我遇到了与Google完全相同的问题。
具有以下微服务架构
Google Auth Server Zuul Gateway (:8080) / / / Other OAuth2Client (:5000)
在本地计算机上运行时,一切正常,但是在AWS Elastic Beanstalk中,我捕获了相同的异常。
调试之后,我发现在我的情况下,当OAuth2Client位于Zuul代理(它们在单独的微服务中实现)后面时,我实际上在内部检查中获得了不同的redirect_uri值
OAuth2LoginAuthenticationProvider:
if (!authorizationResponse.getRedirectUri().equals(authorizationRequest.getRedirectUri())) { OAuth2Error oauth2Error = new OAuth2Error(INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE); throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());}因此,对于AWS,我具有以下值:
authorizationResponse.getRedirectUri()http://[INNER_AWS_ESB_IP]:5000/auth/login/oauth2/pre/googleauthorizationRequest.getRedirectUri()https://[MY_PROJECT_DOMAIN_NAME]/auth/login/oauth2/pre/google
其中
[INNER_AWS_ESB_IP],AWS Elastic
Beanstalk中的内部网络的IP地址
[MY_PROJECT_DOMAIN_NAME]是我的项目的域名,该域名被硬编码
application.yml为
redirect-uri-template参数。
我有以下配置
application.yml我的 OAuth2Client 的microService
server: port: 5000 servlet: contextPath: /auth use-forward-headers: truespring: security: oauth2: resource: filter-order: 3 client: registration: google: client-id: [REMOVED] client-secret: [REMOVED] redirect-uri-template: ${MY_PROJECT_DOMAIN_NAME:http://localhost:8080}/auth/login/oauth2/pre/google scope: profile,email洛雷诺,您拥有哪种建筑?您可以共享您的配置吗?
更新
似乎该问题与版本科学5.0中的Spring Security Oauth2 Client的实现直接相关
如果在某些单独的虚拟机上启动Zuul Gateway微服务而在本地计算机上启动其他微服务,则问题可以重现☝️因此,应从VM上的浏览器调用Google。
*帮助我避免此问题 *的解决方案 是添加
Filter具有
HttpServletRequestWrapper可覆盖方法的custom
的custom 并返回“正确的” URL以满足签入中的
OAuth2LoginAuthenticationProvider.java:115要求。
- 在
application.yml
Oauth2客户端中
myCloudPath: ${MY_PROJECT_DOMAIN_NAME:http://localhost:8080}- 在里面
SecurityConfig
@Value("${myCloudPath}")private String myCloudPath;@Overridepublic void configure(HttpSecurity http) throws Exception {http. addFilterBefore(new MyCustomFilter(myCloudPath), OAuth2LoginAuthenticationFilter.class). ...过滤
public class MyCustomFilter implements Filter {private static final Logger logger = LogManager.getLogger(MyCustomFilter.class);private String myCloudPath;public MyCustomFilter(String myCloudPath) { this.myCloudPath= myCloudPath;}@Overridepublic void init(FilterConfig filterConfiguration) throws ServletException { logger.info("MyCustomFilter init");}public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { request = new MyHttpServletRequestWrapper((HttpServletRequest) request, myCloudPath); chain.doFilter(request, response);}@Overridepublic void destroy() { logger.info("MyCustomFilter destroy");}}
HttpServletRequestWrapper
public class MyHttpServletRequestWrapper extends HttpServletRequestWrapper {public final String redirectUrl;public MyHttpServletRequestWrapper(HttpServletRequest request, String myCloudPath) { super(request); this.redirectUrl = myCloudPath + request.getRequestURI();}@Overridepublic StringBuffer getRequestURL() { return new StringBuffer(redirectUrl);}}
