Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）

這篇具有很好參考價(jià)值的文章主要介紹了Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）。希望對(duì)大家有所幫助。如果存在錯(cuò)誤或未考慮完全的地方，請(qǐng)大家不吝賜教，您也可以點(diǎn)擊"舉報(bào)違法"按鈕提交疑問。

背景

demo地址

版本

Spring Boot 3.1

Spring Authorization Server 1.1.0

基礎(chǔ)

spring security

OAuth2

模塊構(gòu)成

授權(quán)方式

認(rèn)證方式

集成過程

官方demo

代碼集成

依賴

授權(quán)服務(wù)AuthorizationServerConfig配置

重要組件

測(cè)試

查看授權(quán)服務(wù)配置

訪問授權(quán)服務(wù)

授權(quán)

回調(diào)

獲取?access_token

獲取用戶信息

個(gè)性化改造

目標(biāo)

基礎(chǔ)知識(shí)

Spring Security OAuth2 Client

改造過程

auth-server改造

POM

持久化改造

AuthorizationServerConfig改造

sql腳本

DefaultSecurityConfig修改

UserService配置

異常處理

測(cè)試

根據(jù)刷新碼 refresh_token 換token

自定義用戶信息

userService新增方法

定義用戶信息格式返回handler

SecurityFilterChain改造

測(cè)試

?auth-client客戶端添加

?配置

?controller

測(cè)試

控制臺(tái)

集成GateWay

代辦事項(xiàng)?

sql腳本

背景

基于?Spring Cloud Alibaba? 架構(gòu)下，需要一個(gè)統(tǒng)一授權(quán)中心，與?gateway 配合使用實(shí)現(xiàn)微服務(wù)的授權(quán)與認(rèn)證，下面主要介紹整個(gè)集成過程，基于springboot3.1最新版

demo地址

我放到了github上，還包括?spring-cloud-alibaba其他的集成

ricardo-m-yu/spring-cloud-alibaba (github.com)

版本

Spring Boot 3.1

最新發(fā)布的springboot3.1版本對(duì)?oauth2 提供了默認(rèn)的支持，可以引用下面的依賴來快速構(gòu)建，為了體驗(yàn)新版本特性，我這邊切換到了 3.1版本

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）

Spring Boot 3.1 提供了一個(gè) spring-boot-starter-oauth2-authorization-server 啟動(dòng)器，可以支持 Spring Authorization Server 的自動(dòng)配置，輕松配置基于 Servlet 的 OAuth2 授權(quán)服務(wù)器，同時(shí)@EnableAuthorizationServer這些注解也早已廢棄

Spring Authorization Server 1.1.0

官方文檔

Spring Authorization Server

基礎(chǔ)

spring security

關(guān)于springsecurity的基礎(chǔ)知識(shí)，之前寫過一篇?springboot 與?Spring Security 集成的基于 jwt的授權(quán)的，可以看下面的

(296條消息) springboot 2.7整合spring security 5.7整合jwt實(shí)現(xiàn)用戶登錄注冊(cè)與鑒權(quán)全記錄_ricardo.M.Yu的博客-CSDN博客

OAuth2

?OAuth2可以提供一個(gè)統(tǒng)一的認(rèn)證服務(wù)。主要模塊如下：

模塊構(gòu)成

Resource owner（資源擁有者）：擁有該資源的服務(wù)或用戶，如我們自己或者資源網(wǎng)站

Authorization server（認(rèn)證服務(wù)器）：即用來認(rèn)證與頒發(fā)令牌（如token）的服務(wù)

Resource server（資源服務(wù)器）：擁有資源的服務(wù)，如我們要訪問的網(wǎng)站

Client（客戶端）：即訪問的客戶端，如我們自己用的訪問網(wǎng)站

授權(quán)方式

授權(quán)碼模式（authorization_code）：最正規(guī)的模式，客戶端先將用戶導(dǎo)向認(rèn)證服務(wù)器，登錄后獲取授權(quán)碼，然后進(jìn)行授權(quán)，最后根據(jù)授權(quán)碼獲取訪問令牌

刷新模式（refresh_token）：用刷新碼獲取

客戶端模式（client_credentials）：第三方應(yīng)用自己本身需要獲取資源

詳見??AuthorizationGrantType 這個(gè)類

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）

下面的密碼模式已經(jīng)被廢棄

密碼模式（resource owner password credentials）：直接帶用戶名和密碼去向認(rèn)證服務(wù)器申請(qǐng)令牌

認(rèn)證方式

client_secret_basic：最常用，客戶端的 client_id 和 client_secret，傳遞給授權(quán)服務(wù)器

client_secret_post：常用，客戶端的 client_id 和 client_secret，傳遞給授權(quán)服務(wù)器，參數(shù)傳遞方式不同

client_secret_jwt：利用 JWT 進(jìn)行認(rèn)證

private_key_jwt：方式就是利用 JWT 進(jìn)行認(rèn)證。請(qǐng)求方擁有自己的公私鑰（密鑰對(duì)）

none

詳見?ClientAuthenticationMethod

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）

集成過程

我下面會(huì)分為三個(gè)階段逐次遞進(jìn)改造，

第一階段：官方demo演示與組件講解測(cè)試

第二階段：個(gè)性化改造

第三階段：集成 springcloud gateway 完成分布式授權(quán)改造

官方demo

代碼集成

依賴

只需要下面的這一個(gè)依賴，springboot 版本為 3.1

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>3.1.0</version>
    <relativePath/>
</parent>


<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-oauth2-authorization-server</artifactId>
</dependency>

授權(quán)服務(wù)AuthorizationServerConfig配置

spring 官方在快速開始里面給出了下面的默認(rèn)最小配置，

Getting Started (spring.io)

我先粘下來再介紹，代碼結(jié)構(gòu)大概這樣，一共兩個(gè)配置類

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）

?AuthorizationServerConfig


@Configuration
public class AuthorizationServerConfig {

    @Bean
    @Order(1)
    public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
            throws Exception {
        //針對(duì) Spring Authorization Server 最佳實(shí)踐配置
        OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
        http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
                .oidc(Customizer.withDefaults());	// Enable OpenID Connect 1.0

        http
                // Redirect to the login page when not authenticated from the
                // authorization endpoint
                .exceptionHandling((exceptions) -> exceptions
                        .defaultAuthenticationEntryPointFor(
                                new LoginUrlAuthenticationEntryPoint("/login"),
                                new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
                        )
                )
                // Accept access tokens for User Info and/or Client Registration
                .oauth2ResourceServer((resourceServer) -> resourceServer
                        .jwt(Customizer.withDefaults()));

        return http.build();
    }

    @Bean
    public RegisteredClientRepository registeredClientRepository() {
        RegisteredClient oidcClient = RegisteredClient.withId(UUID.randomUUID().toString())
                .clientId("oidc-client")
                .clientSecret("{noop}secret")
                .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
                .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
                .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
                .redirectUri("http://www.baidu.com")
                .redirectUri("http://localhost:9001/login/oauth2/code/oidc-client")
                .redirectUri("http://localhost:9001/api/login/welcome")
                .postLogoutRedirectUri("http://127.0.0.1:8080/")
                .scope(OidcScopes.OPENID)
                .scope(OidcScopes.PROFILE)
                .scope("message.read")
                .scope("message.write")
                .scope("all")
                // 設(shè)置 Client 需要頁面審核授權(quán)
                .clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build())
                .build();

        return new InMemoryRegisteredClientRepository(oidcClient);
    }

    /**
     * 默認(rèn)發(fā)放令牌
     * @return
     */
    @Bean
    public JWKSource<SecurityContext> jwkSource() {
        KeyPair keyPair = generateRsaKey();
        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
        RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
        RSAKey rsaKey = new RSAKey.Builder(publicKey)
                .privateKey(privateKey)
                .keyID(UUID.randomUUID().toString())
                .build();
        JWKSet jwkSet = new JWKSet(rsaKey);
        return new ImmutableJWKSet<>(jwkSet);
    }

    private static KeyPair generateRsaKey() {
        KeyPair keyPair;
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            keyPair = keyPairGenerator.generateKeyPair();
        }
        catch (Exception ex) {
            throw new IllegalStateException(ex);
        }
        return keyPair;
    }

    @Bean
    public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
        return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
    }

    @Bean
    public AuthorizationServerSettings authorizationServerSettings() {
        return AuthorizationServerSettings.builder().build();
    }
}

DefaultSecurityConfig

@EnableWebSecurity
@Configuration(proxyBeanMethods = false)
public class DefaultSecurityConfig {


    @Bean
    @Order(2)
    public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http)
            throws Exception {
        http
                .authorizeHttpRequests((authorize) -> authorize
                        .requestMatchers(new AntPathRequestMatcher("/actuator/**"),
                                new AntPathRequestMatcher("/oauth2/**"),
                                new AntPathRequestMatcher("/**/*.json"),
                                new AntPathRequestMatcher("/**/*.html")).permitAll()
                        .anyRequest().authenticated()
                )
                .cors(Customizer.withDefaults())
                .csrf((csrf) -> csrf.disable())
//                .httpBasic(Customizer.withDefaults())
//				// Form login handles the redirect to the login page from the
//				// authorization server filter chain
                .formLogin(Customizer.withDefaults())
        ;

        return http.build();
    }

    @Bean
    public UserDetailsService userDetailsService() {
        UserDetails userDetails = User.withDefaultPasswordEncoder()
                .username("user")
                .password("password")
                .roles("USER")
                .build();

        return new InMemoryUserDetailsManager(userDetails);
    }

}

分別介紹下這幾個(gè)@Bean配置，也是?AuthorizationServer 的幾個(gè)重要概念。

重要組件

SecurityFilterChain ->?authorizationServerSecurityFilterChain:?Spring Security的過濾器鏈，用于協(xié)議端點(diǎn)的。

SecurityFilterChain ->?defaultSecurityFilterChain：?Spring Security的過濾器鏈，用于Spring Security的身份認(rèn)證

UserDetailsService ：主要進(jìn)行用戶身份驗(yàn)證

RegisteredClientRepository：主要用于管理客戶端

JWKSource：用于簽名訪問令牌

KeyPair：?啟動(dòng)時(shí)生成的帶有密鑰的KeyPair實(shí)例，用于創(chuàng)建上面的JWKSource

JwtDecoder：JwtDecoder的一個(gè)實(shí)例，用于解碼已簽名的訪問令牌

AuthorizationServerSettings：用于配置Spring Authorization Server的AuthorizationServerSettings實(shí)例。

測(cè)試

為了方便測(cè)試，上面的配置中，客戶端的回調(diào)地址我已經(jīng)改成了百度的，授權(quán)方式用授權(quán)碼模式，認(rèn)證方式用client_secret_basic

