OAuth + Security - 错误收集
Could not decode JSON for additional information: BaseClientDetails
完整的错误输出如下:
2019-12-03 22:18:37.239 WARN 19120 --- [nio-8100-exec-4] o.s.s.o.p.c.JdbcClientDetailsService : Could not decode JSON for additional information: BaseClientDetails [clientId=c1, clientSecret=$2a$10$NlBC84MVb7F95EXYTXwLneXgCca6/GipyWR5NHm8K0203bSQMLpvm, scope=[ROLE_ADMIN, ROLE_USER, ROLE_API], resourceIds=[res1], authorizedGrantTypes=[client_credentials, password, authorization_code, implicit, refresh_token], registeredRedirectUris=[http://www.baidu.com], authorities=[], accessTokenValiditySeconds=7200, refreshTokenValiditySeconds=259200, additionalInformation={}]
java.io.EOFException: No content to map to Object due to end of input
at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) ~[jackson-mapper-asl-1.9.13.jar:1.9.13]
at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) ~[jackson-mapper-asl-1.9.13.jar:1.9.13]
at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1863) ~[jackson-mapper-asl-1.9.13.jar:1.9.13]
at org.springframework.security.oauth2.provider.client.JdbcClientDetailsService$JacksonMapper.read(`JdbcClientDetailsService.java:309`) ~[spring-security-oauth2-2.3.4.RELEASE.jar:na]
at org.springframework.security.oauth2.provider.client.JdbcClientDetailsService$ClientDetailsRowMapper.mapRow(JdbcClientDetailsService.java:268) [spring-security-oauth2-2.3.4.RELEASE.jar:na]
at org.springframework.security.oauth2.provider.client.JdbcClientDetailsService$ClientDetailsRowMapper.mapRow(JdbcClientDetailsService.java:251) [spring-security-oauth2-2.3.4.RELEASE.jar:na]
at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:94) [spring-jdbc-5.1.10.RELEASE.jar:5.1.10.RELEASE]
at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:61) [spring-jdbc-5.1.10.RELEASE.jar:5.1.10.RELEASE]
根据错消息定位到 JdbcClientDetailsService.java 这个类,查看源码可以知道查出的数据中有一个空数据转json报错
查看数据库果然 additional_information 字段都是空的。然后在数据库中先添加了测试字符串,发现还是报同样的错误。
最后百度+google终于在网址找到了下面这篇文章。
根据这篇文章里的介绍这是一个预留的字段 https://blog.csdn.net/u011676300/article/details/84390988
.png)
所以,这个字段我们要么置为null,要么是一个标准格式的json。否则就不填为null,空字符串或者字符串的null都不行。
SpringBoot2.x+SpringSecurity+Oauth2获取AccessToken跨域CORS访问解决方案
在之前没有整合SpringSecurity+Oauth2时,在项目中使用的跨域方案如下:
@Configuration
public class CorsConfigure implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("*")
.allowedMethods("GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS")
.allowCredentials(true)
.maxAge(3600)
.allowedHeaders("*");
}
}
但是后来集成了SpringSecurity+Oauth2以后,发现在/oauth/token获取token以后,在前后端分离的情况下,前端会报跨域的错误。解决方案如下:
@Order(Ordered.HIGHEST_PRECEDENCE)
@Configuration
public class GlobalCorsConfiguration implements Filter {
@Override
public void init(FilterConfig filterConfig) {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
response.setHeader("Access-Control-Allow-Origin","*");
response.setHeader("Access-Control-Allow-Credentials","true");
response.setHeader("Access-Control-Allow-Methods","POST,GET,OPTIONS,PUT,DELETE,PATCH,HEAD");
response.setHeader("Access-Control-Allow-Max-Age","3600");
response.setHeader("Access-Control-Allow-Headers","authorization,Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type");
if("OPTIONS".equalsIgnoreCase(request.getMethod())){
response.setStatus(HttpServletResponse.SC_OK);
}else{
filterChain.doFilter(servletRequest,servletResponse);
}
}
@Override
public void destroy() {
}
}
