java - 使用 OpenID 连接的 Spring Security 5 上的 oidc_provider_not_configured 错误消息
问题描述
我最近在尝试使用 Spring Security 5 和 OpenId 连接登录用户时收到以下错误消息:
[oidc_provider_not_configured] An OpenID Connect Authentication Provider has not been configured. Check to ensure you include the dependency 'spring-security-oauth2-jose'.
我使用 Keycloak 实例作为授权服务器。用户被重定向到 Keycloak 并且(登录后)使用授权码成功地重定向回我的应用程序。
这就是问题发生的地方。使用OAuth2LoginAuthenticationFilter来ProviderManager获取访问令牌。配置了 3 个提供程序:
AnonymousAuthenticationProviderOAuth2LoginAuthenticationProviderOAuth2LoginConfigurer
第一个被跳过,第二个在范围包含“openid”时返回 null,第三个抛出错误。
为什么OAuth2LoginAuthenticationProvider不处理“openid”范围?应该 OidcAuthorizationCodeAuthenticationProvider改用 吗?为什么这个没有自动配置?
spring-security-oauth2-jose与spring-boot-starter-oauth2-client.
这是我的设置:
pom.xml:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.2.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.example</groupId>
<artifactId>oauth-demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>security</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>11</java.version>
<spring-cloud.version>Hoxton.SR3</spring-cloud.version>
</properties>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
OAuth2ClientSecurityConfig.java:
@Configuration
public class OAuth2ClientSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated()
.and()
.oauth2Login();
}
}
应用程序.yaml
spring:
security:
oauth2:
client:
registration:
demo:
client-id: oauth-demo
client-secret: [SECRET]
authorization-grant-type: authorization_code
redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
scope: openid
provider:
demo:
authorization-uri: http://localhost/auth/realms/csp/protocol/openid-connect/auth
token-uri: http://localhost/auth/realms/csp/protocol/openid-connect/token
jwk-set-uri: http://localhost/auth/realms/csp/protocol/openid-connect/certs
user-info-uri: http://localhost/auth/realms/csp/protocol/openid-connect/userinfo
userNameAttribute: preferred_username
解决方案
推荐阅读
- javascript - 在 p5.js 中将照片设置为背景
- html - HTML/CSS - change button size with browser
- c# - 为什么我的高分无论如何都会改变?
- docker - 为什么在 mac 上安装 docker 时未创建组名“docker”?
- python - 用硒打开两个以上的标签
- java - 如何编写具有文件大小限制的 XML?
- angular - 多个重复数据点 - Angularjs Rxjs 订阅未按预期工作
- java - javac找不到崇高的
- xcode - 我的故事板自定义类属性不再在 Xamarin 中生成自定义类?
- delphi - 如何更改 TDrawGrid 的滚动行为