRsaKey();
        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
        RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
        RSAKey rsaKey = new RSAKey.Builder(publicKey)
                .privateKey(privateKey)
                .keyID(UUID.randomUUID().toString())
                .build();
        JWKSet jwkSet = new JWKSet(rsaKey);
        return new ImmutableJWKSet<>(jwkSet);
    }

    private static KeyPair generateRsaKey() {
        KeyPair keyPair;
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            keyPair = keyPairGenerator.generateKeyPair();
        }
        catch (Exception ex) {
            throw new IllegalStateException(ex);
        }
        return keyPair;
    }

    @Bean
    public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
        return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
    }

    @Bean
    public AuthorizationServerSettings authorizationServerSettings() {
        return AuthorizationServerSettings.builder().build();
    }
}

DefaultSecurityConfig

@EnableWebSecurity
@Configuration(proxyBeanMethods = false)
public class DefaultSecurityConfig {


    @Bean
    @Order(2)
    public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http)
            throws Exception {
        http
                .authorizeHttpRequests((authorize) -> authorize
                        .requestMatchers(new AntPathRequestMatcher("/actuator/**"),
                                new AntPathRequestMatcher("/oauth2/**"),
                                new AntPathRequestMatcher("/**/*.json"),
                                new AntPathRequestMatcher("/**/*.html")).permitAll()
                        .anyRequest().authenticated()
                )
                .cors(Customizer.withDefaults())
                .csrf((csrf) -> csrf.disable())
//                .httpBasic(Customizer.withDefaults())
//				// Form login handles the redirect to the login page from the
//				// authorization server filter chain
                .formLogin(Customizer.withDefaults())
        ;

        return http.build();
    }

    @Bean
    public UserDetailsService userDetailsService() {
        UserDetails userDetails = User.withDefaultPasswordEncoder()
                .username("user")
                .password("password")
                .roles("USER")
                .build();

        return new InMemoryUserDetailsManager(userDetails);
    }

}

分别介绍下这几个@Bean配置,也是 AuthorizationServer 的几个重要概念。

重要组件

  • SecurityFilterChain -> authorizationServerSecurityFilterChain: Spring Security的过滤器链,用于协议端点的。

  • SecurityFilterChain -> defaultSecurityFilterChain: Spring Security的过滤器链,用于Spring Security的身份认证

  • UserDetailsService :主要进行用户身份验证

  • RegisteredClientRepository:主要用于管理客户端

  • JWKSource:用于签名访问令牌

  • KeyPair: 启动时生成的带有密钥的KeyPair实例,用于创建上面的JWKSource

  • JwtDecoder:JwtDecoder的一个实例,用于解码已签名的访问令牌

  • AuthorizationServerSettings:用于配置Spring Authorization Server的AuthorizationServerSettings实例。

测试

为了方便测试,上面的配置中,客户端的回调地址我已经改成了 百度的,授权方式用授权码模式,认证方式用client_secret_basic

服务启动,端口为9000

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)

查看授权服务配置

地址:

调用  http://127.0.0.1:9000/.well-known/openid-configuration

 后,查看地址配置如下:其实就是每个请求的url

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)

详细的是下面

{

    "issuer": "http://127.0.0.1:9000",

    "authorization_endpoint": "http://127.0.0.1:9000/oauth2/authorize",

    "device_authorization_endpoint": "http://127.0.0.1:9000/oauth2/device_authorization",

    "token_endpoint": "http://127.0.0.1:9000/oauth2/token",

    "token_endpoint_auth_methods_supported": [

        "client_secret_basic",

        "client_secret_post",

        "client_secret_jwt",

        "private_key_jwt"

    ],

    "jwks_uri": "http://127.0.0.1:9000/oauth2/jwks",

    "userinfo_endpoint": "http://127.0.0.1:9000/userinfo",

    "end_session_endpoint": "http://127.0.0.1:9000/connect/logout",

    "response_types_supported": [

        "code"

    ],

    "grant_types_supported": [

        "authorization_code",

        "client_credentials",

        "refresh_token",

        "urn:ietf:params:oauth:grant-type:device_code"

    ],

    "revocation_endpoint": "http://127.0.0.1:9000/oauth2/revoke",

    "revocation_endpoint_auth_methods_supported": [

        "client_secret_basic",

        "client_secret_post",

        "client_secret_jwt",

        "private_key_jwt"

    ],

    "introspection_endpoint": "http://127.0.0.1:9000/oauth2/introspect",

    "introspection_endpoint_auth_methods_supported": [

        "client_secret_basic",

        "client_secret_post",

        "client_secret_jwt",

        "private_key_jwt"

    ],

    "subject_types_supported": [

        "public"

    ],

    "id_token_signing_alg_values_supported": [

        "RS256"

    ],

    "scopes_supported": [

        "openid"

    ]

}

访问授权服务

浏览器地址栏输入

http://localhost:9000/oauth2/authorize?response_type=code&client_id=oidc-client&scope=message.read openid&redirect_uri=http://www.baidu.com

用这个请求来模拟客户端,实际开发中,其实是先访问资源服务,由资源服务来拼接这几个参数来重定向到授权服务的,参数意义如下,这些参数都是需要再上面RegisteredClientRepository配置过的

  • response_type:这个意思是相应的方式为code码
  • client_id:即客户端的id,即上面配置中在 RegisteredClientRepository 配置的
  • scope:请求授权范围,也需要在上面的配置中
  • redirect_uri:授权通过后,重定向回来的地址

输入完上面的地址后,会重定向到下面这个登录页面,

我们输入上面配置好的用户名密码:

user

password

点击登录 

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)

授权

登录过后,会到下面这个授权页面,点击授权范围,然后点击 submit

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)

回调

授权通过后,授权服务回调到了百度的地址,然后附带这我们的授权码,如下图

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)

获取 access_token

拿到授权码之后,可以用postman测试来获取 access_token

测试接口参数

Header

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)

请求体 

http://localhost:9000/oauth2/token?grant_type=authorization_code&code=ajdNNIj8EiLjgw3OS8yu2q8n3XXCAb6cPY5LRsOHyRlAAB1ENKdmy8M4JBkJ8PrU-3K9QdpAZtyKg8QP5q0EHN2mR1k532FQUKz1ObSuH3EuSFy5LVzut9z1QVPuefoA&redirect_uri=http://www.baidu.com

curl命令如下

curl --location --request POST 'http://localhost:9000/oauth2/token?grant_type=authorization_code&code=a_lOQegEwElR09Sj6auVpBdYGgnhhK0uz1Uks286ei_zkbyDFKII2uf7gMIF7CU4cLN8ZEY3EsSq9jMAZ-Rmtmlq5pI6KPB95LMQg9fFirFg2wWjdd5PEwQLMEogY9B6&redirect_uri=http%3A%2F%2Fwww.baidu.com' \
--header 'Authorization: Basic b2lkYy1jbGllbnQ6c2VjcmV0'

 参数说明:

  • grant_type:即授权方式,authorization_code即授权码模式
  • code:即授权码,上面重定向到百度给我们的授权码
  • redirect_uri:重定向的url
  • header中的 Authorization参数:因为我们用的客户端认证方式 为  client_secret_basic ,这个需要传参,还有一些其他的认证方式,具体参数说明如下
  • client_secret_basic: 将 clientId 和 clientSecret 通过 ‘:’ 号拼接,( clientId 和 clientSecret 都在上面配置中,)并使用 Base64 进行编码得到一串字符,再在前面加个 注意有个 Basic   前缀(Basic后有一个空格), 即得到上面参数中的 Basic b2lkYy1jbGllbnQ6c2VjcmV0
  • client_secret_post :clientId 和 clientSecret 放到表单去发送请求。如下图:

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)

 使用我们的 client_secret_basic 方式传参,接口调用结果:

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)

已经正常拿到了 access_token。

完整的过滤器执行顺序,控制台输出

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)

获取用户信息

获取用户信息接口为  /userinfo,注意需要有 opid 的授权范围,需要传参的值为 上面获取到的access_token,并在前面拼上  Bearer 

参数说明

Authorization:值格式为 Bearer + ${access_token}, 注意 Bearer  后面附带空格

curl命令

curl --location --request POST 'http://127.0.0.1:9000/userinfo' \
--header 'Authorization: Bearer eyJraWQiOiI4ZDc5YTIwNi1kOWZhLTQ5NWQtODJkMi1iMzk2MjQwNGQ4YmIiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJ1c2VyIiwiYXVkIjoib2lkYy1jbGllbnQiLCJuYmYiOjE2ODY3MzM4MTYsInNjb3BlIjpbIm9wZW5pZCIsIm1lc3NhZ2UucmVhZCJdLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjkwMDAiLCJleHAiOjE2ODY3MzQxMTYsImlhdCI6MTY4NjczMzgxNn0.AiGV5LIl8a4_7a7L2gbR61sjvHVLW4dZ6cElAwsWZnp-P7ocQT119KIASTPv138MU6ZK2_aF_-ER5FKaFQVSOj10Fy_Gv9PXa2ExrzTajfkPtA_t63jCcazzllaVWY4QIVD4fU8hPe6zDwjNOOX8R7hJFu2qtZ8V3bhzTlC0M4XWDAQ0goymYrAnVq8BR6hRm5-pY4nMCUZPFCeEFqGnl68EGRzosdSQeuRd-PtzB837i-C7lxqIjs4Y5hZ9mQw3R1zfa0WoP2KeN8K3WjyTIYd9PvrLIFCB5Zhj54sdNpZTy7wwC-oCVzwFFCEkgY-vprfgk4e4sZ10Lx60j--fHA' \
--header 'Cookie: JSESSIONID=7B10DA37A285902E4AEE4586AC181343'

效果如下:

默认返回的只有用户名,其他的数据,需要我们来重写一些东西获取

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)

 过滤器执行链Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)