服務(wù)啟動(dòng)，端口為9000

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）

查看授權(quán)服務(wù)配置

地址：

調(diào)用??http://127.0.0.1:9000/.well-known/openid-configuration

?后，查看地址配置如下：其實(shí)就是每個(gè)請(qǐng)求的url

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）

詳細(xì)的是下面

{

????"issuer":?"http://127.0.0.1:9000",

????"authorization_endpoint":?"http://127.0.0.1:9000/oauth2/authorize",

????"device_authorization_endpoint":?"http://127.0.0.1:9000/oauth2/device_authorization",

????"token_endpoint":?"http://127.0.0.1:9000/oauth2/token",

????"token_endpoint_auth_methods_supported":?[

????????"client_secret_basic",

????????"client_secret_post",

????????"client_secret_jwt",

????????"private_key_jwt"

????],

????"jwks_uri":?"http://127.0.0.1:9000/oauth2/jwks",

????"userinfo_endpoint":?"http://127.0.0.1:9000/userinfo",

????"end_session_endpoint":?"http://127.0.0.1:9000/connect/logout",

????"response_types_supported":?[

????????"code"

????],

????"grant_types_supported":?[

????????"authorization_code",

????????"client_credentials",

????????"refresh_token",

????????"urn:ietf:params:oauth:grant-type:device_code"

????],

????"revocation_endpoint":?"http://127.0.0.1:9000/oauth2/revoke",

????"revocation_endpoint_auth_methods_supported":?[

????????"client_secret_basic",

????????"client_secret_post",

????????"client_secret_jwt",

????????"private_key_jwt"

????],

????"introspection_endpoint":?"http://127.0.0.1:9000/oauth2/introspect",

????"introspection_endpoint_auth_methods_supported":?[

????????"client_secret_basic",

????????"client_secret_post",

????????"client_secret_jwt",

????????"private_key_jwt"

????],

????"subject_types_supported":?[

????????"public"

????],

????"id_token_signing_alg_values_supported":?[

????????"RS256"

????],

????"scopes_supported":?[

????????"openid"

????]

}

訪問授權(quán)服務(wù)

瀏覽器地址欄輸入

http://localhost:9000/oauth2/authorize?response_type=code&client_id=oidc-client&scope=message.read?openid&redirect_uri=http://www.baidu.com

用這個(gè)請(qǐng)求來模擬客戶端，實(shí)際開發(fā)中，其實(shí)是先訪問資源服務(wù)，由資源服務(wù)來拼接這幾個(gè)參數(shù)來重定向到授權(quán)服務(wù)的，參數(shù)意義如下，這些參數(shù)都是需要再上面RegisteredClientRepository配置過的

response_type：這個(gè)意思是相應(yīng)的方式為code碼

client_id：即客戶端的id，即上面配置中在?RegisteredClientRepository 配置的

scope：請(qǐng)求授權(quán)范圍，也需要在上面的配置中

redirect_uri：授權(quán)通過后，重定向回來的地址

輸入完上面的地址后，會(huì)重定向到下面這個(gè)登錄頁面，

我們輸入上面配置好的用戶名密碼：

user

password

點(diǎn)擊登錄?

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）

授權(quán)

登錄過后，會(huì)到下面這個(gè)授權(quán)頁面，點(diǎn)擊授權(quán)范圍，然后點(diǎn)擊 submit

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）

回調(diào)

授權(quán)通過后，授權(quán)服務(wù)回調(diào)到了百度的地址，然后附帶這我們的授權(quán)碼，如下圖

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）

獲取?access_token

拿到授權(quán)碼之后，可以用postman測(cè)試來獲取?access_token

測(cè)試接口參數(shù)

Header

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）

請(qǐng)求體?

http://localhost:9000/oauth2/token?grant_type=authorization_code&code=ajdNNIj8EiLjgw3OS8yu2q8n3XXCAb6cPY5LRsOHyRlAAB1ENKdmy8M4JBkJ8PrU-3K9QdpAZtyKg8QP5q0EHN2mR1k532FQUKz1ObSuH3EuSFy5LVzut9z1QVPuefoA&redirect_uri=http://www.baidu.com

curl命令如下

curl --location --request POST 'http://localhost:9000/oauth2/token?grant_type=authorization_code&code=a_lOQegEwElR09Sj6auVpBdYGgnhhK0uz1Uks286ei_zkbyDFKII2uf7gMIF7CU4cLN8ZEY3EsSq9jMAZ-Rmtmlq5pI6KPB95LMQg9fFirFg2wWjdd5PEwQLMEogY9B6&redirect_uri=http%3A%2F%2Fwww.baidu.com' \
--header 'Authorization: Basic b2lkYy1jbGllbnQ6c2VjcmV0'

?參數(shù)說明：

grant_type：即授權(quán)方式，authorization_code即授權(quán)碼模式

code：即授權(quán)碼，上面重定向到百度給我們的授權(quán)碼

redirect_uri：重定向的url

header中的?Authorization參數(shù)：因?yàn)槲覀冇玫目蛻舳苏J(rèn)證方式為??client_secret_basic ，這個(gè)需要傳參，還有一些其他的認(rèn)證方式，具體參數(shù)說明如下

client_secret_basic：?將 clientId 和 clientSecret 通過 ‘:’ 號(hào)拼接，（ clientId 和 clientSecret 都在上面配置中，）并使用 Base64 進(jìn)行編碼得到一串字符，再在前面加個(gè)?注意有個(gè) Basic? ?前綴（Basic后有一個(gè)空格），即得到上面參數(shù)中的?Basic b2lkYy1jbGllbnQ6c2VjcmV0

client_secret_post ：clientId 和 clientSecret 放到表單去發(fā)送請(qǐng)求。如下圖：

?使用我們的 client_secret_basic 方式傳參，接口調(diào)用結(jié)果：

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）

已經(jīng)正常拿到了?access_token。

完整的過濾器執(zhí)行順序，控制臺(tái)輸出

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）

獲取用戶信息

獲取用戶信息接口為??/userinfo，注意需要有 opid 的授權(quán)范圍，需要傳參的值為?上面獲取到的access_token，并在前面拼上? Bearer?

參數(shù)說明

Authorization：值格式為?Bearer + ${access_token}，注意?Bearer??后面附帶空格

curl命令

curl --location --request POST 'http://127.0.0.1:9000/userinfo' \
--header 'Authorization: Bearer eyJraWQiOiI4ZDc5YTIwNi1kOWZhLTQ5NWQtODJkMi1iMzk2MjQwNGQ4YmIiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJ1c2VyIiwiYXVkIjoib2lkYy1jbGllbnQiLCJuYmYiOjE2ODY3MzM4MTYsInNjb3BlIjpbIm9wZW5pZCIsIm1lc3NhZ2UucmVhZCJdLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjkwMDAiLCJleHAiOjE2ODY3MzQxMTYsImlhdCI6MTY4NjczMzgxNn0.AiGV5LIl8a4_7a7L2gbR61sjvHVLW4dZ6cElAwsWZnp-P7ocQT119KIASTPv138MU6ZK2_aF_-ER5FKaFQVSOj10Fy_Gv9PXa2ExrzTajfkPtA_t63jCcazzllaVWY4QIVD4fU8hPe6zDwjNOOX8R7hJFu2qtZ8V3bhzTlC0M4XWDAQ0goymYrAnVq8BR6hRm5-pY4nMCUZPFCeEFqGnl68EGRzosdSQeuRd-PtzB837i-C7lxqIjs4Y5hZ9mQw3R1zfa0WoP2KeN8K3WjyTIYd9PvrLIFCB5Zhj54sdNpZTy7wwC-oCVzwFFCEkgY-vprfgk4e4sZ10Lx60j--fHA' \
--header 'Cookie: JSESSIONID=7B10DA37A285902E4AEE4586AC181343'

效果如下：

默認(rèn)返回的只有用戶名，其他的數(shù)據(jù)，需要我們來重寫一些東西獲取

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）

?過濾器執(zhí)行鏈 Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）

BearerTokenAuthenticationFilter：檢驗(yàn)token

AuthenticationEntryPointFailureHandler

AuthenticationFailureHandler

OidcUserInfoEndpointFilter

個(gè)性化改造

目標(biāo)

原有的客戶端注冊(cè)中心是基于內(nèi)存的InMemoryRegisteredClientRepository，需要改造為基于數(shù)據(jù)庫，可動(dòng)態(tài)注冊(cè)即修改客戶端信息

用戶信息UserDetailsService也是基于內(nèi)存，現(xiàn)在需要基于數(shù)據(jù)庫動(dòng)態(tài)添加編輯

各種異常的自定義處理與信息返回

用戶信息的自定義返回

過期時(shí)間、授權(quán)方式

新增客戶端client，從客戶端作為入口并配置相關(guān)組件

基礎(chǔ)知識(shí)

Spring Security OAuth2 Client

組件介紹：

ClientRegistration：注冊(cè)的客戶端

ClientRegistrationRepository：ClientRegistration的存儲(chǔ)倉庫

OAuth2AuthorizedClient：已授權(quán)過的客戶端

OAuth2AuthorizedClientRepository ：已授權(quán)過的客戶端存儲(chǔ)庫持久化

OAuth2AuthorizationRequestRedirectFilter：該過濾器處理 /oauth2/authorization 路徑，轉(zhuǎn)發(fā)給認(rèn)證中心對(duì)應(yīng)的路徑 /oauth2/authorize

OAuth2AuthorizationCodeGrantFilter：負(fù)責(zé)處理認(rèn)證中心的授權(quán)碼回調(diào)請(qǐng)求，如地址重定向

OAuth2LoginAuthenticationFilter：處理第三方認(rèn)證的回調(diào)(該回調(diào)有授權(quán)碼)

拿著授權(quán)碼到第三方認(rèn)證服務(wù)器獲取access_token和refresh_token

改造過程

auth-server改造

目標(biāo)

客戶端基于數(shù)據(jù)庫增刪

用戶信息UserDetailsService也是基于內(nèi)存，現(xiàn)在需要基于數(shù)據(jù)庫動(dòng)態(tài)添加編輯

異常的自定義處理與信息返回

過期時(shí)間、授權(quán)方式

用戶信息的自定義返回

改造如下：

POM

新增數(shù)據(jù)庫相關(guān)依賴，包括mysql和 mybatis

 <dependency>
     <groupId>mysql</groupId>
     <artifactId>mysql-connector-java</artifactId>
 </dependency>
 <dependency>
     <groupId>com.alibaba</groupId>
     <artifactId>druid-spring-boot-starter</artifactId>
 </dependency>
 <dependency>
     <groupId>com.alibaba</groupId>
     <artifactId>fastjson</artifactId>
 </dependency>
 <dependency>
     <groupId>org.mybatis.spring.boot</groupId>
     <artifactId>mybatis-spring-boot-starter</artifactId>
 </dependency>

