使用LDAP身份验证保护OAuth 2.0授权服务器

时间:2021-02-12 19:41:13

Implemented OAuth 2.0 implementation using the below reference and was able to make it.

使用以下参考实现了OAuth 2.0实现,并且能够实现。

source code https://github.com/Baeldung/spring-security-oauth

源代码https://github.com/Baeldung/spring-security-oauth

Tutorial http://www.baeldung.com/rest-api-spring-oauth2-angularjs

To secure our application more, replaced auth.inMemoryAuthentication() with auth.ldapAuthentication() using embedded ldap by referring to the https://spring.io/guides/gs/authenticating-ldap/ and our WebSecurityConfigurerAdapter looks like

为了更好地保护我们的应用程序,请使用嵌入式ldap将auth.inMemoryAuthentication()替换为auth.inMemoryAuthentication(),方法是参考https://spring.io/guides/gs/authenticating-ldap/,我们的WebSecurityConfigurerAdapter看起来像

 @Autowired
    public void globalUserDetails(final AuthenticationManagerBuilder auth) throws Exception {
        auth
            .ldapAuthentication()
                .userDnPatterns("uid={0},ou=people")
                .groupSearchBase("ou=groups")
                .contextSource(contextSource())
                .passwordCompare()
                    .passwordEncoder(new LdapShaPasswordEncoder())
                    .passwordAttribute("userPassword");
                    }

Now authentication is being successful but throwing the below error message on UI.

现在验证成功,但在UI上抛出以下错误消息。

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<oauth>
<error_description>
Invalid access token: 51a2f56a-7db6-429e-a180-6b872a2ec521
</error_description>
<error>invalid_token</error>
</oauth>

Also find the stack trace below

还可以在下面找到堆栈跟踪

2017-08-06 22:45:42.508 DEBUG 13744 --- [nio-8082-exec-2] o.s.jdbc.core.JdbcTemplate               : Executing prepared SQL query
2017-08-06 22:45:42.511 DEBUG 13744 --- [nio-8082-exec-2] o.s.jdbc.core.JdbcTemplate               : Executing prepared SQL statement [select token_id, token from oauth_access_token where token_id = ?]
2017-08-06 22:45:42.531 DEBUG 13744 --- [nio-8082-exec-2] o.s.jdbc.datasource.DataSourceUtils      : Fetching JDBC Connection from DataSource
2017-08-06 22:45:42.532 DEBUG 13744 --- [nio-8082-exec-2] o.s.j.d.DriverManagerDataSource          : Creating new JDBC DriverManager Connection to [jdbc:mysql://localhost:3306/auth]
2017-08-06 22:45:43.156 DEBUG 13744 --- [nio-8082-exec-2] o.s.jdbc.datasource.DataSourceUtils      : Returning JDBC Connection to DataSource
2017-08-06 22:45:43.166 DEBUG 13744 --- [nio-8082-exec-2] o.s.jdbc.core.JdbcTemplate               : Executing prepared SQL query
2017-08-06 22:45:43.166 DEBUG 13744 --- [nio-8082-exec-2] o.s.jdbc.core.JdbcTemplate               : Executing prepared SQL statement [select token_id, authentication from oauth_access_token where token_id = ?]
2017-08-06 22:45:43.166 DEBUG 13744 --- [nio-8082-exec-2] o.s.jdbc.datasource.DataSourceUtils      : Fetching JDBC Connection from DataSource
2017-08-06 22:45:43.166 DEBUG 13744 --- [nio-8082-exec-2] o.s.j.d.DriverManagerDataSource          : Creating new JDBC DriverManager Connection to [jdbc:mysql://localhost:3306/auth]
2017-08-06 22:45:43.185 DEBUG 13744 --- [nio-8082-exec-2] o.a.c.loader.WebappClassLoaderBase       :     findClass(org.springframework.security.ldap.userdetails.LdapUserDetailsImpl)
2017-08-06 22:45:43.186 DEBUG 13744 --- [nio-8082-exec-2] o.a.c.loader.WebappClassLoaderBase       :     --> Returning ClassNotFoundException
2017-08-06 22:45:43.187 DEBUG 13744 --- [nio-8082-exec-2] o.a.c.loader.WebappClassLoaderBase       :     findClass(org.springframework.security.ldap.userdetails$LdapUserDetailsImpl)
2017-08-06 22:45:43.187 DEBUG 13744 --- [nio-8082-exec-2] o.a.c.loader.WebappClassLoaderBase       :     --> Returning ClassNotFoundException
2017-08-06 22:45:43.188 DEBUG 13744 --- [nio-8082-exec-2] o.s.jdbc.datasource.DataSourceUtils      : Returning JDBC Connection to DataSource
2017-08-06 22:45:43.193  WARN 13744 --- [nio-8082-exec-2] o.s.s.o.p.token.store.JdbcTokenStore     : Failed to deserialize authentication for 51a2f56a-7db6-429e-a180-6b872a2ec521