BearerTokenAuthenticationFilter: 检验token

AuthenticationEntryPointFailureHandler

AuthenticationFailureHandler

OidcUserInfoEndpointFilter

个性化改造

目标

  1. 原有的客户端注册中心是基于内存的InMemoryRegisteredClientRepository,需要改造为基于数据库,可动态注册即修改客户端信息
  2. 用户信息UserDetailsService也是基于内存,现在需要基于数据库动态添加编辑
  3. 各种异常的自定义处理与信息返回
  4. 用户信息的自定义返回
  5. 过期时间、授权方式
  6. 新增客户端client,从客户端作为入口并配置相关组件

基础知识

Spring Security OAuth2 Client

组件介绍:

  • ClientRegistration:注册的客户端

  • ClientRegistrationRepository:ClientRegistration的存储仓库

  • OAuth2AuthorizedClient: 已授权过的客户端

  • OAuth2AuthorizedClientRepository :已授权过的客户端存储库持久化

  • OAuth2AuthorizationRequestRedirectFilter:该过滤器处理 /oauth2/authorization 路径,转发给 认证中心 对应的路径 /oauth2/authorize

  • OAuth2AuthorizationCodeGrantFilter:负责处理 认证中心 的授权码回调请求,如地址重定向

  • OAuth2LoginAuthenticationFilter:处理第三方认证的回调(该回调有授权码)

    拿着授权码到第三方认证服务器获取access_token和refresh_token

改造过程

auth-server改造

目标

  • 客户端基于数据库增删
  • 用户信息UserDetailsService也是基于内存,现在需要基于数据库动态添加编辑
  • 异常的自定义处理与信息返回
  • 过期时间、授权方式
  • 用户信息的自定义返回

改造如下:

POM

新增数据库相关依赖,包括mysql和 mybatis

 <dependency>
     <groupId>mysql</groupId>
     <artifactId>mysql-connector-java</artifactId>
 </dependency>
 <dependency>
     <groupId>com.alibaba</groupId>
     <artifactId>druid-spring-boot-starter</artifactId>
 </dependency>
 <dependency>
     <groupId>com.alibaba</groupId>
     <artifactId>fastjson</artifactId>
 </dependency>
 <dependency>
     <groupId>org.mybatis.spring.boot</groupId>
     <artifactId>mybatis-spring-boot-starter</artifactId>
 </dependency>

配置文件增加

spring:
  datasource:
    type: com.alibaba.druid.pool.DruidDataSource
    driver-class-name: com.mysql.cj.jdbc.Driver
    url: jdbc:mysql://192.168.1.111:8106/oauth2?useSSL=false&serverTimezone=Asia/Shanghai
    username: root
    password: 123456
持久化改造

将原先客户端的信息及授权信息配置到数据库中

再另外增加一个 sys_user,来存储默认的用户信息

AuthorizationServerConfig改造

新增两个持久化用到的repository,注释掉之前基于内存的 RegisteredClientRepository

    /**
     * 注册客户端
     * @param jdbcTemplate
     * @return
     */
    @Bean
    public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) {
        return new JdbcRegisteredClientRepository(jdbcTemplate);
    }


    /**
     * 授权
     * @param jdbcTemplate
     * @param registeredClientRepository
     * @return
     */
    @Bean
    public OAuth2AuthorizationService authorizationService(JdbcTemplate jdbcTemplate, RegisteredClientRepository registeredClientRepository) {
        return new JdbcOAuth2AuthorizationService(jdbcTemplate, registeredClientRepository);
    }
sql脚本

需要用到SQL脚本和一些初始数据我直接放在了下面,包括一个sys_user用来登录,里面过期时间及相关的消息我已经 初始化好了

-- ----------------------------
-- Table structure for oauth2_authorization
-- ----------------------------
DROP TABLE IF EXISTS `oauth2_authorization`;
CREATE TABLE `oauth2_authorization`  (
  `id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `registered_client_id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `principal_name` varchar(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `authorization_grant_type` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `authorized_scopes` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
  `attributes` blob NULL,
  `state` varchar(500) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
  `authorization_code_value` blob NULL,
  `authorization_code_issued_at` timestamp(0) NULL DEFAULT NULL,
  `authorization_code_expires_at` timestamp(0) NULL DEFAULT NULL,
  `authorization_code_metadata` blob NULL,
  `access_token_value` blob NULL,
  `access_token_issued_at` timestamp(0) NULL DEFAULT NULL,
  `access_token_expires_at` timestamp(0) NULL DEFAULT NULL,
  `access_token_metadata` blob NULL,
  `access_token_type` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
  `access_token_scopes` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
  `oidc_id_token_value` blob NULL,
  `oidc_id_token_issued_at` timestamp(0) NULL DEFAULT NULL,
  `oidc_id_token_expires_at` timestamp(0) NULL DEFAULT NULL,
  `oidc_id_token_metadata` blob NULL,
  `refresh_token_value` blob NULL,
  `refresh_token_issued_at` timestamp(0) NULL DEFAULT NULL,
  `refresh_token_expires_at` timestamp(0) NULL DEFAULT NULL,
  `refresh_token_metadata` blob NULL,
  `user_code_value` blob NULL,
  `user_code_issued_at` timestamp(0) NULL DEFAULT NULL,
  `user_code_expires_at` timestamp(0) NULL DEFAULT NULL,
  `user_code_metadata` blob NULL,
  `device_code_value` blob NULL,
  `device_code_issued_at` timestamp(0) NULL DEFAULT NULL,
  `device_code_expires_at` timestamp(0) NULL DEFAULT NULL,
  `device_code_metadata` blob NULL,
  PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci ROW_FORMAT = Dynamic;

-- ----------------------------
-- Records of oauth2_authorization
-- ----------------------------
INSERT INTO `oauth2_authorization` VALUES ('684c544f-a11c-475d-a6f8-7d2c891c0bd0', '7b692184-914f-4dcb-9142-f542a7e43fa4', 'user', 'authorization_code', 'openid,message.read', 0x7B2240636C617373223A226A6176612E7574696C2E436F6C6C656374696F6E7324556E6D6F6469666961626C654D6170222C226A6176612E73656375726974792E5072696E636970616C223A7B2240636C617373223A226F72672E737072696E676672616D65776F726B2E73656375726974792E61757468656E7469636174696F6E2E557365726E616D6550617373776F726441757468656E7469636174696F6E546F6B656E222C22617574686F726974696573223A5B226A6176612E7574696C2E436F6C6C656374696F6E7324556E6D6F6469666961626C6552616E646F6D4163636573734C697374222C5B5D5D2C2264657461696C73223A7B2240636C617373223A226F72672E737072696E676672616D65776F726B2E73656375726974792E7765622E61757468656E7469636174696F6E2E57656241757468656E7469636174696F6E44657461696C73222C2272656D6F746541646472657373223A22303A303A303A303A303A303A303A31222C2273657373696F6E4964223A223141433645423144444332313637373745434232313233383934343034463941227D2C2261757468656E74696361746564223A747275652C227072696E636970616C223A7B2240636C617373223A22636F6D2E73792E617574687365727665722E646F6D61696E2E55736572496E666F222C226964223A322C22757365726E616D65223A2275736572222C2270617373776F7264223A222432612431302475772E5178624744316F35412E446C6230786A6A4C754D356E734934376962746950446F74707437424462666D4162573654475375222C226E616D65223A22E596BBE8AEADE6B5A9222C22656E61626C6564223A6E756C6C2C226163636F756E744E6F6E45787069726564223A6E756C6C2C2263726564656E7469616C734E6F6E45787069726564223A6E756C6C2C226163636F756E744E6F6E4C6F636B6564223A6E756C6C2C22617574686F726974696573223A5B226A6176612E7574696C2E41727261794C697374222C5B5D5D7D2C2263726564656E7469616C73223A6E756C6C7D2C226F72672E737072696E676672616D65776F726B2E73656375726974792E6F61757468322E636F72652E656E64706F696E742E4F4175746832417574686F72697A6174696F6E52657175657374223A7B2240636C617373223A226F72672E737072696E676672616D65776F726B2E73656375726974792E6F61757468322E636F72652E656E64706F696E742E4F4175746832417574686F72697A6174696F6E52657175657374222C22617574686F72697A6174696F6E557269223A22687474703A2F2F6C6F63616C686F73743A393030302F6F61757468322F617574686F72697A65222C22617574686F72697A6174696F6E4772616E7454797065223A7B2276616C7565223A22617574686F72697A6174696F6E5F636F6465227D2C22726573706F6E736554797065223A7B2276616C7565223A22636F6465227D2C22636C69656E744964223A226F6964632D636C69656E74222C227265646972656374557269223A22687474703A2F2F7777772E62616964752E636F6D222C2273636F706573223A5B226A6176612E7574696C2E436F6C6C656374696F6E7324556E6D6F6469666961626C65536574222C5B226F70656E6964222C226D6573736167652E72656164225D5D2C227374617465223A6E756C6C2C226164646974696F6E616C506172616D6574657273223A7B2240636C617373223A226A6176612E7574696C2E436F6C6C656374696F6E7324556E6D6F6469666961626C654D6170222C22636F6E74696E7565223A22227D2C22617574686F72697A6174696F6E52657175657374557269223A22687474703A2F2F6C6F63616C686F73743A393030302F6F61757468322F617574686F72697A653F726573706F6E73655F747970653D636F646526636C69656E745F69643D6F6964632D636C69656E742673636F70653D6F70656E69642532306D6573736167652E726561642672656469726563745F7572693D687474703A2F2F7777772E62616964752E636F6D26636F6E74696E75653D222C2261747472696275746573223A7B2240636C617373223A226A6176612E7574696C2E436F6C6C656374696F6E7324556E6D6F6469666961626C654D6170227D7D7D, NULL, 0x5F79764F55656652333835374D47634568767647556C70376B3934584474684566514F7A376F6B4A4A49397846723767673156484E37367170772D385262303965713749797867367A7748765953314B6C34614547463846487851542D64745576466A6C5A78357634546A39627A2D6F613753583636456E7775614A4A347750, '2023-07-06 08:17:08', '2023-07-06 08:22:08', 0x7B2240636C617373223A226A6176612E7574696C2E436F6C6C656374696F6E7324556E6D6F6469666961626C654D6170222C226D657461646174612E746F6B656E2E696E76616C696461746564223A66616C73657D, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);