配置文件增加

spring:
  datasource:
    type: com.alibaba.druid.pool.DruidDataSource
    driver-class-name: com.mysql.cj.jdbc.Driver
    url: jdbc:mysql://192.168.1.111:8106/oauth2?useSSL=false&serverTimezone=Asia/Shanghai
    username: root
    password: 123456

持久化改造

將原先客戶端的信息及授權(quán)信息配置到數(shù)據(jù)庫中

再另外增加一個(gè) sys_user，來存儲(chǔ)默認(rèn)的用戶信息

AuthorizationServerConfig改造

新增兩個(gè)持久化用到的repository，注釋掉之前基于內(nèi)存的 RegisteredClientRepository

    /**
     * 注冊(cè)客戶端
     * @param jdbcTemplate
     * @return
     */
    @Bean
    public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) {
        return new JdbcRegisteredClientRepository(jdbcTemplate);
    }


    /**
     * 授權(quán)
     * @param jdbcTemplate
     * @param registeredClientRepository
     * @return
     */
    @Bean
    public OAuth2AuthorizationService authorizationService(JdbcTemplate jdbcTemplate, RegisteredClientRepository registeredClientRepository) {
        return new JdbcOAuth2AuthorizationService(jdbcTemplate, registeredClientRepository);
    }

sql腳本

需要用到SQL腳本和一些初始數(shù)據(jù)我直接放在了下面，包括一個(gè)sys_user用來登錄，里面過期時(shí)間及相關(guān)的消息我已經(jīng) 初始化好了

-- ----------------------------
-- Table structure for oauth2_authorization
-- ----------------------------
DROP TABLE IF EXISTS `oauth2_authorization`;
CREATE TABLE `oauth2_authorization`  (
  `id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `registered_client_id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `principal_name` varchar(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `authorization_grant_type` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `authorized_scopes` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
  `attributes` blob NULL,
  `state` varchar(500) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
  `authorization_code_value` blob NULL,
  `authorization_code_issued_at` timestamp(0) NULL DEFAULT NULL,
  `authorization_code_expires_at` timestamp(0) NULL DEFAULT NULL,
  `authorization_code_metadata` blob NULL,
  `access_token_value` blob NULL,
  `access_token_issued_at` timestamp(0) NULL DEFAULT NULL,
  `access_token_expires_at` timestamp(0) NULL DEFAULT NULL,
  `access_token_metadata` blob NULL,
  `access_token_type` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
  `access_token_scopes` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
  `oidc_id_token_value` blob NULL,
  `oidc_id_token_issued_at` timestamp(0) NULL DEFAULT NULL,
  `oidc_id_token_expires_at` timestamp(0) NULL DEFAULT NULL,
  `oidc_id_token_metadata` blob NULL,
  `refresh_token_value` blob NULL,
  `refresh_token_issued_at` timestamp(0) NULL DEFAULT NULL,
  `refresh_token_expires_at` timestamp(0) NULL DEFAULT NULL,
  `refresh_token_metadata` blob NULL,
  `user_code_value` blob NULL,
  `user_code_issued_at` timestamp(0) NULL DEFAULT NULL,
  `user_code_expires_at` timestamp(0) NULL DEFAULT NULL,
  `user_code_metadata` blob NULL,
  `device_code_value` blob NULL,
  `device_code_issued_at` timestamp(0) NULL DEFAULT NULL,
  `device_code_expires_at` timestamp(0) NULL DEFAULT NULL,
  `device_code_metadata` blob NULL,
  PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci ROW_FORMAT = Dynamic;

-- ----------------------------
-- Records of oauth2_authorization
-- ----------------------------
INSERT INTO `oauth2_authorization` VALUES ('684c544f-a11c-475d-a6f8-7d2c891c0bd0', '7b692184-914f-4dcb-9142-f542a7e43fa4', 'user', 'authorization_code', 'openid,message.read', 0x7B2240636C617373223A226A6176612E7574696C2E436F6C6C656374696F6E7324556E6D6F6469666961626C654D6170222C226A6176612E73656375726974792E5072696E636970616C223A7B2240636C617373223A226F72672E737072696E676672616D65776F726B2E73656375726974792E61757468656E7469636174696F6E2E557365726E616D6550617373776F726441757468656E7469636174696F6E546F6B656E222C22617574686F726974696573223A5B226A6176612E7574696C2E436F6C6C656374696F6E7324556E6D6F6469666961626C6552616E646F6D4163636573734C697374222C5B5D5D2C2264657461696C73223A7B2240636C617373223A226F72672E737072696E676672616D65776F726B2E73656375726974792E7765622E61757468656E7469636174696F6E2E57656241757468656E7469636174696F6E44657461696C73222C2272656D6F746541646472657373223A22303A303A303A303A303A303A303A31222C2273657373696F6E4964223A223141433645423144444332313637373745434232313233383934343034463941227D2C2261757468656E74696361746564223A747275652C227072696E636970616C223A7B2240636C617373223A22636F6D2E73792E617574687365727665722E646F6D61696E2E55736572496E666F222C226964223A322C22757365726E616D65223A2275736572222C2270617373776F7264223A222432612431302475772E5178624744316F35412E446C6230786A6A4C754D356E734934376962746950446F74707437424462666D4162573654475375222C226E616D65223A22E596BBE8AEADE6B5A9222C22656E61626C6564223A6E756C6C2C226163636F756E744E6F6E45787069726564223A6E756C6C2C2263726564656E7469616C734E6F6E45787069726564223A6E756C6C2C226163636F756E744E6F6E4C6F636B6564223A6E756C6C2C22617574686F726974696573223A5B226A6176612E7574696C2E41727261794C697374222C5B5D5D7D2C2263726564656E7469616C73223A6E756C6C7D2C226F72672E737072696E676672616D65776F726B2E73656375726974792E6F61757468322E636F72652E656E64706F696E742E4F4175746832417574686F72697A6174696F6E52657175657374223A7B2240636C617373223A226F72672E737072696E676672616D65776F726B2E73656375726974792E6F61757468322E636F72652E656E64706F696E742E4F4175746832417574686F72697A6174696F6E52657175657374222C22617574686F72697A6174696F6E557269223A22687474703A2F2F6C6F63616C686F73743A393030302F6F61757468322F617574686F72697A65222C22617574686F72697A6174696F6E4772616E7454797065223A7B2276616C7565223A22617574686F72697A6174696F6E5F636F6465227D2C22726573706F6E736554797065223A7B2276616C7565223A22636F6465227D2C22636C69656E744964223A226F6964632D636C69656E74222C227265646972656374557269223A22687474703A2F2F7777772E62616964752E636F6D222C2273636F706573223A5B226A6176612E7574696C2E436F6C6C656374696F6E7324556E6D6F6469666961626C65536574222C5B226F70656E6964222C226D6573736167652E72656164225D5D2C227374617465223A6E756C6C2C226164646974696F6E616C506172616D6574657273223A7B2240636C617373223A226A6176612E7574696C2E436F6C6C656374696F6E7324556E6D6F6469666961626C654D6170222C22636F6E74696E7565223A22227D2C22617574686F72697A6174696F6E52657175657374557269223A22687474703A2F2F6C6F63616C686F73743A393030302F6F61757468322F617574686F72697A653F726573706F6E73655F747970653D636F646526636C69656E745F69643D6F6964632D636C69656E742673636F70653D6F70656E69642532306D6573736167652E726561642672656469726563745F7572693D687474703A2F2F7777772E62616964752E636F6D26636F6E74696E75653D222C2261747472696275746573223A7B2240636C617373223A226A6176612E7574696C2E436F6C6C656374696F6E7324556E6D6F6469666961626C654D6170227D7D7D, NULL, 0x5F79764F55656652333835374D47634568767647556C70376B3934584474684566514F7A376F6B4A4A49397846723767673156484E37367170772D385262303965713749797867367A7748765953314B6C34614547463846487851542D64745576466A6C5A78357634546A39627A2D6F613753583636456E7775614A4A347750, '2023-07-06 08:17:08', '2023-07-06 08:22:08', 0x7B2240636C617373223A226A6176612E7574696C2E436F6C6C656374696F6E7324556E6D6F6469666961626C654D6170222C226D657461646174612E746F6B656E2E696E76616C696461746564223A66616C73657D, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);

-- ----------------------------
-- Table structure for oauth2_authorization_consent
-- ----------------------------
DROP TABLE IF EXISTS `oauth2_authorization_consent`;
CREATE TABLE `oauth2_authorization_consent`  (
  `registered_client_id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `principal_name` varchar(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `authorities` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  PRIMARY KEY (`registered_client_id`, `principal_name`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci ROW_FORMAT = Dynamic;

-- ----------------------------
-- Records of oauth2_authorization_consent
-- ----------------------------

-- ----------------------------
-- Table structure for oauth2_authorized_client
-- ----------------------------
DROP TABLE IF EXISTS `oauth2_authorized_client`;
CREATE TABLE `oauth2_authorized_client`  (
  `client_registration_id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `principal_name` varchar(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `access_token_type` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `access_token_value` blob NOT NULL,
  `access_token_issued_at` timestamp(0) NOT NULL,
  `access_token_expires_at` timestamp(0) NOT NULL,
  `access_token_scopes` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
  `refresh_token_value` blob NULL,
  `refresh_token_issued_at` timestamp(0) NULL DEFAULT NULL,
  `created_at` timestamp(0) NOT NULL DEFAULT CURRENT_TIMESTAMP(0),
  PRIMARY KEY (`client_registration_id`, `principal_name`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci ROW_FORMAT = Dynamic;

-- ----------------------------
-- Records of oauth2_authorized_client
-- ----------------------------

-- ----------------------------
-- Table structure for oauth2_registered_client
-- ----------------------------
DROP TABLE IF EXISTS `oauth2_registered_client`;
CREATE TABLE `oauth2_registered_client`  (
  `id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `client_id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `client_id_issued_at` timestamp(0) NOT NULL DEFAULT CURRENT_TIMESTAMP(0),
  `client_secret` varchar(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
  `client_secret_expires_at` timestamp(0) NULL DEFAULT NULL,
  `client_name` varchar(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `client_authentication_methods` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `authorization_grant_types` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `redirect_uris` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
  `post_logout_redirect_uris` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
  `scopes` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `client_settings` varchar(2000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  `token_settings` varchar(2000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
  PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci ROW_FORMAT = Dynamic;