java.lang.IllegalArgumentException: java.lang.ClassNotFoundException: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
    at org.springframework.security.oauth2.common.util.SerializationUtils.deserialize(SerializationUtils.java:50) ~[spring-security-oauth2-2.0.14.RELEASE.jar:na]
    at org.springframework.security.oauth2.provider.token.store.JdbcTokenStore.deserializeAuthentication(JdbcTokenStore.java:405) [spring-security-oauth2-2.0.14.RELEASE.jar:na]
    at org.springframework.security.oauth2.provider.token.store.JdbcTokenStore$3.mapRow(JdbcTokenStore.java:198) ~[spring-security-oauth2-2.0.14.RELEASE.jar:na]
    at org.springframework.security.oauth2.provider.token.store.JdbcTokenStore$3.mapRow(JdbcTokenStore.java:196) ~[spring-security-oauth2-2.0.14.RELEASE.jar:na]
    at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:93) ~[spring-jdbc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
    at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:60) ~[spring-jdbc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
    at org.springframework.jdbc.core.JdbcTemplate$1.doInPreparedStatement(JdbcTemplate.java:697) ~[spring-jdbc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
    at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:633) ~[spring-jdbc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
    at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:684) ~[spring-jdbc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
    at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:716) ~[spring-jdbc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
    at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:726) ~[spring-jdbc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
    at org.springframework.jdbc.core.JdbcTemplate.queryForObject(JdbcTemplate.java:800) ~[spring-jdbc-4.3.9.RELEASE.jar:4.3.9.RELEASE]
    at org.springframework.security.oauth2.provider.token.store.JdbcTokenStore.readAuthentication(JdbcTokenStore.java:195) [spring-security-oauth2-2.0.14.RELEASE.jar:na]
    at org.springframework.security.oauth2.provider.token.store.JdbcTokenStore.readAuthentication(JdbcTokenStore.java:188) [spring-security-oauth2-2.0.14.RELEASE.jar:na]
    at org.springframework.security.oauth2.provider.token.DefaultTokenServices.loadAuthentication(DefaultTokenServices.java:238) [spring-security-oauth2-2.0.14.RELEASE.jar:na]
    at org.springframework.security.oauth2.provider.token.DefaultTokenServices$$FastClassBySpringCGLIB$$5a1f25c.invoke(<generated>) [spring-security-oauth2-2.0.14.RELEASE.jar:na]
    at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) [spring-core-4.3.9.RELEASE.jar:4.3.9.RELEASE]
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:669) [spring-aop-4.3.9.RELEASE.jar:4.3.9.RELEASE]
    at org.springframework.security.oauth2.provider.token.DefaultTokenServices$$EnhancerBySpringCGLIB$$b4290941.loadAuthentication(<generated>) [spring-security-oauth2-2.0.14.RELEASE.jar:na]
    at org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationManager.authenticate(OAuth2AuthenticationManager.java:83) [spring-security-oauth2-2.0.14.RELEASE.jar:na]
    at org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter.doFilter(OAuth2AuthenticationProcessingFilter.java:150) [spring-security-oauth2-2.0.14.RELEASE.jar:na]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) [spring-security-web-4.2.3.RELEASE.jar:4.2.3.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:105) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.9.RELEASE.jar:4.3.9.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at com.tcs.springhadoop.ResourceApplication.CorsFilter.doFilter(CorsFilter.java:35) [classes/:na]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.8.0_141]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.8.0_141]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.5.15.jar:8.5.15]
    at java.lang.Thread.run(Unknown Source) [na:1.8.0_141]
Caused by: java.lang.ClassNotFoundException: org.springframework.security.ldap.userdetails.LdapUserDetailsImpl
    at org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedWebappClassLoader.loadClass(TomcatEmbeddedWebappClassLoader.java:52) ~[spring-boot-1.5.4.RELEASE.jar:1.5.4.RELEASE]
    at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1119) ~[tomcat-embed-core-8.5.15.jar:8.5.15]
    at org.springframework.util.ClassUtils.forName(ClassUtils.java:250) ~[spring-core-4.3.9.RELEASE.jar:4.3.9.RELEASE]
    at org.springframework.core.ConfigurableObjectInputStream.resolveClass(ConfigurableObjectInputStream.java:74) ~[spring-core-4.3.9.RELEASE.jar:4.3.9.RELEASE]
    at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source) ~[na:1.8.0_141]
    at java.io.ObjectInputStream.readClassDesc(Unknown Source) ~[na:1.8.0_141]
    at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source) ~[na:1.8.0_141]
    at java.io.ObjectInputStream.readObject0(Unknown Source) ~[na:1.8.0_141]
    at java.io.ObjectInputStream.defaultReadFields(Unknown Source) ~[na:1.8.0_141]
    at java.io.ObjectInputStream.readSerialData(Unknown Source) ~[na:1.8.0_141]
    at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source) ~[na:1.8.0_141]
    at java.io.ObjectInputStream.readObject0(Unknown Source) ~[na:1.8.0_141]
    at java.io.ObjectInputStream.defaultReadFields(Unknown Source) ~[na:1.8.0_141]
    at java.io.ObjectInputStream.readSerialData(Unknown Source) ~[na:1.8.0_141]
    at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source) ~[na:1.8.0_141]
    at java.io.ObjectInputStream.readObject0(Unknown Source) ~[na:1.8.0_141]
    at java.io.ObjectInputStream.readObject(Unknown Source) ~[na:1.8.0_141]
    at org.springframework.security.oauth2.common.util.SerializationUtils.deserialize(SerializationUtils.java:43) ~[spring-security-oauth2-2.0.14.RELEASE.jar:na]