-- ----------------------------
-- Table structure for oauth2_authorization_consent
-- ----------------------------
DROP TABLE IF EXISTS `oauth2_authorization_consent`;
CREATE TABLE `oauth2_authorization_consent`  (
  `registered_client_id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `principal_name` varchar(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `authorities` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  PRIMARY KEY (`registered_client_id`, `principal_name`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci ROW_FORMAT = Dynamic;

-- ----------------------------
-- Records of oauth2_authorization_consent
-- ----------------------------

-- ----------------------------
-- Table structure for oauth2_authorized_client
-- ----------------------------
DROP TABLE IF EXISTS `oauth2_authorized_client`;
CREATE TABLE `oauth2_authorized_client`  (
  `client_registration_id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `principal_name` varchar(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `access_token_type` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `access_token_value` blob NOT NULL,
  `access_token_issued_at` timestamp(0) NOT NULL,
  `access_token_expires_at` timestamp(0) NOT NULL,
  `access_token_scopes` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
  `refresh_token_value` blob NULL,
  `refresh_token_issued_at` timestamp(0) NULL DEFAULT NULL,
  `created_at` timestamp(0) NOT NULL DEFAULT CURRENT_TIMESTAMP(0),
  PRIMARY KEY (`client_registration_id`, `principal_name`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci ROW_FORMAT = Dynamic;

-- ----------------------------
-- Records of oauth2_authorized_client
-- ----------------------------

-- ----------------------------
-- Table structure for oauth2_registered_client
-- ----------------------------
DROP TABLE IF EXISTS `oauth2_registered_client`;
CREATE TABLE `oauth2_registered_client`  (
  `id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `client_id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `client_id_issued_at` timestamp(0) NOT NULL DEFAULT CURRENT_TIMESTAMP(0),
  `client_secret` varchar(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
  `client_secret_expires_at` timestamp(0) NULL DEFAULT NULL,
  `client_name` varchar(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `client_authentication_methods` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `authorization_grant_types` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `redirect_uris` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
  `post_logout_redirect_uris` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
  `scopes` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `client_settings` varchar(2000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `token_settings` varchar(2000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci ROW_FORMAT = Dynamic;

-- ----------------------------
-- Records of oauth2_registered_client
-- ----------------------------
INSERT INTO `oauth2_registered_client` VALUES ('2c1a95f5-b4cd-49cd-884f-9e3a94c69e05', 'user-client', '2023-07-06 17:44:20', '$2a$10$HIatI0j2sqgPO5lSIuQH9.TxEGlrpBrI0ZD5MqwKOG6FMzwhlB7xa', NULL, '2c1a95f5-b4cd-49cd-884f-9e3a94c69e05', 'client_secret_post,client_secret_basic', 'refresh_token,client_credentials,authorization_code', 'http://www.baidu.com,http://localhost:9001/api/login/welcome,http://localhost:9001/login/oauth2/code/oidc-client', 'http://127.0.0.1:8080/', 'all,openid,profile,message.read,message.write', '{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.client.require-proof-key\":false,\"settings.client.require-authorization-consent\":false}', '{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.token.reuse-refresh-tokens\":true,\"settings.token.id-token-signature-algorithm\":[\"org.springframework.security.oauth2.jose.jws.SignatureAlgorithm\",\"RS256\"],\"settings.token.access-token-time-to-live\":[\"java.time.Duration\",3600.000000000],\"settings.token.access-token-format\":{\"@class\":\"org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat\",\"value\":\"self-contained\"},\"settings.token.refresh-token-time-to-live\":[\"java.time.Duration\",43200.000000000],\"settings.token.authorization-code-time-to-live\":[\"java.time.Duration\",300.000000000],\"settings.token.device-code-time-to-live\":[\"java.time.Duration\",300.000000000]}');
INSERT INTO `oauth2_registered_client` VALUES ('885e9d2a-794e-4019-8843-5675045c573e', 'oidc-client', '2023-07-06 17:44:20', '$2a$10$k50p3tJgk3B7d9DrAxYIfO37pVSVO574qEWYH.nq6FTEprHA4Esie', NULL, '885e9d2a-794e-4019-8843-5675045c573e', 'client_secret_basic', 'refresh_token,client_credentials,authorization_code', 'http://www.baidu.com,http://localhost:9001/api/login/welcome,http://localhost:9001/login/oauth2/code/oidc-client', 'http://127.0.0.1:8080/', 'all,openid,profile,message.read,message.write', '{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.client.require-proof-key\":false,\"settings.client.require-authorization-consent\":false}', '{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.token.reuse-refresh-tokens\":true,\"settings.token.id-token-signature-algorithm\":[\"org.springframework.security.oauth2.jose.jws.SignatureAlgorithm\",\"RS256\"],\"settings.token.access-token-time-to-live\":[\"java.time.Duration\",3600.000000000],\"settings.token.access-token-format\":{\"@class\":\"org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat\",\"value\":\"self-contained\"},\"settings.token.refresh-token-time-to-live\":[\"java.time.Duration\",43200.000000000],\"settings.token.authorization-code-time-to-live\":[\"java.time.Duration\",300.000000000],\"settings.token.device-code-time-to-live\":[\"java.time.Duration\",300.000000000]}');

-- ----------------------------
-- Table structure for sys_user
-- ----------------------------
DROP TABLE IF EXISTS `sys_user`;
CREATE TABLE `sys_user`  (
  `id` bigint(20) NOT NULL COMMENT '主键',
  `username` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '用户名',
  `name` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '姓名',
  `password` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '密码',
  `status` tinyint(4) NOT NULL COMMENT '状态',
  `create_time` datetime(0) NOT NULL COMMENT '创建时间',
  `create_user` bigint(20) NOT NULL COMMENT '创建人',
  `update_time` datetime(0) NOT NULL COMMENT '修改时间',
  `update_user` bigint(20) NOT NULL COMMENT '修改人',
  PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci ROW_FORMAT = Dynamic;

-- ----------------------------
-- Records of sys_user
-- ----------------------------
INSERT INTO `sys_user` VALUES (2, 'user', '用户', '$2a$10$uw.QxbGD1o5A.Dlb0xjjLuM5nsI47ibtiPDotpt7BDbfmAbW6TGSu', 0, '2023-06-27 18:26:23', 1, '2023-06-27 18:26:26', 1);

SET FOREIGN_KEY_CHECKS = 1;
DefaultSecurityConfig修改

之前的用户信息我们是基于内存配置的,现在我们基于mysql来做修改,注释掉之前的 UserDetailsService,并配置加密 PasswordEncoder,


    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
UserService配置

新增 UserService

@Slf4j
@Service
public class UserService implements UserDetailsService {

    @Resource
    private UserMapper userMapper;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        return userMapper.getByUsername(username);
    }
}

UserMapper

@Mapper
public interface UserMapper {

    @Select("select * from sys_user where username = #{username}")
    UserInfo getByUsername(@Param("username") String username);
}
异常处理

 新增异常处理handler

@Component
public class Oauth2FailureHandler implements AuthenticationFailureHandler {


    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
        String message;
        if (exception instanceof OAuth2AuthenticationException auth2AuthenticationException) {
            OAuth2Error error = auth2AuthenticationException.getError();
            message = "认证信息错误:" + error.getErrorCode() + error.getDescription();
        } else {
            message = exception.getMessage();
        }

        response.setContentType("application/json;charset=UTF-8");
        response.setStatus(HttpStatus.OK.value());
        response.getWriter().write(JSONObject.toJSONString(ReturnVO.failed(401, message)));
        response.getWriter().flush();

    }
}

将此handler配置到 SecurityFilterChain 中,修改 authorizationServerSecurityFilterChain

    @Bean
    @Order(1)
    public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
            throws Exception {
        //针对 Spring Authorization Server 最佳实践配置
        OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
        http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
                //设置客户端授权中失败的handler处理
                .clientAuthentication((auth) -> auth.errorResponseHandler(new Oauth2FailureHandler()))
                //token 相关配置 如  /oauth2/token接口
                .tokenEndpoint((token) -> token.errorResponseHandler(new Oauth2FailureHandler()))
                .oidc(Customizer.withDefaults());	// Enable OpenID Connect 1.0

        http.csrf(AbstractHttpConfigurer::disable)
                .exceptionHandling((exceptions) -> exceptions
                        .defaultAuthenticationEntryPointFor(
                                new LoginUrlAuthenticationEntryPoint("/login"),
                                new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
                          )
                )
                // Accept access tokens for User Info and/or Client Registration
                .oauth2ResourceServer((resourceServer) -> resourceServer
                        .jwt(Customizer.withDefaults()));

        return http.build();
    }
测试

重复上面的访问授权服务步骤,登录后控制台发现已经调用了后端的查询用户方法

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)

同时,数据库里面授权数据也有了

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)

拿着code去换token

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)

根据刷新码 refresh_token 换token

上面返回了 refresh_token, 我们这边根据他去换 新的token,

传参:

     Body参数如下:

  • grant_type:refresh_token
  • refresh_token:上面返回的值

     Header参数如下:

  •  Authorization:和上面一样是base64加密过后的

curl命令

 curl --location --request POST 'http://localhost:9000/oauth2/token?grant_type=refresh_token&refresh_token=O-ufrbFjv51U0PfxCk0v64c6Qk7D9cFXcI5klMSk8I2S8_wOXueiVJhpezzR5wnLzZ1BrPcZHOKwqDwCmD3aAresxN-QLC5p97Nck0Vcg72i6uJVQ748HBIen1GUMBRj' \
--header 'Authorization: Basic b2lkYy1jbGllbnQ6c2VjcmV0' \
--header 'Cookie: JSESSIONID=8391DF634525DC2508AD30D2322E2A5B'

返回信息如下: 

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)

自定义用户信息

有这么两种方式,

1、自定义 ID 令牌

2、自定义用户信息映射器

两种本质其实都是将用户信息放到 token中的 claims中

我这边选择了第二种,改造过程如下

userService新增方法
 public Map<String, Object> getUserInfoMap(String username) throws UsernameNotFoundException {
        return userMapper.getUserInfoMap(username);
    }
定义用户信息格式返回handler

定义一个handler返回一些其他信息

@Component
public class Oauth2SuccessHandler implements AuthenticationSuccessHandler {

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {

        OidcUserInfoAuthenticationToken userInfoAuthenticationToken = (OidcUserInfoAuthenticationToken) authentication;

        response.setContentType("application/json;charset=UTF-8");
        response.setStatus(HttpStatus.OK.value());
        response.getWriter().write(JSONObject.toJSONString(ReturnVO.success(userInfoAuthenticationToken.getUserInfo())));
        response.getWriter().flush();
    }
}
SecurityFilterChain改造

新增自定义用户信息映射器,并配置到过滤器链中,改造后的如下

 @Bean
    @Order(1)
    public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
            throws Exception {
        //针对 Spring Authorization Server 最佳实践配置
        OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);

        //自定义用户映射器
        Function<OidcUserInfoAuthenticationContext, OidcUserInfo> userInfoMapper = (context) -> {
            OidcUserInfoAuthenticationToken authentication = context.getAuthentication();
            JwtAuthenticationToken principal = (JwtAuthenticationToken) authentication.getPrincipal();
            return new OidcUserInfo(userService.getUserInfoMap(principal.getName()));
        };

        http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
                //设置客户端授权中失败的handler处理
                .clientAuthentication((auth) ->
                        auth.errorResponseHandler(new Oauth2FailureHandler()))
                //token 相关配置 如  /oauth2/token接口
                .tokenEndpoint((token) -> token.errorResponseHandler(new Oauth2FailureHandler()))
                // Enable OpenID Connect 1.0, 包括用户信息等
                //.oidc(Customizer.withDefaults());
                .oidc((oidc) -> {
                    oidc.userInfoEndpoint((userInfo) -> {
                                userInfo.userInfoMapper(userInfoMapper);
                                userInfo.userInfoResponseHandler(new Oauth2SuccessHandler());
                            }
                    );
                });
        http.csrf(AbstractHttpConfigurer::disable)
                .exceptionHandling((exceptions) -> exceptions
                        .defaultAuthenticationEntryPointFor(
                                new LoginUrlAuthenticationEntryPoint("/login"),
                                new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
                        )
                )
                // Accept access tokens for User Info and/or Client Registration
                .oauth2ResourceServer((resourceServer) -> resourceServer
                        .jwt(Customizer.withDefaults()));

        return http.build();
    }
测试

启动后,重新走登录及获取用户信息流程,发现返回的结构如下,信息已经成功从库中查出并返回

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)

 

 auth-client客户端添加

增加一个 client模块,结构如下

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)

 配置

POM

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-oauth2-client</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
</dependencies>

配置文件

打开了 trace的日志,方便监控,端口设置为9001

注意:下面的 issuer-uri 为 auth-server的uri,这里我把他设置为了局域网ip,而不是localhost,因为 oauth2默认的如果是同一域名,会导致会话的session替换掉,而导致 authorization_request_not_found 错误。

server:
  port: 9001

logging:
  level:
    root: INFO
    org.springframework.web: debug
    org.springframework.security: debug
    org.springframework.security.oauth2: debug

    org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping: trace
    org.springframework.security.web.FilterChainProxy: trace # 过滤器执行顺序
    org.springframework.security.web.access.ExceptionTranslationFilter: trace #异常处理

spring:
  security:
    oauth2:
      client:
        provider:
          test-provider1:
            issuer-uri: http://192.168.1.125:9000
        registration:
          oidc-client:
            client-id: oidc-client
            client-secret: secret
            client-name: 测试客户端
            provider: test-provider1
            redirect-uri: '{baseUrl}/{action}/oauth2/code/{registrationId}'
            authorization-grant-type: authorization_code
            scope:
              - openid
              - profile
              - all
 controller

加了一个 controller来做默认的客户端首页。

@RestController
@RequestMapping
public class IndexController {

    @GetMapping("")
    public String welcome() {
        return "<h1>index!</h1>";
    }
}
测试

启动客户端,网页输入客户端地址  http://localhost:9001/

会默认跳转到服务端的授权页,输入密码登录后,回调到了首页

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)

控制台

控制台打印,想深入研究的可以去对应的类里面去

client

D:\dev\jdk17\bin\java.exe -agentlib:jdwp=transport=dt_socket,address=127.0.0.1:63809,suspend=y,server=n -XX:TieredStopAtLevel=1 -Dspring.output.ansi.enabled=always -Dcom.sun.management.jmxremote -Dspring.jmx.enabled=true -Dspring.liveBeansView.mbeanDomain -Dspring.application.admin.enabled=true "-Dmanagement.endpoints.jmx.exposure.include=*" -javaagent:C:\Users\yuxunhao\AppData\Local\JetBrains\IntelliJIdea2023.1\captureAgent\debugger-agent.jar=file:/C:/Users/yuxunhao/AppData/Local/Temp/capture.props -Dfile.encoding=UTF-8 -classpath "D:\code\cloud-alibaba\auth\auth-client\target\classes;D:\maven_repository\org\springframework\boot\spring-boot-starter-oauth2-client\3.1.0\spring-boot-starter-oauth2-client-3.1.0.jar;D:\maven_repository\org\springframework\security\spring-security-config\6.1.0\spring-security-config-6.1.0.jar;D:\maven_repository\org\springframework\spring-aop\6.0.9\spring-aop-6.0.9.jar;D:\maven_repository\org\springframework\spring-beans\6.0.9\spring-beans-6.0.9.jar;D:\maven_repository\org\springframework\spring-context\6.0.9\spring-context-6.0.9.jar;D:\maven_repository\org\springframework\security\spring-security-core\6.1.0\spring-security-core-6.1.0.jar;D:\maven_repository\org\springframework\security\spring-security-crypto\6.1.0\spring-security-crypto-6.1.0.jar;D:\maven_repository\org\springframework\spring-expression\6.0.9\spring-expression-6.0.9.jar;D:\maven_repository\io\micrometer\micrometer-observation\1.11.0\micrometer-observation-1.11.0.jar;D:\maven_repository\io\micrometer\micrometer-commons\1.11.0\micrometer-commons-1.11.0.jar;D:\maven_repository\org\springframework\security\spring-security-oauth2-client\6.1.0\spring-security-oauth2-client-6.1.0.jar;D:\maven_repository\org\springframework\security\spring-security-oauth2-core\6.1.0\spring-security-oauth2-core-6.1.0.jar;D:\maven_repository\org\springframework\security\spring-security-web\6.1.0\spring-security-web-6.1.0.jar;D:\maven_repository\com\nimbusds\oauth2-oidc-sdk\9.43.2\oauth2-oidc-sdk-9.43.2.jar;D:\maven_repository\com\github\stephenc\jcip\jcip-annotations\1.0-1\jcip-annotations-1.0-1.jar;D:\maven_repository\com\nimbusds\content-type\2.2\content-type-2.2.jar;D:\maven_repository\net\minidev\json-smart\2.4.10\json-smart-2.4.10.jar;D:\maven_repository\net\minidev\accessors-smart\2.4.9\accessors-smart-2.4.9.jar;D:\maven_repository\org\ow2\asm\asm\9.3\asm-9.3.jar;D:\maven_repository\com\nimbusds\lang-tag\1.7\lang-tag-1.7.jar;D:\maven_repository\org\springframework\security\spring-security-oauth2-jose\6.1.0\spring-security-oauth2-jose-6.1.0.jar;D:\maven_repository\com\nimbusds\nimbus-jose-jwt\9.31\nimbus-jose-jwt-9.31.jar;D:\maven_repository\org\springframework\boot\spring-boot-starter-web\3.1.0\spring-boot-starter-web-3.1.0.jar;D:\maven_repository\org\springframework\boot\spring-boot-starter-json\3.1.0\spring-boot-starter-json-3.1.0.jar;D:\maven_repository\com\fasterxml\jackson\core\jackson-databind\2.15.0\jackson-databind-2.15.0.jar;D:\maven_repository\com\fasterxml\jackson\core\jackson-annotations\2.15.0\jackson-annotations-2.15.0.jar;D:\maven_repository\com\fasterxml\jackson\core\jackson-core\2.15.0\jackson-core-2.15.0.jar;D:\maven_repository\com\fasterxml\jackson\datatype\jackson-datatype-jdk8\2.15.0\jackson-datatype-jdk8-2.15.0.jar;D:\maven_repository\com\fasterxml\jackson\datatype\jackson-datatype-jsr310\2.15.0\jackson-datatype-jsr310-2.15.0.jar;D:\maven_repository\com\fasterxml\jackson\module\jackson-module-parameter-names\2.15.0\jackson-module-parameter-names-2.15.0.jar;D:\maven_repository\org\springframework\boot\spring-boot-starter-tomcat\3.1.0\spring-boot-starter-tomcat-3.1.0.jar;D:\maven_repository\org\apache\tomcat\embed\tomcat-embed-core\10.1.8\tomcat-embed-core-10.1.8.jar;D:\maven_repository\org\apache\tomcat\embed\tomcat-embed-el\10.1.8\tomcat-embed-el-10.1.8.jar;D:\maven_repository\org\apache\tomcat\embed\tomcat-embed-websocket\10.1.8\tomcat-embed-websocket-10.1.8.jar;D:\maven_repository\org\springframework\spring-web\6.0.9\spring-web-6.0.9.jar;D:\maven_repository\org\springframework\spring-webmvc\6.0.9\spring-webmvc-6.0.9.jar;D:\maven_repository\org\springframework\boot\spring-boot-starter\3.1.0\spring-boot-starter-3.1.0.jar;D:\maven_repository\org\springframework\boot\spring-boot\3.1.0\spring-boot-3.1.0.jar;D:\maven_repository\org\springframework\boot\spring-boot-autoconfigure\3.1.0\spring-boot-autoconfigure-3.1.0.jar;D:\maven_repository\org\springframework\boot\spring-boot-starter-logging\3.1.0\spring-boot-starter-logging-3.1.0.jar;D:\maven_repository\ch\qos\logback\logback-classic\1.4.7\logback-classic-1.4.7.jar;D:\maven_repository\ch\qos\logback\logback-core\1.4.7\logback-core-1.4.7.jar;D:\maven_repository\org\slf4j\slf4j-api\2.0.7\slf4j-api-2.0.7.jar;D:\maven_repository\org\apache\logging\log4j\log4j-to-slf4j\2.20.0\log4j-to-slf4j-2.20.0.jar;D:\maven_repository\org\apache\logging\log4j\log4j-api\2.20.0\log4j-api-2.20.0.jar;D:\maven_repository\org\slf4j\jul-to-slf4j\2.0.7\jul-to-slf4j-2.0.7.jar;D:\maven_repository\jakarta\annotation\jakarta.annotation-api\2.1.1\jakarta.annotation-api-2.1.1.jar;D:\maven_repository\org\springframework\spring-core\6.0.9\spring-core-6.0.9.jar;D:\maven_repository\org\springframework\spring-jcl\6.0.9\spring-jcl-6.0.9.jar;D:\maven_repository\org\yaml\snakeyaml\1.33\snakeyaml-1.33.jar;D:\dev\IntelliJ IDEA 2023.1.1\lib\idea_rt.jar" com.sy.authclient.AuthClientApplication
Connected to the target VM, address: '127.0.0.1:63809', transport: 'socket'