-- ----------------------------
-- Records of oauth2_registered_client
-- ----------------------------
INSERT INTO `oauth2_registered_client` VALUES ('2c1a95f5-b4cd-49cd-884f-9e3a94c69e05', 'user-client', '2023-07-06 17:44:20', '$2a$10$HIatI0j2sqgPO5lSIuQH9.TxEGlrpBrI0ZD5MqwKOG6FMzwhlB7xa', NULL, '2c1a95f5-b4cd-49cd-884f-9e3a94c69e05', 'client_secret_post,client_secret_basic', 'refresh_token,client_credentials,authorization_code', 'http://www.baidu.com,http://localhost:9001/api/login/welcome,http://localhost:9001/login/oauth2/code/oidc-client', 'http://127.0.0.1:8080/', 'all,openid,profile,message.read,message.write', '{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.client.require-proof-key\":false,\"settings.client.require-authorization-consent\":false}', '{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.token.reuse-refresh-tokens\":true,\"settings.token.id-token-signature-algorithm\":[\"org.springframework.security.oauth2.jose.jws.SignatureAlgorithm\",\"RS256\"],\"settings.token.access-token-time-to-live\":[\"java.time.Duration\",3600.000000000],\"settings.token.access-token-format\":{\"@class\":\"org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat\",\"value\":\"self-contained\"},\"settings.token.refresh-token-time-to-live\":[\"java.time.Duration\",43200.000000000],\"settings.token.authorization-code-time-to-live\":[\"java.time.Duration\",300.000000000],\"settings.token.device-code-time-to-live\":[\"java.time.Duration\",300.000000000]}');
INSERT INTO `oauth2_registered_client` VALUES ('885e9d2a-794e-4019-8843-5675045c573e', 'oidc-client', '2023-07-06 17:44:20', '$2a$10$k50p3tJgk3B7d9DrAxYIfO37pVSVO574qEWYH.nq6FTEprHA4Esie', NULL, '885e9d2a-794e-4019-8843-5675045c573e', 'client_secret_basic', 'refresh_token,client_credentials,authorization_code', 'http://www.baidu.com,http://localhost:9001/api/login/welcome,http://localhost:9001/login/oauth2/code/oidc-client', 'http://127.0.0.1:8080/', 'all,openid,profile,message.read,message.write', '{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.client.require-proof-key\":false,\"settings.client.require-authorization-consent\":false}', '{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.token.reuse-refresh-tokens\":true,\"settings.token.id-token-signature-algorithm\":[\"org.springframework.security.oauth2.jose.jws.SignatureAlgorithm\",\"RS256\"],\"settings.token.access-token-time-to-live\":[\"java.time.Duration\",3600.000000000],\"settings.token.access-token-format\":{\"@class\":\"org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat\",\"value\":\"self-contained\"},\"settings.token.refresh-token-time-to-live\":[\"java.time.Duration\",43200.000000000],\"settings.token.authorization-code-time-to-live\":[\"java.time.Duration\",300.000000000],\"settings.token.device-code-time-to-live\":[\"java.time.Duration\",300.000000000]}');

-- ----------------------------
-- Table structure for sys_user
-- ----------------------------
DROP TABLE IF EXISTS `sys_user`;
CREATE TABLE `sys_user`  (
  `id` bigint(20) NOT NULL COMMENT '主鍵',
  `username` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '用戶名',
  `name` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '姓名',
  `password` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '密碼',
  `status` tinyint(4) NOT NULL COMMENT '狀態(tài)',
  `create_time` datetime(0) NOT NULL COMMENT '創(chuàng)建時(shí)間',
  `create_user` bigint(20) NOT NULL COMMENT '創(chuàng)建人',
  `update_time` datetime(0) NOT NULL COMMENT '修改時(shí)間',
  `update_user` bigint(20) NOT NULL COMMENT '修改人',
  PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci ROW_FORMAT = Dynamic;

-- ----------------------------
-- Records of sys_user
-- ----------------------------
INSERT INTO `sys_user` VALUES (2, 'user', '用戶', '$2a$10$uw.QxbGD1o5A.Dlb0xjjLuM5nsI47ibtiPDotpt7BDbfmAbW6TGSu', 0, '2023-06-27 18:26:23', 1, '2023-06-27 18:26:26', 1);

SET FOREIGN_KEY_CHECKS = 1;

DefaultSecurityConfig修改

之前的用戶信息我們是基于內(nèi)存配置的，現(xiàn)在我們基于mysql來做修改，注釋掉之前的 UserDetailsService，并配置加密?PasswordEncoder，


    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

UserService配置

新增?UserService

@Slf4j
@Service
public class UserService implements UserDetailsService {

    @Resource
    private UserMapper userMapper;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        return userMapper.getByUsername(username);
    }
}

UserMapper

@Mapper
public interface UserMapper {

    @Select("select * from sys_user where username = #{username}")
    UserInfo getByUsername(@Param("username") String username);
}

異常處理

?新增異常處理handler

@Component
public class Oauth2FailureHandler implements AuthenticationFailureHandler {


    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
        String message;
        if (exception instanceof OAuth2AuthenticationException auth2AuthenticationException) {
            OAuth2Error error = auth2AuthenticationException.getError();
            message = "認(rèn)證信息錯(cuò)誤：" + error.getErrorCode() + error.getDescription();
        } else {
            message = exception.getMessage();
        }

        response.setContentType("application/json;charset=UTF-8");
        response.setStatus(HttpStatus.OK.value());
        response.getWriter().write(JSONObject.toJSONString(ReturnVO.failed(401, message)));
        response.getWriter().flush();

    }
}

將此handler配置到?SecurityFilterChain 中，修改?authorizationServerSecurityFilterChain

    @Bean
    @Order(1)
    public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
            throws Exception {
        //針對(duì) Spring Authorization Server 最佳實(shí)踐配置
        OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
        http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
                //設(shè)置客戶端授權(quán)中失敗的handler處理
                .clientAuthentication((auth) -> auth.errorResponseHandler(new Oauth2FailureHandler()))
                //token 相關(guān)配置 如  /oauth2/token接口
                .tokenEndpoint((token) -> token.errorResponseHandler(new Oauth2FailureHandler()))
                .oidc(Customizer.withDefaults());	// Enable OpenID Connect 1.0

        http.csrf(AbstractHttpConfigurer::disable)
                .exceptionHandling((exceptions) -> exceptions
                        .defaultAuthenticationEntryPointFor(
                                new LoginUrlAuthenticationEntryPoint("/login"),
                                new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
                          )
                )
                // Accept access tokens for User Info and/or Client Registration
                .oauth2ResourceServer((resourceServer) -> resourceServer
                        .jwt(Customizer.withDefaults()));

        return http.build();
    }

測(cè)試

重復(fù)上面的訪問授權(quán)服務(wù)步驟，登錄后控制臺(tái)發(fā)現(xiàn)已經(jīng)調(diào)用了后端的查詢用戶方法

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）

同時(shí)，數(shù)據(jù)庫里面授權(quán)數(shù)據(jù)也有了

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）

拿著code去換token

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）

根據(jù)刷新碼 refresh_token 換token

上面返回了?refresh_token，我們這邊根據(jù)他去換新的token，

傳參：

? ? ?Body參數(shù)如下：

grant_type：refresh_token

refresh_token：上面返回的值

? ? ?Header參數(shù)如下：

?Authorization：和上面一樣是base64加密過后的

curl命令

?curl --location --request POST 'http://localhost:9000/oauth2/token?grant_type=refresh_token&refresh_token=O-ufrbFjv51U0PfxCk0v64c6Qk7D9cFXcI5klMSk8I2S8_wOXueiVJhpezzR5wnLzZ1BrPcZHOKwqDwCmD3aAresxN-QLC5p97Nck0Vcg72i6uJVQ748HBIen1GUMBRj' \
--header 'Authorization: Basic b2lkYy1jbGllbnQ6c2VjcmV0' \
--header 'Cookie: JSESSIONID=8391DF634525DC2508AD30D2322E2A5B'

返回信息如下：?

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）

自定義用戶信息

有這么兩種方式，

1、自定義 ID 令牌

2、自定義用戶信息映射器

兩種本質(zhì)其實(shí)都是將用戶信息放到 token中的?claims中

我這邊選擇了第二種，改造過程如下

userService新增方法

 public Map<String, Object> getUserInfoMap(String username) throws UsernameNotFoundException {
        return userMapper.getUserInfoMap(username);
    }

定義用戶信息格式返回handler

定義一個(gè)handler返回一些其他信息

@Component
public class Oauth2SuccessHandler implements AuthenticationSuccessHandler {

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {

        OidcUserInfoAuthenticationToken userInfoAuthenticationToken = (OidcUserInfoAuthenticationToken) authentication;

        response.setContentType("application/json;charset=UTF-8");
        response.setStatus(HttpStatus.OK.value());
        response.getWriter().write(JSONObject.toJSONString(ReturnVO.success(userInfoAuthenticationToken.getUserInfo())));
        response.getWriter().flush();
    }
}

SecurityFilterChain改造

新增自定義用戶信息映射器，并配置到過濾器鏈中，改造后的如下

 @Bean
    @Order(1)
    public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
            throws Exception {
        //針對(duì) Spring Authorization Server 最佳實(shí)踐配置
        OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);

        //自定義用戶映射器
        Function<OidcUserInfoAuthenticationContext, OidcUserInfo> userInfoMapper = (context) -> {
            OidcUserInfoAuthenticationToken authentication = context.getAuthentication();
            JwtAuthenticationToken principal = (JwtAuthenticationToken) authentication.getPrincipal();
            return new OidcUserInfo(userService.getUserInfoMap(principal.getName()));
        };

        http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
                //設(shè)置客戶端授權(quán)中失敗的handler處理
                .clientAuthentication((auth) ->
                        auth.errorResponseHandler(new Oauth2FailureHandler()))
                //token 相關(guān)配置 如  /oauth2/token接口
                .tokenEndpoint((token) -> token.errorResponseHandler(new Oauth2FailureHandler()))
                // Enable OpenID Connect 1.0， 包括用戶信息等
                //.oidc(Customizer.withDefaults());
                .oidc((oidc) -> {
                    oidc.userInfoEndpoint((userInfo) -> {
                                userInfo.userInfoMapper(userInfoMapper);
                                userInfo.userInfoResponseHandler(new Oauth2SuccessHandler());
                            }
                    );
                });
        http.csrf(AbstractHttpConfigurer::disable)
                .exceptionHandling((exceptions) -> exceptions
                        .defaultAuthenticationEntryPointFor(
                                new LoginUrlAuthenticationEntryPoint("/login"),
                                new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
                        )
                )
                // Accept access tokens for User Info and/or Client Registration
                .oauth2ResourceServer((resourceServer) -> resourceServer
                        .jwt(Customizer.withDefaults()));

        return http.build();
    }

測(cè)試

啟動(dòng)后，重新走登錄及獲取用戶信息流程，發(fā)現(xiàn)返回的結(jié)構(gòu)如下，信息已經(jīng)成功從庫中查出并返回

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）

?auth-client客戶端添加

增加一個(gè) client模塊，結(jié)構(gòu)如下

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）

?配置

POM

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-oauth2-client</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
</dependencies>