2017-08-06 22:56:32.188 DEBUG 13744 --- [nio-8082-exec-3] o.s.jdbc.core.JdbcTemplate               : Executing prepared SQL update
2017-08-06 22:56:32.188 DEBUG 13744 --- [nio-8082-exec-3] o.s.jdbc.core.JdbcTemplate               : Executing prepared SQL statement [delete from oauth_access_token where token_id = ?]
2017-08-06 22:56:32.188 DEBUG 13744 --- [nio-8082-exec-3] o.s.jdbc.datasource.DataSourceUtils      : Fetching JDBC Connection from DataSource
2017-08-06 22:56:32.188 DEBUG 13744 --- [nio-8082-exec-3] o.s.j.d.DriverManagerDataSource          : Creating new JDBC DriverManager Connection to [jdbc:mysql://localhost:3306/auth]
2017-08-06 22:56:32.196 DEBUG 13744 --- [nio-8082-exec-3] o.s.jdbc.core.JdbcTemplate               : SQL update affected 1 rows
2017-08-06 22:56:32.200 DEBUG 13744 --- [nio-8082-exec-3] o.s.jdbc.datasource.DataSourceUtils      : Returning JDBC Connection to DataSource
2017-08-06 22:56:32.200 DEBUG 13744 --- [nio-8082-exec-3] p.a.OAuth2AuthenticationProcessingFilter : Authentication request failed: error="invalid_token", error_description="Invalid access token: f8c3ebb0-5eb0-4170-9437-4d67e2192f37"
2017-08-06 22:56:32.200 DEBUG 13744 --- [nio-8082-exec-3] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2017-08-06 22:56:32.200 DEBUG 13744 --- [nio-8082-exec-3] s.s.o.p.e.DefaultOAuth2ExceptionRenderer : Written [error="invalid_token", error_description="Invalid access token: f8c3ebb0-5eb0-4170-9437-4d67e2192f37"] as "application/xhtml+xml" using [org.springframework.security.oauth2.http.converter.jaxb.JaxbOAuth2ExceptionMessageConverter@47716661]
2017-08-06 22:56:32.200 DEBUG 13744 --- [nio-8082-exec-3] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
    ... 72 common frames omitted

Error trace followed by deleting the access token from database. Please guide us to fix the issue. Thanks in advance

错误跟踪,然后从数据库中删除访问令牌。请指导我们解决问题。提前致谢

1 个解决方案

#1

0  

Make sure you have the following in your pom.xml

确保pom.xml中包含以下内容

<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-ldap</artifactId>
    <version>3.1.0.RELEASE</version>
</dependency>

Change to your version of spring.

更改为您的弹簧版本。

#1

0  

Make sure you have the following in your pom.xml

确保pom.xml中包含以下内容

<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-ldap</artifactId>
    <version>3.1.0.RELEASE</version>
</dependency>

Change to your version of spring.

更改为您的弹簧版本。

标签:

相关文章