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::                (v3.1.0)

2023-06-25T18:09:18.148+08:00  INFO 5712 --- [           main] c.sy.authclient.AuthClientApplication    : Starting AuthClientApplication using Java 17.0.6 with PID 5712 (D:\code\cloud-alibaba\auth\auth-client\target\classes started by yuxunhao in D:\code\cloud-alibaba)
2023-06-25T18:09:18.152+08:00  INFO 5712 --- [           main] c.sy.authclient.AuthClientApplication    : No active profile set, falling back to 1 default profile: "default"
2023-06-25T18:09:18.715+08:00  INFO 5712 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 9001 (http)
2023-06-25T18:09:18.723+08:00  INFO 5712 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2023-06-25T18:09:18.723+08:00  INFO 5712 --- [           main] o.apache.catalina.core.StandardEngine    : Starting Servlet engine: [Apache Tomcat/10.1.8]
2023-06-25T18:09:18.779+08:00  INFO 5712 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2023-06-25T18:09:18.779+08:00  INFO 5712 --- [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 591 ms
2023-06-25T18:09:18.876+08:00 DEBUG 5712 --- [           main] o.s.web.client.RestTemplate              : HTTP GET http://192.168.1.125:9000/.well-known/openid-configuration
2023-06-25T18:09:18.886+08:00 DEBUG 5712 --- [           main] o.s.web.client.RestTemplate              : Accept=[application/json, application/*+json]
2023-06-25T18:09:18.894+08:00 DEBUG 5712 --- [           main] o.s.web.client.RestTemplate              : Response 200 OK
2023-06-25T18:09:18.895+08:00 DEBUG 5712 --- [           main] o.s.web.client.RestTemplate              : Reading to [java.util.Map<java.lang.String, java.lang.Object>]
2023-06-25T18:09:18.938+08:00 DEBUG 5712 --- [           main] swordEncoderAuthenticationManagerBuilder : No authenticationProviders and no parentAuthenticationManager defined. Returning null.
2023-06-25T18:09:18.995+08:00 DEBUG 5712 --- [           main] s.w.s.m.m.a.RequestMappingHandlerMapping : 5 mappings in 'requestMappingHandlerMapping'
2023-06-25T18:09:19.029+08:00 DEBUG 5712 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Patterns [/webjars/**, /**] in 'resourceHandlerMapping'
2023-06-25T18:09:19.080+08:00  INFO 5712 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Will secure any request with [org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]
2023-06-25T18:09:19.083+08:00  WARN 5712 --- [           main] o.s.s.c.a.web.builders.WebSecurity       : You are asking Spring Security to ignore Mvc [pattern='/webjars/**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.
2023-06-25T18:09:19.083+08:00  INFO 5712 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Will not secure Mvc [pattern='/webjars/**']
2023-06-25T18:09:19.084+08:00  WARN 5712 --- [           main] o.s.s.c.a.web.builders.WebSecurity       : You are asking Spring Security to ignore Mvc [pattern='/assets/**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.
2023-06-25T18:09:19.084+08:00  INFO 5712 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Will not secure Mvc [pattern='/assets/**']
2023-06-25T18:09:19.116+08:00 DEBUG 5712 --- [           main] s.w.s.m.m.a.RequestMappingHandlerAdapter : ControllerAdvice beans: 0 @ModelAttribute, 0 @InitBinder, 1 RequestBodyAdvice, 1 ResponseBodyAdvice
2023-06-25T18:09:19.137+08:00 DEBUG 5712 --- [           main] .m.m.a.ExceptionHandlerExceptionResolver : ControllerAdvice beans: 0 @ExceptionHandler, 1 ResponseBodyAdvice
2023-06-25T18:09:19.186+08:00  INFO 5712 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 9001 (http) with context path ''
2023-06-25T18:09:19.192+08:00  INFO 5712 --- [           main] c.sy.authclient.AuthClientApplication    : Started AuthClientApplication in 1.347 seconds (process running for 1.747)
2023-06-25T18:09:26.836+08:00  INFO 5712 --- [nio-9001-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring DispatcherServlet 'dispatcherServlet'
2023-06-25T18:09:26.836+08:00  INFO 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'
2023-06-25T18:09:26.836+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Detected StandardServletMultipartResolver
2023-06-25T18:09:26.836+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Detected AcceptHeaderLocaleResolver
2023-06-25T18:09:26.836+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Detected FixedThemeResolver
2023-06-25T18:09:26.837+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Detected org.springframework.web.servlet.view.DefaultRequestToViewNameTranslator@658d05b2
2023-06-25T18:09:26.837+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Detected org.springframework.web.servlet.support.SessionFlashMapManager@4258ed3f
2023-06-25T18:09:26.837+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : enableLoggingRequestDetails='false': request parameters and headers will be masked to prevent unsafe logging of potentially sensitive data
2023-06-25T18:09:26.837+08:00  INFO 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Completed initialization in 1 ms
2023-06-25T18:09:26.843+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3)
2023-06-25T18:09:26.848+08:00 DEBUG 5712 --- [nio-9001-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:09:26.848+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3)
2023-06-25T18:09:26.848+08:00 DEBUG 5712 --- [nio-9001-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:09:26.848+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3)
2023-06-25T18:09:26.850+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Securing GET /api/login/welcome
2023-06-25T18:09:26.850+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/17)
2023-06-25T18:09:26.851+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/17)
2023-06-25T18:09:26.852+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/17)
2023-06-25T18:09:26.852+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/17)
2023-06-25T18:09:26.853+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/17)
2023-06-25T18:09:26.854+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/17)
2023-06-25T18:09:26.854+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17)
2023-06-25T18:09:30.948+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (8/17)
2023-06-25T18:09:31.636+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking OAuth2LoginAuthenticationFilter (9/17)
2023-06-25T18:09:31.636+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking DefaultLoginPageGeneratingFilter (10/17)
2023-06-25T18:09:31.637+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking DefaultLogoutPageGeneratingFilter (11/17)
2023-06-25T18:09:31.637+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (12/17)
2023-06-25T18:09:31.637+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (13/17)
2023-06-25T18:09:31.638+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking AnonymousAuthenticationFilter (14/17)
2023-06-25T18:09:31.639+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationCodeGrantFilter (15/17)
2023-06-25T18:09:32.315+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (16/17)
2023-06-25T18:09:32.316+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking AuthorizationFilter (17/17)
2023-06-25T18:09:32.317+08:00 DEBUG 5712 --- [nio-9001-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:09:32.317+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter  : Set SecurityContextHolder to anonymous SecurityContext
2023-06-25T18:09:32.940+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.s.w.a.ExceptionTranslationFilter     : Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied

org.springframework.security.access.AccessDeniedException: Access Denied
	at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:98) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter.doFilterInternal(OAuth2AuthorizationCodeGrantFilter.java:183) ~[spring-security-oauth2-client-6.1.0.jar:6.1.0]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter.doFilterInternal(DefaultLogoutPageGeneratingFilter.java:58) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:188) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:174) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.doFilterInternal(OAuth2AuthorizationRequestRedirectFilter.java:181) ~[spring-security-oauth2-client-6.1.0.jar:6.1.0]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.doFilterInternal(OAuth2AuthorizationRequestRedirectFilter.java:181) ~[spring-security-oauth2-client-6.1.0.jar:6.1.0]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352) ~[spring-web-6.0.9.jar:6.0.9]
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268) ~[spring-web-6.0.9.jar:6.0.9]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-6.0.9.jar:6.0.9]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-6.0.9.jar:6.0.9]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-6.0.9.jar:6.0.9]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:166) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:894) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1741) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at java.base/java.lang.Thread.run(Thread.java:833) ~[na:na]