配置文件

打開了 trace的日志，方便監(jiān)控，端口設(shè)置為9001

注意：下面的?issuer-uri 為 auth-server的uri，這里我把他設(shè)置為了局域網(wǎng)ip，而不是localhost，因?yàn)?oauth2默認(rèn)的如果是同一域名，會(huì)導(dǎo)致會(huì)話的session替換掉，而導(dǎo)致?authorization_request_not_found 錯(cuò)誤。

server:
  port: 9001

logging:
  level:
    root: INFO
    org.springframework.web: debug
    org.springframework.security: debug
    org.springframework.security.oauth2: debug

    org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping: trace
    org.springframework.security.web.FilterChainProxy: trace # 過濾器執(zhí)行順序
    org.springframework.security.web.access.ExceptionTranslationFilter: trace #異常處理

spring:
  security:
    oauth2:
      client:
        provider:
          test-provider1:
            issuer-uri: http://192.168.1.125:9000
        registration:
          oidc-client:
            client-id: oidc-client
            client-secret: secret
            client-name: 測(cè)試客戶端
            provider: test-provider1
            redirect-uri: '{baseUrl}/{action}/oauth2/code/{registrationId}'
            authorization-grant-type: authorization_code
            scope:
              - openid
              - profile
              - all

?controller

加了一個(gè) controller來做默認(rèn)的客戶端首頁。

@RestController
@RequestMapping
public class IndexController {

    @GetMapping("")
    public String welcome() {
        return "<h1>index!</h1>";
    }
}

測(cè)試

啟動(dòng)客戶端，網(wǎng)頁輸入客戶端地址??http://localhost:9001/

會(huì)默認(rèn)跳轉(zhuǎn)到服務(wù)端的授權(quán)頁，輸入密碼登錄后，回調(diào)到了首頁

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）

控制臺(tái)

控制臺(tái)打印，想深入研究的可以去對(duì)應(yīng)的類里面去

client

D:\dev\jdk17\bin\java.exe -agentlib:jdwp=transport=dt_socket,address=127.0.0.1:63809,suspend=y,server=n -XX:TieredStopAtLevel=1 -Dspring.output.ansi.enabled=always -Dcom.sun.management.jmxremote -Dspring.jmx.enabled=true -Dspring.liveBeansView.mbeanDomain -Dspring.application.admin.enabled=true "-Dmanagement.endpoints.jmx.exposure.include=*" -javaagent:C:\Users\yuxunhao\AppData\Local\JetBrains\IntelliJIdea2023.1\captureAgent\debugger-agent.jar=file:/C:/Users/yuxunhao/AppData/Local/Temp/capture.props -Dfile.encoding=UTF-8 -classpath "D:\code\cloud-alibaba\auth\auth-client\target\classes;D:\maven_repository\org\springframework\boot\spring-boot-starter-oauth2-client\3.1.0\spring-boot-starter-oauth2-client-3.1.0.jar;D:\maven_repository\org\springframework\security\spring-security-config\6.1.0\spring-security-config-6.1.0.jar;D:\maven_repository\org\springframework\spring-aop\6.0.9\spring-aop-6.0.9.jar;D:\maven_repository\org\springframework\spring-beans\6.0.9\spring-beans-6.0.9.jar;D:\maven_repository\org\springframework\spring-context\6.0.9\spring-context-6.0.9.jar;D:\maven_repository\org\springframework\security\spring-security-core\6.1.0\spring-security-core-6.1.0.jar;D:\maven_repository\org\springframework\security\spring-security-crypto\6.1.0\spring-security-crypto-6.1.0.jar;D:\maven_repository\org\springframework\spring-expression\6.0.9\spring-expression-6.0.9.jar;D:\maven_repository\io\micrometer\micrometer-observation\1.11.0\micrometer-observation-1.11.0.jar;D:\maven_repository\io\micrometer\micrometer-commons\1.11.0\micrometer-commons-1.11.0.jar;D:\maven_repository\org\springframework\security\spring-security-oauth2-client\6.1.0\spring-security-oauth2-client-6.1.0.jar;D:\maven_repository\org\springframework\security\spring-security-oauth2-core\6.1.0\spring-security-oauth2-core-6.1.0.jar;D:\maven_repository\org\springframework\security\spring-security-web\6.1.0\spring-security-web-6.1.0.jar;D:\maven_repository\com\nimbusds\oauth2-oidc-sdk\9.43.2\oauth2-oidc-sdk-9.43.2.jar;D:\maven_repository\com\github\stephenc\jcip\jcip-annotations\1.0-1\jcip-annotations-1.0-1.jar;D:\maven_repository\com\nimbusds\content-type\2.2\content-type-2.2.jar;D:\maven_repository\net\minidev\json-smart\2.4.10\json-smart-2.4.10.jar;D:\maven_repository\net\minidev\accessors-smart\2.4.9\accessors-smart-2.4.9.jar;D:\maven_repository\org\ow2\asm\asm\9.3\asm-9.3.jar;D:\maven_repository\com\nimbusds\lang-tag\1.7\lang-tag-1.7.jar;D:\maven_repository\org\springframework\security\spring-security-oauth2-jose\6.1.0\spring-security-oauth2-jose-6.1.0.jar;D:\maven_repository\com\nimbusds\nimbus-jose-jwt\9.31\nimbus-jose-jwt-9.31.jar;D:\maven_repository\org\springframework\boot\spring-boot-starter-web\3.1.0\spring-boot-starter-web-3.1.0.jar;D:\maven_repository\org\springframework\boot\spring-boot-starter-json\3.1.0\spring-boot-starter-json-3.1.0.jar;D:\maven_repository\com\fasterxml\jackson\core\jackson-databind\2.15.0\jackson-databind-2.15.0.jar;D:\maven_repository\com\fasterxml\jackson\core\jackson-annotations\2.15.0\jackson-annotations-2.15.0.jar;D:\maven_repository\com\fasterxml\jackson\core\jackson-core\2.15.0\jackson-core-2.15.0.jar;D:\maven_repository\com\fasterxml\jackson\datatype\jackson-datatype-jdk8\2.15.0\jackson-datatype-jdk8-2.15.0.jar;D:\maven_repository\com\fasterxml\jackson\datatype\jackson-datatype-jsr310\2.15.0\jackson-datatype-jsr310-2.15.0.jar;D:\maven_repository\com\fasterxml\jackson\module\jackson-module-parameter-names\2.15.0\jackson-module-parameter-names-2.15.0.jar;D:\maven_repository\org\springframework\boot\spring-boot-starter-tomcat\3.1.0\spring-boot-starter-tomcat-3.1.0.jar;D:\maven_repository\org\apache\tomcat\embed\tomcat-embed-core\10.1.8\tomcat-embed-core-10.1.8.jar;D:\maven_repository\org\apache\tomcat\embed\tomcat-embed-el\10.1.8\tomcat-embed-el-10.1.8.jar;D:\maven_repository\org\apache\tomcat\embed\tomcat-embed-websocket\10.1.8\tomcat-embed-websocket-10.1.8.jar;D:\maven_repository\org\springframework\spring-web\6.0.9\spring-web-6.0.9.jar;D:\maven_repository\org\springframework\spring-webmvc\6.0.9\spring-webmvc-6.0.9.jar;D:\maven_repository\org\springframework\boot\spring-boot-starter\3.1.0\spring-boot-starter-3.1.0.jar;D:\maven_repository\org\springframework\boot\spring-boot\3.1.0\spring-boot-3.1.0.jar;D:\maven_repository\org\springframework\boot\spring-boot-autoconfigure\3.1.0\spring-boot-autoconfigure-3.1.0.jar;D:\maven_repository\org\springframework\boot\spring-boot-starter-logging\3.1.0\spring-boot-starter-logging-3.1.0.jar;D:\maven_repository\ch\qos\logback\logback-classic\1.4.7\logback-classic-1.4.7.jar;D:\maven_repository\ch\qos\logback\logback-core\1.4.7\logback-core-1.4.7.jar;D:\maven_repository\org\slf4j\slf4j-api\2.0.7\slf4j-api-2.0.7.jar;D:\maven_repository\org\apache\logging\log4j\log4j-to-slf4j\2.20.0\log4j-to-slf4j-2.20.0.jar;D:\maven_repository\org\apache\logging\log4j\log4j-api\2.20.0\log4j-api-2.20.0.jar;D:\maven_repository\org\slf4j\jul-to-slf4j\2.0.7\jul-to-slf4j-2.0.7.jar;D:\maven_repository\jakarta\annotation\jakarta.annotation-api\2.1.1\jakarta.annotation-api-2.1.1.jar;D:\maven_repository\org\springframework\spring-core\6.0.9\spring-core-6.0.9.jar;D:\maven_repository\org\springframework\spring-jcl\6.0.9\spring-jcl-6.0.9.jar;D:\maven_repository\org\yaml\snakeyaml\1.33\snakeyaml-1.33.jar;D:\dev\IntelliJ IDEA 2023.1.1\lib\idea_rt.jar" com.sy.authclient.AuthClientApplication
Connected to the target VM, address: '127.0.0.1:63809', transport: 'socket'

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::                (v3.1.0)

2023-06-25T18:09:18.148+08:00  INFO 5712 --- [           main] c.sy.authclient.AuthClientApplication    : Starting AuthClientApplication using Java 17.0.6 with PID 5712 (D:\code\cloud-alibaba\auth\auth-client\target\classes started by yuxunhao in D:\code\cloud-alibaba)
2023-06-25T18:09:18.152+08:00  INFO 5712 --- [           main] c.sy.authclient.AuthClientApplication    : No active profile set, falling back to 1 default profile: "default"
2023-06-25T18:09:18.715+08:00  INFO 5712 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 9001 (http)
2023-06-25T18:09:18.723+08:00  INFO 5712 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2023-06-25T18:09:18.723+08:00  INFO 5712 --- [           main] o.apache.catalina.core.StandardEngine    : Starting Servlet engine: [Apache Tomcat/10.1.8]
2023-06-25T18:09:18.779+08:00  INFO 5712 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2023-06-25T18:09:18.779+08:00  INFO 5712 --- [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 591 ms
2023-06-25T18:09:18.876+08:00 DEBUG 5712 --- [           main] o.s.web.client.RestTemplate              : HTTP GET http://192.168.1.125:9000/.well-known/openid-configuration
2023-06-25T18:09:18.886+08:00 DEBUG 5712 --- [           main] o.s.web.client.RestTemplate              : Accept=[application/json, application/*+json]
2023-06-25T18:09:18.894+08:00 DEBUG 5712 --- [           main] o.s.web.client.RestTemplate              : Response 200 OK
2023-06-25T18:09:18.895+08:00 DEBUG 5712 --- [           main] o.s.web.client.RestTemplate              : Reading to [java.util.Map<java.lang.String, java.lang.Object>]
2023-06-25T18:09:18.938+08:00 DEBUG 5712 --- [           main] swordEncoderAuthenticationManagerBuilder : No authenticationProviders and no parentAuthenticationManager defined. Returning null.
2023-06-25T18:09:18.995+08:00 DEBUG 5712 --- [           main] s.w.s.m.m.a.RequestMappingHandlerMapping : 5 mappings in 'requestMappingHandlerMapping'
2023-06-25T18:09:19.029+08:00 DEBUG 5712 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Patterns [/webjars/**, /**] in 'resourceHandlerMapping'
2023-06-25T18:09:19.080+08:00  INFO 5712 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Will secure any request with [org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]
2023-06-25T18:09:19.083+08:00  WARN 5712 --- [           main] o.s.s.c.a.web.builders.WebSecurity       : You are asking Spring Security to ignore Mvc [pattern='/webjars/**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.
2023-06-25T18:09:19.083+08:00  INFO 5712 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Will not secure Mvc [pattern='/webjars/**']
2023-06-25T18:09:19.084+08:00  WARN 5712 --- [           main] o.s.s.c.a.web.builders.WebSecurity       : You are asking Spring Security to ignore Mvc [pattern='/assets/**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.
2023-06-25T18:09:19.084+08:00  INFO 5712 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Will not secure Mvc [pattern='/assets/**']
2023-06-25T18:09:19.116+08:00 DEBUG 5712 --- [           main] s.w.s.m.m.a.RequestMappingHandlerAdapter : ControllerAdvice beans: 0 @ModelAttribute, 0 @InitBinder, 1 RequestBodyAdvice, 1 ResponseBodyAdvice
2023-06-25T18:09:19.137+08:00 DEBUG 5712 --- [           main] .m.m.a.ExceptionHandlerExceptionResolver : ControllerAdvice beans: 0 @ExceptionHandler, 1 ResponseBodyAdvice
2023-06-25T18:09:19.186+08:00  INFO 5712 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 9001 (http) with context path ''
2023-06-25T18:09:19.192+08:00  INFO 5712 --- [           main] c.sy.authclient.AuthClientApplication    : Started AuthClientApplication in 1.347 seconds (process running for 1.747)
2023-06-25T18:09:26.836+08:00  INFO 5712 --- [nio-9001-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring DispatcherServlet 'dispatcherServlet'
2023-06-25T18:09:26.836+08:00  INFO 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'
2023-06-25T18:09:26.836+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Detected StandardServletMultipartResolver
2023-06-25T18:09:26.836+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Detected AcceptHeaderLocaleResolver
2023-06-25T18:09:26.836+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Detected FixedThemeResolver
2023-06-25T18:09:26.837+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Detected org.springframework.web.servlet.view.DefaultRequestToViewNameTranslator@658d05b2
2023-06-25T18:09:26.837+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Detected org.springframework.web.servlet.support.SessionFlashMapManager@4258ed3f
2023-06-25T18:09:26.837+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : enableLoggingRequestDetails='false': request parameters and headers will be masked to prevent unsafe logging of potentially sensitive data
2023-06-25T18:09:26.837+08:00  INFO 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Completed initialization in 1 ms
2023-06-25T18:09:26.843+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3)
2023-06-25T18:09:26.848+08:00 DEBUG 5712 --- [nio-9001-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:09:26.848+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3)
2023-06-25T18:09:26.848+08:00 DEBUG 5712 --- [nio-9001-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:09:26.848+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3)
2023-06-25T18:09:26.850+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Securing GET /api/login/welcome
2023-06-25T18:09:26.850+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/17)
2023-06-25T18:09:26.851+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/17)
2023-06-25T18:09:26.852+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/17)
2023-06-25T18:09:26.852+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/17)
2023-06-25T18:09:26.853+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/17)
2023-06-25T18:09:26.854+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/17)
2023-06-25T18:09:26.854+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17)
2023-06-25T18:09:30.948+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (8/17)
2023-06-25T18:09:31.636+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking OAuth2LoginAuthenticationFilter (9/17)
2023-06-25T18:09:31.636+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking DefaultLoginPageGeneratingFilter (10/17)
2023-06-25T18:09:31.637+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking DefaultLogoutPageGeneratingFilter (11/17)
2023-06-25T18:09:31.637+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (12/17)
2023-06-25T18:09:31.637+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (13/17)
2023-06-25T18:09:31.638+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking AnonymousAuthenticationFilter (14/17)
2023-06-25T18:09:31.639+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationCodeGrantFilter (15/17)
2023-06-25T18:09:32.315+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (16/17)
2023-06-25T18:09:32.316+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking AuthorizationFilter (17/17)
2023-06-25T18:09:32.317+08:00 DEBUG 5712 --- [nio-9001-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:09:32.317+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter  : Set SecurityContextHolder to anonymous SecurityContext
2023-06-25T18:09:32.940+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.s.w.a.ExceptionTranslationFilter     : Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied

org.springframework.security.access.AccessDeniedException: Access Denied
	at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:98) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter.doFilterInternal(OAuth2AuthorizationCodeGrantFilter.java:183) ~[spring-security-oauth2-client-6.1.0.jar:6.1.0]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter.doFilterInternal(DefaultLogoutPageGeneratingFilter.java:58) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:188) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:174) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.doFilterInternal(OAuth2AuthorizationRequestRedirectFilter.java:181) ~[spring-security-oauth2-client-6.1.0.jar:6.1.0]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.doFilterInternal(OAuth2AuthorizationRequestRedirectFilter.java:181) ~[spring-security-oauth2-client-6.1.0.jar:6.1.0]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191) ~[spring-security-web-6.1.0.jar:6.1.0]
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352) ~[spring-web-6.0.9.jar:6.0.9]
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268) ~[spring-web-6.0.9.jar:6.0.9]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-6.0.9.jar:6.0.9]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-6.0.9.jar:6.0.9]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-6.0.9.jar:6.0.9]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:166) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:894) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1741) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
	at java.base/java.lang.Thread.run(Thread.java:833) ~[na:na]