2023-06-25T18:09:32.969+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.s.w.s.HttpSessionRequestCache        : Saved request http://localhost:9001/api/login/welcome?continue to session
2023-06-25T18:09:32.971+08:00 DEBUG 5712 --- [nio-9001-exec-1] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using And [Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], Not [And [Or [Ant [pattern='/login'], Ant [pattern='/favicon.ico']], And [Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@2793808, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]]]], org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer$$Lambda$809/0x000000080103adb8@4af06c88]
2023-06-25T18:09:32.971+08:00 DEBUG 5712 --- [nio-9001-exec-1] s.w.a.DelegatingAuthenticationEntryPoint : Match found! Executing org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint@1a1cb815
2023-06-25T18:09:32.971+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.s.web.DefaultRedirectStrategy        : Redirecting to http://localhost:9001/oauth2/authorization/oidc-client
2023-06-25T18:09:32.977+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3)
2023-06-25T18:09:32.979+08:00 DEBUG 5712 --- [nio-9001-exec-2] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped to ResourceHttpRequestHandler [classpath [META-INF/resources/], classpath [resources/], classpath [static/], classpath [public/], ServletContext [/]]
2023-06-25T18:09:32.980+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3)
2023-06-25T18:09:32.980+08:00 DEBUG 5712 --- [nio-9001-exec-2] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped to ResourceHttpRequestHandler [classpath [META-INF/resources/], classpath [resources/], classpath [static/], classpath [public/], ServletContext [/]]
2023-06-25T18:09:32.980+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3)
2023-06-25T18:09:32.980+08:00 DEBUG 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Securing GET /oauth2/authorization/oidc-client
2023-06-25T18:09:32.980+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/17)
2023-06-25T18:09:32.980+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/17)
2023-06-25T18:09:32.980+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/17)
2023-06-25T18:09:32.980+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/17)
2023-06-25T18:09:32.981+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/17)
2023-06-25T18:09:32.981+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/17)
2023-06-25T18:09:32.981+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17)
2023-06-25T18:09:35.475+08:00 DEBUG 5712 --- [nio-9001-exec-2] o.s.s.web.DefaultRedirectStrategy        : Redirecting to http://192.168.1.125:9000/oauth2/authorize?response_type=code&client_id=oidc-client&scope=openid%20profile%20all&state=TU46I58jnaXR0IdX4mGacIZkMOXfywv7o9-GNmQ12oI%3D&redirect_uri=http://localhost:9001/login/oauth2/code/oidc-client&nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8
2023-06-25T18:09:36.481+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3)
2023-06-25T18:09:36.482+08:00 DEBUG 5712 --- [nio-9001-exec-3] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.IndexController#welcome(String, String, String)
2023-06-25T18:09:36.482+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3)
2023-06-25T18:09:36.482+08:00 DEBUG 5712 --- [nio-9001-exec-3] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.IndexController#welcome(String, String, String)
2023-06-25T18:09:36.482+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3)
2023-06-25T18:09:36.482+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Securing GET /login/oauth2/code/oidc-client?code=mFkDdqxcVtO8TzDcFFMgex4kxlMzQsX3epjmJp-cMQRc2JzkEK18cY6pFHUMiDuCHjAcqFcjfwztaCrRWL6FBt1nxrrk6l1O8Xa9Iej6hMzrXWVPAth--DMFXvwVgApK&state=TU46I58jnaXR0IdX4mGacIZkMOXfywv7o9-GNmQ12oI%3D
2023-06-25T18:09:36.482+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/17)
2023-06-25T18:09:36.482+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/17)
2023-06-25T18:09:36.483+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/17)
2023-06-25T18:09:36.483+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/17)
2023-06-25T18:09:36.483+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/17)
2023-06-25T18:09:36.483+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/17)
2023-06-25T18:09:36.483+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17)
2023-06-25T18:09:37.261+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (8/17)
2023-06-25T18:09:38.059+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking OAuth2LoginAuthenticationFilter (9/17)
2023-06-25T18:09:44.576+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : HTTP POST http://192.168.1.125:9000/oauth2/token
2023-06-25T18:09:44.577+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Accept=[application/json, application/*+json]
2023-06-25T18:09:44.577+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Writing [{grant_type=[authorization_code], code=[mFkDdqxcVtO8TzDcFFMgex4kxlMzQsX3epjmJp-cMQRc2JzkEK18cY6pFHUMiDuCHjAcqFcjfwztaCrRWL6FBt1nxrrk6l1O8Xa9Iej6hMzrXWVPAth--DMFXvwVgApK], redirect_uri=[http://localhost:9001/login/oauth2/code/oidc-client]}] as "application/x-www-form-urlencoded;charset=UTF-8"
2023-06-25T18:09:48.353+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Response 200 OK
2023-06-25T18:09:48.354+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Reading to [org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse] as "application/json;charset=UTF-8"
2023-06-25T18:09:48.393+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : HTTP GET http://192.168.1.125:9000/oauth2/jwks
2023-06-25T18:09:48.393+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Accept=[text/plain, application/json, application/*+json, */*]
2023-06-25T18:09:48.397+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Response 200 OK
2023-06-25T18:09:48.397+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Reading to [java.lang.String] as "application/json;charset=ISO-8859-1"
2023-06-25T18:09:48.415+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : HTTP GET http://192.168.1.125:9000/userinfo
2023-06-25T18:09:48.415+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Accept=[application/json, application/*+json]
2023-06-25T18:09:52.253+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Response 200 OK
2023-06-25T18:09:52.254+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Reading to [java.util.Map<java.lang.String, java.lang.Object>]
2023-06-25T18:09:52.268+08:00 DEBUG 5712 --- [nio-9001-exec-3] .s.ChangeSessionIdAuthenticationStrategy : Changed session id from F5FB786C57F37610E3A9671AB47DAE23
2023-06-25T18:09:52.269+08:00 DEBUG 5712 --- [nio-9001-exec-3] w.c.HttpSessionSecurityContextRepository : Stored SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=Name: [user], Granted Authorities: [[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=user, aud=[oidc-client], azp=oidc-client, auth_time=2023-06-25T09:50:36Z, iss=http://192.168.1.125:9000, exp=2023-06-25T10:39:48Z, iat=2023-06-25T10:09:48Z, nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8, sid=7TkynZgAwHYhWeEnl4soX232xgREd1FFcPagGUIc5cc}], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=F5FB786C57F37610E3A9671AB47DAE23], Granted Authorities=[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]]] to HttpSession [org.apache.catalina.session.StandardSessionFacade@3e9daaba]
2023-06-25T18:09:52.269+08:00 DEBUG 5712 --- [nio-9001-exec-3] .s.o.c.w.OAuth2LoginAuthenticationFilter : Set SecurityContextHolder to OAuth2AuthenticationToken [Principal=Name: [user], Granted Authorities: [[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=user, aud=[oidc-client], azp=oidc-client, auth_time=2023-06-25T09:50:36Z, iss=http://192.168.1.125:9000, exp=2023-06-25T10:39:48Z, iat=2023-06-25T10:09:48Z, nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8, sid=7TkynZgAwHYhWeEnl4soX232xgREd1FFcPagGUIc5cc}], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=F5FB786C57F37610E3A9671AB47DAE23], Granted Authorities=[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]]
2023-06-25T18:09:52.269+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.s.web.DefaultRedirectStrategy        : Redirecting to http://localhost:9001/api/login/welcome?continue
2023-06-25T18:09:52.276+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3)
2023-06-25T18:09:52.277+08:00 DEBUG 5712 --- [nio-9001-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:09:52.277+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3)
2023-06-25T18:09:52.277+08:00 DEBUG 5712 --- [nio-9001-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3)
2023-06-25T18:09:52.278+08:00 DEBUG 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Securing GET /api/login/welcome?continue
2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/17)
2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/17)
2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/17)
2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/17)
2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/17)
2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/17)
2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17)
2023-06-25T18:10:00.651+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (8/17)
2023-06-25T18:10:01.613+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking OAuth2LoginAuthenticationFilter (9/17)
2023-06-25T18:10:01.613+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking DefaultLoginPageGeneratingFilter (10/17)
2023-06-25T18:10:01.614+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking DefaultLogoutPageGeneratingFilter (11/17)
2023-06-25T18:10:01.614+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (12/17)
2023-06-25T18:10:01.614+08:00 DEBUG 5712 --- [nio-9001-exec-4] o.s.s.w.s.HttpSessionRequestCache        : Loaded matching saved request http://localhost:9001/api/login/welcome?continue
2023-06-25T18:10:01.615+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (13/17)
2023-06-25T18:10:01.615+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking AnonymousAuthenticationFilter (14/17)
2023-06-25T18:10:01.615+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationCodeGrantFilter (15/17)
2023-06-25T18:10:02.644+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (16/17)
2023-06-25T18:10:02.644+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking AuthorizationFilter (17/17)
2023-06-25T18:10:02.645+08:00 DEBUG 5712 --- [nio-9001-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:10:02.645+08:00 DEBUG 5712 --- [nio-9001-exec-4] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=Name: [user], Granted Authorities: [[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=user, aud=[oidc-client], azp=oidc-client, auth_time=2023-06-25T09:50:36Z, iss=http://192.168.1.125:9000, exp=2023-06-25T10:39:48Z, iat=2023-06-25T10:09:48Z, nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8, sid=7TkynZgAwHYhWeEnl4soX232xgREd1FFcPagGUIc5cc}], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=F5FB786C57F37610E3A9671AB47DAE23], Granted Authorities=[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]]]
2023-06-25T18:10:04.181+08:00 DEBUG 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Secured GET /api/login/welcome?continue
2023-06-25T18:10:04.183+08:00 DEBUG 5712 --- [nio-9001-exec-4] o.s.web.servlet.DispatcherServlet        : GET "/api/login/welcome?continue", parameters={masked}