2023-06-25T18:09:32.969+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.s.w.s.HttpSessionRequestCache        : Saved request http://localhost:9001/api/login/welcome?continue to session
2023-06-25T18:09:32.971+08:00 DEBUG 5712 --- [nio-9001-exec-1] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using And [Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], Not [And [Or [Ant [pattern='/login'], Ant [pattern='/favicon.ico']], And [Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@2793808, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]]]], org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer$$Lambda$809/0x000000080103adb8@4af06c88]
2023-06-25T18:09:32.971+08:00 DEBUG 5712 --- [nio-9001-exec-1] s.w.a.DelegatingAuthenticationEntryPoint : Match found! Executing org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint@1a1cb815
2023-06-25T18:09:32.971+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.s.web.DefaultRedirectStrategy        : Redirecting to http://localhost:9001/oauth2/authorization/oidc-client
2023-06-25T18:09:32.977+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3)
2023-06-25T18:09:32.979+08:00 DEBUG 5712 --- [nio-9001-exec-2] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped to ResourceHttpRequestHandler [classpath [META-INF/resources/], classpath [resources/], classpath [static/], classpath [public/], ServletContext [/]]
2023-06-25T18:09:32.980+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3)
2023-06-25T18:09:32.980+08:00 DEBUG 5712 --- [nio-9001-exec-2] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped to ResourceHttpRequestHandler [classpath [META-INF/resources/], classpath [resources/], classpath [static/], classpath [public/], ServletContext [/]]
2023-06-25T18:09:32.980+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3)
2023-06-25T18:09:32.980+08:00 DEBUG 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Securing GET /oauth2/authorization/oidc-client
2023-06-25T18:09:32.980+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/17)
2023-06-25T18:09:32.980+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/17)
2023-06-25T18:09:32.980+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/17)
2023-06-25T18:09:32.980+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/17)
2023-06-25T18:09:32.981+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/17)
2023-06-25T18:09:32.981+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/17)
2023-06-25T18:09:32.981+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17)
2023-06-25T18:09:35.475+08:00 DEBUG 5712 --- [nio-9001-exec-2] o.s.s.web.DefaultRedirectStrategy        : Redirecting to http://192.168.1.125:9000/oauth2/authorize?response_type=code&client_id=oidc-client&scope=openid%20profile%20all&state=TU46I58jnaXR0IdX4mGacIZkMOXfywv7o9-GNmQ12oI%3D&redirect_uri=http://localhost:9001/login/oauth2/code/oidc-client&nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8
2023-06-25T18:09:36.481+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3)
2023-06-25T18:09:36.482+08:00 DEBUG 5712 --- [nio-9001-exec-3] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.IndexController#welcome(String, String, String)
2023-06-25T18:09:36.482+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3)
2023-06-25T18:09:36.482+08:00 DEBUG 5712 --- [nio-9001-exec-3] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.IndexController#welcome(String, String, String)
2023-06-25T18:09:36.482+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3)
2023-06-25T18:09:36.482+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Securing GET /login/oauth2/code/oidc-client?code=mFkDdqxcVtO8TzDcFFMgex4kxlMzQsX3epjmJp-cMQRc2JzkEK18cY6pFHUMiDuCHjAcqFcjfwztaCrRWL6FBt1nxrrk6l1O8Xa9Iej6hMzrXWVPAth--DMFXvwVgApK&state=TU46I58jnaXR0IdX4mGacIZkMOXfywv7o9-GNmQ12oI%3D
2023-06-25T18:09:36.482+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/17)
2023-06-25T18:09:36.482+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/17)
2023-06-25T18:09:36.483+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/17)
2023-06-25T18:09:36.483+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/17)
2023-06-25T18:09:36.483+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/17)
2023-06-25T18:09:36.483+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/17)
2023-06-25T18:09:36.483+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17)
2023-06-25T18:09:37.261+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (8/17)
2023-06-25T18:09:38.059+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking OAuth2LoginAuthenticationFilter (9/17)
2023-06-25T18:09:44.576+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : HTTP POST http://192.168.1.125:9000/oauth2/token
2023-06-25T18:09:44.577+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Accept=[application/json, application/*+json]
2023-06-25T18:09:44.577+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Writing [{grant_type=[authorization_code], code=[mFkDdqxcVtO8TzDcFFMgex4kxlMzQsX3epjmJp-cMQRc2JzkEK18cY6pFHUMiDuCHjAcqFcjfwztaCrRWL6FBt1nxrrk6l1O8Xa9Iej6hMzrXWVPAth--DMFXvwVgApK], redirect_uri=[http://localhost:9001/login/oauth2/code/oidc-client]}] as "application/x-www-form-urlencoded;charset=UTF-8"
2023-06-25T18:09:48.353+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Response 200 OK
2023-06-25T18:09:48.354+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Reading to [org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse] as "application/json;charset=UTF-8"
2023-06-25T18:09:48.393+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : HTTP GET http://192.168.1.125:9000/oauth2/jwks
2023-06-25T18:09:48.393+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Accept=[text/plain, application/json, application/*+json, */*]
2023-06-25T18:09:48.397+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Response 200 OK
2023-06-25T18:09:48.397+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Reading to [java.lang.String] as "application/json;charset=ISO-8859-1"
2023-06-25T18:09:48.415+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : HTTP GET http://192.168.1.125:9000/userinfo
2023-06-25T18:09:48.415+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Accept=[application/json, application/*+json]
2023-06-25T18:09:52.253+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Response 200 OK
2023-06-25T18:09:52.254+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Reading to [java.util.Map<java.lang.String, java.lang.Object>]
2023-06-25T18:09:52.268+08:00 DEBUG 5712 --- [nio-9001-exec-3] .s.ChangeSessionIdAuthenticationStrategy : Changed session id from F5FB786C57F37610E3A9671AB47DAE23
2023-06-25T18:09:52.269+08:00 DEBUG 5712 --- [nio-9001-exec-3] w.c.HttpSessionSecurityContextRepository : Stored SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=Name: [user], Granted Authorities: [[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=user, aud=[oidc-client], azp=oidc-client, auth_time=2023-06-25T09:50:36Z, iss=http://192.168.1.125:9000, exp=2023-06-25T10:39:48Z, iat=2023-06-25T10:09:48Z, nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8, sid=7TkynZgAwHYhWeEnl4soX232xgREd1FFcPagGUIc5cc}], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=F5FB786C57F37610E3A9671AB47DAE23], Granted Authorities=[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]]] to HttpSession [org.apache.catalina.session.StandardSessionFacade@3e9daaba]
2023-06-25T18:09:52.269+08:00 DEBUG 5712 --- [nio-9001-exec-3] .s.o.c.w.OAuth2LoginAuthenticationFilter : Set SecurityContextHolder to OAuth2AuthenticationToken [Principal=Name: [user], Granted Authorities: [[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=user, aud=[oidc-client], azp=oidc-client, auth_time=2023-06-25T09:50:36Z, iss=http://192.168.1.125:9000, exp=2023-06-25T10:39:48Z, iat=2023-06-25T10:09:48Z, nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8, sid=7TkynZgAwHYhWeEnl4soX232xgREd1FFcPagGUIc5cc}], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=F5FB786C57F37610E3A9671AB47DAE23], Granted Authorities=[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]]
2023-06-25T18:09:52.269+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.s.web.DefaultRedirectStrategy        : Redirecting to http://localhost:9001/api/login/welcome?continue
2023-06-25T18:09:52.276+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3)
2023-06-25T18:09:52.277+08:00 DEBUG 5712 --- [nio-9001-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:09:52.277+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3)
2023-06-25T18:09:52.277+08:00 DEBUG 5712 --- [nio-9001-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3)
2023-06-25T18:09:52.278+08:00 DEBUG 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Securing GET /api/login/welcome?continue
2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/17)
2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/17)
2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/17)
2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/17)
2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/17)
2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/17)
2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17)
2023-06-25T18:10:00.651+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (8/17)
2023-06-25T18:10:01.613+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking OAuth2LoginAuthenticationFilter (9/17)
2023-06-25T18:10:01.613+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking DefaultLoginPageGeneratingFilter (10/17)
2023-06-25T18:10:01.614+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking DefaultLogoutPageGeneratingFilter (11/17)
2023-06-25T18:10:01.614+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (12/17)
2023-06-25T18:10:01.614+08:00 DEBUG 5712 --- [nio-9001-exec-4] o.s.s.w.s.HttpSessionRequestCache        : Loaded matching saved request http://localhost:9001/api/login/welcome?continue
2023-06-25T18:10:01.615+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (13/17)
2023-06-25T18:10:01.615+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking AnonymousAuthenticationFilter (14/17)
2023-06-25T18:10:01.615+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationCodeGrantFilter (15/17)
2023-06-25T18:10:02.644+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (16/17)
2023-06-25T18:10:02.644+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking AuthorizationFilter (17/17)
2023-06-25T18:10:02.645+08:00 DEBUG 5712 --- [nio-9001-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:10:02.645+08:00 DEBUG 5712 --- [nio-9001-exec-4] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=Name: [user], Granted Authorities: [[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=user, aud=[oidc-client], azp=oidc-client, auth_time=2023-06-25T09:50:36Z, iss=http://192.168.1.125:9000, exp=2023-06-25T10:39:48Z, iat=2023-06-25T10:09:48Z, nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8, sid=7TkynZgAwHYhWeEnl4soX232xgREd1FFcPagGUIc5cc}], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=F5FB786C57F37610E3A9671AB47DAE23], Granted Authorities=[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]]]
2023-06-25T18:10:04.181+08:00 DEBUG 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Secured GET /api/login/welcome?continue
2023-06-25T18:10:04.183+08:00 DEBUG 5712 --- [nio-9001-exec-4] o.s.web.servlet.DispatcherServlet        : GET "/api/login/welcome?continue", parameters={masked}
2023-06-25T18:10:04.183+08:00 DEBUG 5712 --- [nio-9001-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:10:04.196+08:00 DEBUG 5712 --- [nio-9001-exec-4] m.m.a.RequestResponseBodyMethodProcessor : Using 'text/html', given [text/html, application/xhtml+xml, image/webp, image/apng, application/xml;q=0.9, */*;q=0.8, application/signed-exchange;v=b3;q=0.7] and supported [text/plain, */*, application/json, application/*+json]
2023-06-25T18:10:04.197+08:00 DEBUG 5712 --- [nio-9001-exec-4] m.m.a.RequestResponseBodyMethodProcessor : Writing ["<h1>Welcome!</h1>"]
2023-06-25T18:10:04.199+08:00 DEBUG 5712 --- [nio-9001-exec-4] o.s.web.servlet.DispatcherServlet        : Completed 200 OK
2023-06-25T18:15:58.455+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3)
2023-06-25T18:15:58.455+08:00 DEBUG 5712 --- [nio-9001-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:15:58.455+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3)
2023-06-25T18:15:58.455+08:00 DEBUG 5712 --- [nio-9001-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3)
2023-06-25T18:15:58.456+08:00 DEBUG 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Securing GET /api/login/welcome?continue
2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/17)
2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/17)
2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/17)
2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/17)
2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/17)
2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/17)
2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17)
2023-06-25T18:16:03.860+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (8/17)
2023-06-25T18:16:04.596+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking OAuth2LoginAuthenticationFilter (9/17)
2023-06-25T18:16:04.596+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking DefaultLoginPageGeneratingFilter (10/17)
2023-06-25T18:16:04.597+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking DefaultLogoutPageGeneratingFilter (11/17)
2023-06-25T18:16:04.597+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (12/17)
2023-06-25T18:16:04.597+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (13/17)
2023-06-25T18:16:04.597+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking AnonymousAuthenticationFilter (14/17)
2023-06-25T18:16:04.597+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationCodeGrantFilter (15/17)
2023-06-25T18:16:05.355+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (16/17)
2023-06-25T18:16:05.355+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Invoking AuthorizationFilter (17/17)
2023-06-25T18:16:05.355+08:00 DEBUG 5712 --- [nio-9001-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:16:05.357+08:00 DEBUG 5712 --- [nio-9001-exec-7] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=Name: [user], Granted Authorities: [[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=user, aud=[oidc-client], azp=oidc-client, auth_time=2023-06-25T09:50:36Z, iss=http://192.168.1.125:9000, exp=2023-06-25T10:39:48Z, iat=2023-06-25T10:09:48Z, nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8, sid=7TkynZgAwHYhWeEnl4soX232xgREd1FFcPagGUIc5cc}], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=F5FB786C57F37610E3A9671AB47DAE23], Granted Authorities=[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]]]
2023-06-25T18:16:06.043+08:00 DEBUG 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy        : Secured GET /api/login/welcome?continue
2023-06-25T18:16:06.043+08:00 DEBUG 5712 --- [nio-9001-exec-7] o.s.web.servlet.DispatcherServlet        : GET "/api/login/welcome?continue", parameters={masked}
2023-06-25T18:16:06.043+08:00 DEBUG 5712 --- [nio-9001-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:16:06.045+08:00 DEBUG 5712 --- [nio-9001-exec-7] m.m.a.RequestResponseBodyMethodProcessor : Using 'text/html', given [text/html, application/xhtml+xml, image/webp, image/apng, application/xml;q=0.9, */*;q=0.8, application/signed-exchange;v=b3;q=0.7] and supported [text/plain, */*, application/json, application/*+json]
2023-06-25T18:16:06.045+08:00 DEBUG 5712 --- [nio-9001-exec-7] m.m.a.RequestResponseBodyMethodProcessor : Writing ["<h1>Welcome!</h1>"]
2023-06-25T18:16:06.045+08:00 DEBUG 5712 --- [nio-9001-exec-7] o.s.web.servlet.DispatcherServlet        : Completed 200 OK
2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3)
2023-06-25T18:16:17.363+08:00 DEBUG 5712 --- [nio-9001-exec-8] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3)
2023-06-25T18:16:17.363+08:00 DEBUG 5712 --- [nio-9001-exec-8] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3)
2023-06-25T18:16:17.363+08:00 DEBUG 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Securing GET /api/login/welcome?continue
2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/17)
2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/17)
2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/17)
2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/17)
2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/17)
2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/17)
2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17)
2023-06-25T18:16:22.300+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (8/17)
2023-06-25T18:16:30.632+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking OAuth2LoginAuthenticationFilter (9/17)
2023-06-25T18:16:30.633+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking DefaultLoginPageGeneratingFilter (10/17)
2023-06-25T18:16:30.634+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking DefaultLogoutPageGeneratingFilter (11/17)
2023-06-25T18:16:30.635+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (12/17)
2023-06-25T18:16:30.636+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (13/17)
2023-06-25T18:16:30.636+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking AnonymousAuthenticationFilter (14/17)
2023-06-25T18:16:30.636+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationCodeGrantFilter (15/17)
2023-06-25T18:18:28.978+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (16/17)
2023-06-25T18:18:28.978+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Invoking AuthorizationFilter (17/17)
2023-06-25T18:18:28.979+08:00 DEBUG 5712 --- [nio-9001-exec-8] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:18:28.979+08:00 DEBUG 5712 --- [nio-9001-exec-8] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=Name: [user], Granted Authorities: [[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=user, aud=[oidc-client], azp=oidc-client, auth_time=2023-06-25T09:50:36Z, iss=http://192.168.1.125:9000, exp=2023-06-25T10:39:48Z, iat=2023-06-25T10:09:48Z, nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8, sid=7TkynZgAwHYhWeEnl4soX232xgREd1FFcPagGUIc5cc}], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=F5FB786C57F37610E3A9671AB47DAE23], Granted Authorities=[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]]]
2023-06-25T18:18:30.125+08:00 DEBUG 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy        : Secured GET /api/login/welcome?continue
2023-06-25T18:18:30.126+08:00 DEBUG 5712 --- [nio-9001-exec-8] o.s.web.servlet.DispatcherServlet        : GET "/api/login/welcome?continue", parameters={masked}
2023-06-25T18:18:30.127+08:00 DEBUG 5712 --- [nio-9001-exec-8] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:18:30.130+08:00 DEBUG 5712 --- [nio-9001-exec-8] m.m.a.RequestResponseBodyMethodProcessor : Using 'text/html', given [text/html, application/xhtml+xml, image/webp, image/apng, application/xml;q=0.9, */*;q=0.8, application/signed-exchange;v=b3;q=0.7] and supported [text/plain, */*, application/json, application/*+json]
2023-06-25T18:18:30.131+08:00 DEBUG 5712 --- [nio-9001-exec-8] m.m.a.RequestResponseBodyMethodProcessor : Writing ["<h1>Welcome!</h1>"]
2023-06-25T18:18:30.132+08:00 DEBUG 5712 --- [nio-9001-exec-8] o.s.web.servlet.DispatcherServlet        : Completed 200 OK
2023-06-25T18:18:46.973+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3)
2023-06-25T18:18:46.974+08:00 DEBUG 5712 --- [io-9001-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3)
2023-06-25T18:18:46.974+08:00 DEBUG 5712 --- [io-9001-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3)
2023-06-25T18:18:46.974+08:00 DEBUG 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Securing GET /api/login/welcome?continue
2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/17)
2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/17)
2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/17)
2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/17)
2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/17)
2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/17)
2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17)
2023-06-25T18:18:49.075+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (8/17)
2023-06-25T18:18:50.364+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking OAuth2LoginAuthenticationFilter (9/17)
2023-06-25T18:18:50.365+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking DefaultLoginPageGeneratingFilter (10/17)
2023-06-25T18:18:50.365+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking DefaultLogoutPageGeneratingFilter (11/17)
2023-06-25T18:18:50.365+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (12/17)
2023-06-25T18:18:50.365+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (13/17)
2023-06-25T18:18:50.366+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking AnonymousAuthenticationFilter (14/17)
2023-06-25T18:18:50.366+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationCodeGrantFilter (15/17)
2023-06-25T18:18:51.766+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (16/17)
2023-06-25T18:18:51.767+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Invoking AuthorizationFilter (17/17)
2023-06-25T18:19:57.364+08:00 DEBUG 5712 --- [io-9001-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:19:57.366+08:00 DEBUG 5712 --- [io-9001-exec-10] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=Name: [user], Granted Authorities: [[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=user, aud=[oidc-client], azp=oidc-client, auth_time=2023-06-25T09:50:36Z, iss=http://192.168.1.125:9000, exp=2023-06-25T10:39:48Z, iat=2023-06-25T10:09:48Z, nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8, sid=7TkynZgAwHYhWeEnl4soX232xgREd1FFcPagGUIc5cc}], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=F5FB786C57F37610E3A9671AB47DAE23], Granted Authorities=[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]]]
2023-06-25T18:20:35.651+08:00 DEBUG 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy        : Secured GET /api/login/welcome?continue
2023-06-25T18:20:35.652+08:00 DEBUG 5712 --- [io-9001-exec-10] o.s.web.servlet.DispatcherServlet        : GET "/api/login/welcome?continue", parameters={masked}
2023-06-25T18:20:35.652+08:00 DEBUG 5712 --- [io-9001-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
2023-06-25T18:20:35.655+08:00 DEBUG 5712 --- [io-9001-exec-10] m.m.a.RequestResponseBodyMethodProcessor : Using 'text/html', given [text/html, application/xhtml+xml, image/webp, image/apng, application/xml;q=0.9, */*;q=0.8, application/signed-exchange;v=b3;q=0.7] and supported [text/plain, */*, application/json, application/*+json]
2023-06-25T18:20:35.655+08:00 DEBUG 5712 --- [io-9001-exec-10] m.m.a.RequestResponseBodyMethodProcessor : Writing ["<h1>Welcome!</h1>"]
2023-06-25T18:20:35.657+08:00 DEBUG 5712 --- [io-9001-exec-10] o.s.web.servlet.DispatcherServlet        : Completed 200 OK

集成GateWay

正在集成中。。。

關(guān)于?Spring Cloud Alibaba 的基礎(chǔ)環(huán)境搭建，可以看下面的文章，很詳細(xì)，本文主要介紹集成OAuth2的過程

Spring Cloud Alibaba 最新版本整合完整使用及與各中間件集成（基于Spring Boot 3.0.x）_ricardo.M.Yu的博客-CSDN博客

代辦事項(xiàng)?

現(xiàn)在需要做的改造如下：

1、新建授權(quán)服務(wù)，集成 oauth2-authorization-server ，即auth模塊做授權(quán)中心

2、修改業(yè)務(wù)模塊，集成?oauth2-client，即做資源中心與客戶端

3、修改網(wǎng)關(guān)模塊，即 gateway 做相關(guān)修改

Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）

Oauth2主要結(jié)構(gòu)

OAuth2AuthorizationEndpointFilter：針對(duì) /login 或自行請(qǐng)求授權(quán)碼的處理器

OAuth2TokenEndpointFilter：針對(duì)獲取 token 時(shí)的處理器

ProviderManager:

OAuth2ClientAuthenticationFilter

OAuth2TokenEndpointFilter

ClientSecretAuthenticationProvider

DelegatingAuthenticationConverter

OAuth2AuthorizationCodeAuthenticationProvider

OAuth2AuthorizationEndpointFilter

UsernamePasswordAuthenticationFilter

AuthenticationEntryPoint?

LoginUrlAuthenticationEntryPoint

sql腳本

我直接整理好了文章來源地址http://www.zghlxwxcb.cn/news/detail-482040.html

/*
IMPORTANT:
    If using PostgreSQL, update ALL columns defined with 'blob' to 'text',
    as PostgreSQL does not support the 'blob' data type.
*/
CREATE TABLE oauth2_authorization (
    id varchar(100) NOT NULL,
    registered_client_id varchar(100) NOT NULL,
    principal_name varchar(200) NOT NULL,
    authorization_grant_type varchar(100) NOT NULL,
    authorized_scopes varchar(1000) DEFAULT NULL,
    attributes blob DEFAULT NULL,
    state varchar(500) DEFAULT NULL,
    authorization_code_value blob DEFAULT NULL,
    authorization_code_issued_at timestamp DEFAULT NULL,
    authorization_code_expires_at timestamp DEFAULT NULL,
    authorization_code_metadata blob DEFAULT NULL,
    access_token_value blob DEFAULT NULL,
    access_token_issued_at timestamp DEFAULT NULL,
    access_token_expires_at timestamp DEFAULT NULL,
    access_token_metadata blob DEFAULT NULL,
    access_token_type varchar(100) DEFAULT NULL,
    access_token_scopes varchar(1000) DEFAULT NULL,
    oidc_id_token_value blob DEFAULT NULL,
    oidc_id_token_issued_at timestamp DEFAULT NULL,
    oidc_id_token_expires_at timestamp DEFAULT NULL,
    oidc_id_token_metadata blob DEFAULT NULL,
    refresh_token_value blob DEFAULT NULL,
    refresh_token_issued_at timestamp DEFAULT NULL,
    refresh_token_expires_at timestamp DEFAULT NULL,
    refresh_token_metadata blob DEFAULT NULL,
    user_code_value blob DEFAULT NULL,
    user_code_issued_at timestamp DEFAULT NULL,
    user_code_expires_at timestamp DEFAULT NULL,
    user_code_metadata blob DEFAULT NULL,
    device_code_value blob DEFAULT NULL,
    device_code_issued_at timestamp DEFAULT NULL,
    device_code_expires_at timestamp DEFAULT NULL,
    device_code_metadata blob DEFAULT NULL,
    PRIMARY KEY (id)
);

CREATE TABLE oauth2_authorization_consent (
    registered_client_id varchar(100) NOT NULL,
    principal_name varchar(200) NOT NULL,
    authorities varchar(1000) NOT NULL,
    PRIMARY KEY (registered_client_id, principal_name)
);

CREATE TABLE oauth2_registered_client (
    id varchar(100) NOT NULL,
    client_id varchar(100) NOT NULL,
    client_id_issued_at timestamp DEFAULT CURRENT_TIMESTAMP NOT NULL,
    client_secret varchar(200) DEFAULT NULL,
    client_secret_expires_at timestamp DEFAULT NULL,
    client_name varchar(200) NOT NULL,
    client_authentication_methods varchar(1000) NOT NULL,
    authorization_grant_types varchar(1000) NOT NULL,
    redirect_uris varchar(1000) DEFAULT NULL,
    post_logout_redirect_uris varchar(1000) DEFAULT NULL,
    scopes varchar(1000) NOT NULL,
    client_settings varchar(2000) NOT NULL,
    token_settings varchar(2000) NOT NULL,
    PRIMARY KEY (id)
);

到了這里，關(guān)于Spring Security Oauth2.1 最新版 1.1.0 整合 gateway 完成授權(quán)認(rèn)證（擁抱 springboot 3.1）的文章就介紹完了。如果您還想了解更多內(nèi)容，請(qǐng)?jiān)谟疑辖撬阉鱐OY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章，希望大家以后多多支持TOY模板網(wǎng)！