2023-06-25T18:10:04.183+08:00 DEBUG 5712 --- [nio-9001-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:10:04.196+08:00 DEBUG 5712 --- [nio-9001-exec-4] m.m.a.RequestResponseBodyMethodProcessor : Using 'text/html', given [text/html, application/xhtml+xml, image/webp, image/apng, application/xml;q=0.9, */*;q=0.8, application/signed-exchange;v=b3;q=0.7] and supported [text/plain, */*, application/json, application/*+json]
2023-06-25T18:10:04.197+08:00 DEBUG 5712 --- [nio-9001-exec-4] m.m.a.RequestResponseBodyMethodProcessor : Writing ["<h1>Welcome!</h1>"]
2023-06-25T18:10:04.199+08:00 DEBUG 5712 --- [nio-9001-exec-4] o.s.web.servlet.DispatcherServlet        : Completed 200 OK
2023-06-25T18:15:58.455+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3)
2023-06-25T18:15:58.455+08:00 DEBUG 5712 --- [nio-9001-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:15:58.455+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3)
2023-06-25T18:15:58.455+08:00 DEBUG 5712 --- [nio-9001-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3)
2023-06-25T18:15:58.456+08:00 DEBUG 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Securing GET /api/login/welcome?continue
2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/17)
2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/17)
2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/17)
2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/17)
2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/17)
2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/17)
2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17)
2023-06-25T18:16:03.860+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (8/17)
2023-06-25T18:16:04.596+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking OAuth2LoginAuthenticationFilter (9/17)
2023-06-25T18:16:04.596+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking DefaultLoginPageGeneratingFilter (10/17)
2023-06-25T18:16:04.597+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking DefaultLogoutPageGeneratingFilter (11/17)
2023-06-25T18:16:04.597+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (12/17)
2023-06-25T18:16:04.597+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (13/17)
2023-06-25T18:16:04.597+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking AnonymousAuthenticationFilter (14/17)
2023-06-25T18:16:04.597+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationCodeGrantFilter (15/17)
2023-06-25T18:16:05.355+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (16/17)
2023-06-25T18:16:05.355+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking AuthorizationFilter (17/17)
2023-06-25T18:16:05.355+08:00 DEBUG 5712 --- [nio-9001-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:16:05.357+08:00 DEBUG 5712 --- [nio-9001-exec-7] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=Name: [user], Granted Authorities: [[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=user, aud=[oidc-client], azp=oidc-client, auth_time=2023-06-25T09:50:36Z, iss=http://192.168.1.125:9000, exp=2023-06-25T10:39:48Z, iat=2023-06-25T10:09:48Z, nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8, sid=7TkynZgAwHYhWeEnl4soX232xgREd1FFcPagGUIc5cc}], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=F5FB786C57F37610E3A9671AB47DAE23], Granted Authorities=[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]]]
2023-06-25T18:16:06.043+08:00 DEBUG 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Secured GET /api/login/welcome?continue
2023-06-25T18:16:06.043+08:00 DEBUG 5712 --- [nio-9001-exec-7] o.s.web.servlet.DispatcherServlet        : GET "/api/login/welcome?continue", parameters={masked}
2023-06-25T18:16:06.043+08:00 DEBUG 5712 --- [nio-9001-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:16:06.045+08:00 DEBUG 5712 --- [nio-9001-exec-7] m.m.a.RequestResponseBodyMethodProcessor : Using 'text/html', given [text/html, application/xhtml+xml, image/webp, image/apng, application/xml;q=0.9, */*;q=0.8, application/signed-exchange;v=b3;q=0.7] and supported [text/plain, */*, application/json, application/*+json]
2023-06-25T18:16:06.045+08:00 DEBUG 5712 --- [nio-9001-exec-7] m.m.a.RequestResponseBodyMethodProcessor : Writing ["<h1>Welcome!</h1>"]
2023-06-25T18:16:06.045+08:00 DEBUG 5712 --- [nio-9001-exec-7] o.s.web.servlet.DispatcherServlet        : Completed 200 OK
2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3)
2023-06-25T18:16:17.363+08:00 DEBUG 5712 --- [nio-9001-exec-8] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3)
2023-06-25T18:16:17.363+08:00 DEBUG 5712 --- [nio-9001-exec-8] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3)
2023-06-25T18:16:17.363+08:00 DEBUG 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Securing GET /api/login/welcome?continue
2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/17)
2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/17)
2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/17)
2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/17)
2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/17)
2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/17)
2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17)
2023-06-25T18:16:22.300+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (8/17)
2023-06-25T18:16:30.632+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking OAuth2LoginAuthenticationFilter (9/17)
2023-06-25T18:16:30.633+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking DefaultLoginPageGeneratingFilter (10/17)
2023-06-25T18:16:30.634+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking DefaultLogoutPageGeneratingFilter (11/17)
2023-06-25T18:16:30.635+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (12/17)
2023-06-25T18:16:30.636+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (13/17)
2023-06-25T18:16:30.636+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking AnonymousAuthenticationFilter (14/17)
2023-06-25T18:16:30.636+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationCodeGrantFilter (15/17)
2023-06-25T18:18:28.978+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (16/17)
2023-06-25T18:18:28.978+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking AuthorizationFilter (17/17)
2023-06-25T18:18:28.979+08:00 DEBUG 5712 --- [nio-9001-exec-8] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:18:28.979+08:00 DEBUG 5712 --- [nio-9001-exec-8] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=Name: [user], Granted Authorities: [[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=user, aud=[oidc-client], azp=oidc-client, auth_time=2023-06-25T09:50:36Z, iss=http://192.168.1.125:9000, exp=2023-06-25T10:39:48Z, iat=2023-06-25T10:09:48Z, nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8, sid=7TkynZgAwHYhWeEnl4soX232xgREd1FFcPagGUIc5cc}], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=F5FB786C57F37610E3A9671AB47DAE23], Granted Authorities=[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]]]
2023-06-25T18:18:30.125+08:00 DEBUG 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Secured GET /api/login/welcome?continue
2023-06-25T18:18:30.126+08:00 DEBUG 5712 --- [nio-9001-exec-8] o.s.web.servlet.DispatcherServlet        : GET "/api/login/welcome?continue", parameters={masked}
2023-06-25T18:18:30.127+08:00 DEBUG 5712 --- [nio-9001-exec-8] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:18:30.130+08:00 DEBUG 5712 --- [nio-9001-exec-8] m.m.a.RequestResponseBodyMethodProcessor : Using 'text/html', given [text/html, application/xhtml+xml, image/webp, image/apng, application/xml;q=0.9, */*;q=0.8, application/signed-exchange;v=b3;q=0.7] and supported [text/plain, */*, application/json, application/*+json]
2023-06-25T18:18:30.131+08:00 DEBUG 5712 --- [nio-9001-exec-8] m.m.a.RequestResponseBodyMethodProcessor : Writing ["<h1>Welcome!</h1>"]
2023-06-25T18:18:30.132+08:00 DEBUG 5712 --- [nio-9001-exec-8] o.s.web.servlet.DispatcherServlet        : Completed 200 OK
2023-06-25T18:18:46.973+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3)
2023-06-25T18:18:46.974+08:00 DEBUG 5712 --- [io-9001-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3)
2023-06-25T18:18:46.974+08:00 DEBUG 5712 --- [io-9001-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3)
2023-06-25T18:18:46.974+08:00 DEBUG 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Securing GET /api/login/welcome?continue
2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/17)
2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/17)
2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/17)
2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/17)
2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/17)
2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/17)
2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17)
2023-06-25T18:18:49.075+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (8/17)
2023-06-25T18:18:50.364+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking OAuth2LoginAuthenticationFilter (9/17)
2023-06-25T18:18:50.365+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking DefaultLoginPageGeneratingFilter (10/17)
2023-06-25T18:18:50.365+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking DefaultLogoutPageGeneratingFilter (11/17)
2023-06-25T18:18:50.365+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (12/17)
2023-06-25T18:18:50.365+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (13/17)
2023-06-25T18:18:50.366+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking AnonymousAuthenticationFilter (14/17)
2023-06-25T18:18:50.366+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationCodeGrantFilter (15/17)
2023-06-25T18:18:51.766+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (16/17)
2023-06-25T18:18:51.767+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking AuthorizationFilter (17/17)
2023-06-25T18:19:57.364+08:00 DEBUG 5712 --- [io-9001-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:19:57.366+08:00 DEBUG 5712 --- [io-9001-exec-10] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=Name: [user], Granted Authorities: [[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=user, aud=[oidc-client], azp=oidc-client, auth_time=2023-06-25T09:50:36Z, iss=http://192.168.1.125:9000, exp=2023-06-25T10:39:48Z, iat=2023-06-25T10:09:48Z, nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8, sid=7TkynZgAwHYhWeEnl4soX232xgREd1FFcPagGUIc5cc}], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=F5FB786C57F37610E3A9671AB47DAE23], Granted Authorities=[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]]]
2023-06-25T18:20:35.651+08:00 DEBUG 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Secured GET /api/login/welcome?continue
2023-06-25T18:20:35.652+08:00 DEBUG 5712 --- [io-9001-exec-10] o.s.web.servlet.DispatcherServlet        : GET "/api/login/welcome?continue", parameters={masked}
2023-06-25T18:20:35.652+08:00 DEBUG 5712 --- [io-9001-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:20:35.655+08:00 DEBUG 5712 --- [io-9001-exec-10] m.m.a.RequestResponseBodyMethodProcessor : Using 'text/html', given [text/html, application/xhtml+xml, image/webp, image/apng, application/xml;q=0.9, */*;q=0.8, application/signed-exchange;v=b3;q=0.7] and supported [text/plain, */*, application/json, application/*+json]
2023-06-25T18:20:35.655+08:00 DEBUG 5712 --- [io-9001-exec-10] m.m.a.RequestResponseBodyMethodProcessor : Writing ["<h1>Welcome!</h1>"]
2023-06-25T18:20:35.657+08:00 DEBUG 5712 --- [io-9001-exec-10] o.s.web.servlet.DispatcherServlet        : Completed 200 OK

集成GateWay

正在集成中。。。

关于 Spring Cloud Alibaba 的基础环境搭建,可以看下面的文章,很详细,本文主要介绍集成OAuth2的过程

Spring Cloud Alibaba 最新版本整合完整使用及与各中间件集成(基于Spring Boot 3.0.x)_ricardo.M.Yu的博客-CSDN博客

代办事项 

现在需要做的改造如下:

1、新建授权服务,集成 oauth2-authorization-server ,即auth模块做授权中心

2、修改业务模块,集成 oauth2-client,即做资源中心与客户端

3、修改网关模块,即 gateway 做相关修改

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)

Oauth2主要结构

OAuth2AuthorizationEndpointFilter: 针对 /login 或自行请求 授权码的处理器

OAuth2TokenEndpointFilter:针对获取 token 时的处理器

ProviderManager:

OAuth2ClientAuthenticationFilter

OAuth2TokenEndpointFilter

ClientSecretAuthenticationProvider

DelegatingAuthenticationConverter

OAuth2AuthorizationCodeAuthenticationProvider

OAuth2AuthorizationEndpointFilter

UsernamePasswordAuthenticationFilter

AuthenticationEntryPoint 

LoginUrlAuthenticationEntryPoint

sql脚本

我直接整理好了文章来源地址https://www.toymoban.com/news/detail-482040.html

/*
IMPORTANT:
    If using PostgreSQL, update ALL columns defined with 'blob' to 'text',
    as PostgreSQL does not support the 'blob' data type.
*/
CREATE TABLE oauth2_authorization (
    id varchar(100) NOT NULL,
    registered_client_id varchar(100) NOT NULL,
    principal_name varchar(200) NOT NULL,
    authorization_grant_type varchar(100) NOT NULL,
    authorized_scopes varchar(1000) DEFAULT NULL,
    attributes blob DEFAULT NULL,
    state varchar(500) DEFAULT NULL,
    authorization_code_value blob DEFAULT NULL,
    authorization_code_issued_at timestamp DEFAULT NULL,
    authorization_code_expires_at timestamp DEFAULT NULL,
    authorization_code_metadata blob DEFAULT NULL,
    access_token_value blob DEFAULT NULL,
    access_token_issued_at timestamp DEFAULT NULL,
    access_token_expires_at timestamp DEFAULT NULL,
    access_token_metadata blob DEFAULT NULL,
    access_token_type varchar(100) DEFAULT NULL,
    access_token_scopes varchar(1000) DEFAULT NULL,
    oidc_id_token_value blob DEFAULT NULL,
    oidc_id_token_issued_at timestamp DEFAULT NULL,
    oidc_id_token_expires_at timestamp DEFAULT NULL,
    oidc_id_token_metadata blob DEFAULT NULL,
    refresh_token_value blob DEFAULT NULL,
    refresh_token_issued_at timestamp DEFAULT NULL,
    refresh_token_expires_at timestamp DEFAULT NULL,
    refresh_token_metadata blob DEFAULT NULL,
    user_code_value blob DEFAULT NULL,
    user_code_issued_at timestamp DEFAULT NULL,
    user_code_expires_at timestamp DEFAULT NULL,
    user_code_metadata blob DEFAULT NULL,
    device_code_value blob DEFAULT NULL,
    device_code_issued_at timestamp DEFAULT NULL,
    device_code_expires_at timestamp DEFAULT NULL,
    device_code_metadata blob DEFAULT NULL,
    PRIMARY KEY (id)
);

CREATE TABLE oauth2_authorization_consent (
    registered_client_id varchar(100) NOT NULL,
    principal_name varchar(200) NOT NULL,
    authorities varchar(1000) NOT NULL,
    PRIMARY KEY (registered_client_id, principal_name)
);

CREATE TABLE oauth2_registered_client (
    id varchar(100) NOT NULL,
    client_id varchar(100) NOT NULL,
    client_id_issued_at timestamp DEFAULT CURRENT_TIMESTAMP NOT NULL,
    client_secret varchar(200) DEFAULT NULL,
    client_secret_expires_at timestamp DEFAULT NULL,
    client_name varchar(200) NOT NULL,
    client_authentication_methods varchar(1000) NOT NULL,
    authorization_grant_types varchar(1000) NOT NULL,
    redirect_uris varchar(1000) DEFAULT NULL,
    post_logout_redirect_uris varchar(1000) DEFAULT NULL,
    scopes varchar(1000) NOT NULL,
    client_settings varchar(2000) NOT NULL,
    token_settings varchar(2000) NOT NULL,
    PRIMARY KEY (id)
);


到了这里,关于Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授权认证(拥抱 springboot 3.1)的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处: 如若内容造成侵权/违法违规/事实不符,请点击违法举报进行投诉反馈,一经查实,立即删除!

领支付宝红包 赞助服务器费用

相关文章

  • Spring Security6 最新版配置该怎么写,该如何实现动态权限管理

    Spring Security 在最近几个版本中配置的写法都有一些变化,很多常见的方法都废弃了,并且将在未来的 Spring Security7 中移除,因此又补充了一些新的内容,重新发一下,供各位使用 Spring Security 的小伙伴们参考。 接下来,我把从 Spring Security5.7 开始(对应 Spring Boot2.7 开始),各

    2024年02月12日
    浏览(44)
  • Spring Boot 最新版3.x 集成 OAuth 2.0实现认证授权服务、第三方应用客户端以及资源服务

    Spring Boot 3 已经发布一段时间,网上关于 Spring Boot 3 的资料不是很多,本着对新技术的热情,学习和研究了大量 Spring Boot 3 新功能和新特性,感兴趣的同学可以参考 Spring 官方资料全面详细的新功能/新改进介绍 Spring 版本升级到6.x JDK版本至少17+ … 新特性有很多,本文主要针对

    2024年02月02日
    浏览(68)
  • Spring Security OAuth2详解

    spring security oauth2框架即spring security + OAuth2,spring security上一篇文章已经讲过,接下来讲讲OAuth2,它是行业标准的授权协议,旨在为开发人员提供简单易用的授权流程;OAuth 定义了四种角色: 资源所有者:能够授予对受保护资源的访问权限的实体,当资源所有者是一个人时,

    2024年02月03日
    浏览(36)
  • Spring Security OAuth2.0(3):Spring Security简单入门

    Spring Security 快速入门。 本章代码已分享至Gitee:https://gitee.com/lengcz/security-spring-security qquad Spring Secutiry 是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。由于它是Spring生态系统的一员,因此它伴随着整个Spring生态系统不断修正、升级,

    2024年02月13日
    浏览(48)
  • Spring Security OAuth2.0(5):Spring Security工作原理

    qquad Spring Security 所解决的问题就是安全访问控制,而安全访问控制功能其实就是所有进入系统的请求进行拦截,校验每个请求是否能够访问它所期望的资源。Spring Security 对Web资源的保护是通过Filter入手的,所以从这个Filter入手,逐步深入Spring Security原理。 $qquad%当初始化

    2024年02月17日
    浏览(55)
  • Spring Security OAuth2.0 - 学习笔记

    OAuth2.0是一个开放标准,允许用户授权第三方应用程序访问他们存储在另外的服务提供者上的信息,而不需要将用户和密码提供给第三方应用或分享数据的所有内容。 1)授权码模式 2)简化模式 3)密码模式 4)客户端模式 普通令牌只是一个随机的字符串,没有特殊的意义,

    2024年02月16日
    浏览(46)
  • 微服务安全Spring Security Oauth2实战

    Spring Authorization Server 是一个框架,它提供了 OAuth 2.1 和 OpenID Connect 1.0 规范以及其他相关规范的实现。它建立在 Spring Security 之上,为构建 OpenID Connect 1.0 身份提供者和 OAuth2 授权服务器产品提供了一个安全、轻量级和可定制的基础。说白了,Spring Authorization Server 就是一个**认

    2024年02月03日
    浏览(36)
  • Spring Security与OAuth2的完美结合

    OAuth2是一种流行的授权框架,它允许用户授权第三方应用程序访问他们的资源。Spring Security是一个强大的安全框架,它提供了一系列的安全功能。本文将介绍如何将Spring Security与OAuth2整合,以实现更加安全和可靠的应用程序。 OAuth2的基本概念 OAuth2是一个授权框架,它允许用

    2024年02月05日
    浏览(40)
  • Spring Security OAuth2 远程命令执行漏洞

    cd vulhub/spring/CVE-2016-4977/ docker-compose up -d 访问 http://192.168.10.171:8080/oauth/authorize?response_type=${233*233}client_id=acmescope=openidredirect_uri=http://test 用admin:admin登陆 出现以下报错,表示漏洞存在(response_type里面的命令执行了) poc.py #!/usr/bin/env python message = input(‘Enter message to encode:’) p

    2024年02月09日
    浏览(36)
  • Spring Security实现OAuth2协议及实战

    文章篇幅较长,愿读者耐心看完。如有不足之处,请指正。 一.OAuth2介绍 1.1 OAuth2是什么 怎么用 OAuth2是目前最流行的授权协议,用来授权第三方应用,获取用户数据。 举个例子:快递员想要进入小区,有3种方式。1是业主远程开门,2是业主告诉门禁密码,3是使用令牌(Oaut

    2024年02月08日
    浏览(39)

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

博客赞助

微信扫一扫打赏

请作者喝杯咖啡吧~博客赞助

支付宝扫一扫领取红包,优惠每天领

二维码1

领取红包

二维码2

领红包