zoukankan      html  css  js  c++  java
  • OAuth + Security

    Could not decode JSON for additional information: BaseClientDetails

    完整的错误输出如下:

    2019-12-03 22:18:37.239  WARN 19120 --- [nio-8100-exec-4] o.s.s.o.p.c.JdbcClientDetailsService     : Could not decode JSON for additional information: BaseClientDetails [clientId=c1, clientSecret=$2a$10$NlBC84MVb7F95EXYTXwLneXgCca6/GipyWR5NHm8K0203bSQMLpvm, scope=[ROLE_ADMIN, ROLE_USER, ROLE_API], resourceIds=[res1], authorizedGrantTypes=[client_credentials, password, authorization_code, implicit, refresh_token], registeredRedirectUris=[http://www.baidu.com], authorities=[], accessTokenValiditySeconds=7200, refreshTokenValiditySeconds=259200, additionalInformation={}]
    
    java.io.EOFException: No content to map to Object due to end of input
    	at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) ~[jackson-mapper-asl-1.9.13.jar:1.9.13]
    	at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) ~[jackson-mapper-asl-1.9.13.jar:1.9.13]
    	at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1863) ~[jackson-mapper-asl-1.9.13.jar:1.9.13]
    	at org.springframework.security.oauth2.provider.client.JdbcClientDetailsService$JacksonMapper.read(`JdbcClientDetailsService.java:309`) ~[spring-security-oauth2-2.3.4.RELEASE.jar:na]
    	at org.springframework.security.oauth2.provider.client.JdbcClientDetailsService$ClientDetailsRowMapper.mapRow(JdbcClientDetailsService.java:268) [spring-security-oauth2-2.3.4.RELEASE.jar:na]
    	at org.springframework.security.oauth2.provider.client.JdbcClientDetailsService$ClientDetailsRowMapper.mapRow(JdbcClientDetailsService.java:251) [spring-security-oauth2-2.3.4.RELEASE.jar:na]
    	at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:94) [spring-jdbc-5.1.10.RELEASE.jar:5.1.10.RELEASE]
    	at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:61) [spring-jdbc-5.1.10.RELEASE.jar:5.1.10.RELEASE]
    

    根据错消息定位到 JdbcClientDetailsService.java 这个类,查看源码可以知道查出的数据中有一个空数据转json报错

    查看数据库果然 additional_information 字段都是空的。然后在数据库中先添加了测试字符串,发现还是报同样的错误。

    最后百度+google终于在网址找到了下面这篇文章。

    根据这篇文章里的介绍这是一个预留的字段 https://blog.csdn.net/u011676300/article/details/84390988

    image

    所以,这个字段我们要么置为null,要么是一个标准格式的json。否则就不填为null,空字符串或者字符串的null都不行。

    参考链接:https://www.cnblogs.com/nxzblogs/p/11980031.html

    SpringBoot2.x+SpringSecurity+Oauth2获取AccessToken跨域CORS访问解决方案

    在之前没有整合SpringSecurity+Oauth2时,在项目中使用的跨域方案如下:

    @Configuration
    public class CorsConfigure implements WebMvcConfigurer {
    
        @Override
        public void addCorsMappings(CorsRegistry registry) {
            registry.addMapping("/**")
                    .allowedOrigins("*")
                    .allowedMethods("GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS")
                    .allowCredentials(true)
                    .maxAge(3600)
                    .allowedHeaders("*");
        }
    }
    

    但是后来集成了SpringSecurity+Oauth2以后,发现在/oauth/token获取token以后,在前后端分离的情况下,前端会报跨域的错误。解决方案如下:

    @Order(Ordered.HIGHEST_PRECEDENCE)
    @Configuration
    public class GlobalCorsConfiguration implements Filter {
    
        @Override
        public void init(FilterConfig filterConfig) {
    
        }
    
        @Override
        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
            HttpServletRequest request = (HttpServletRequest) servletRequest;
            HttpServletResponse response = (HttpServletResponse) servletResponse;
            response.setHeader("Access-Control-Allow-Origin","*");
            response.setHeader("Access-Control-Allow-Credentials","true");
            response.setHeader("Access-Control-Allow-Methods","POST,GET,OPTIONS,PUT,DELETE,PATCH,HEAD");
            response.setHeader("Access-Control-Allow-Max-Age","3600");
            response.setHeader("Access-Control-Allow-Headers","authorization,Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type");
            if("OPTIONS".equalsIgnoreCase(request.getMethod())){
                response.setStatus(HttpServletResponse.SC_OK);
            }else{
                filterChain.doFilter(servletRequest,servletResponse);
            }
        }
    
        @Override
        public void destroy() {
    
        }
    
    }
    
  • 相关阅读:
    Sample Page
    3.21之前刷题总结
    存储过程动态组建查询where语句
    SQL常备知识
    学习SilverLight:(1)SilverLight3.0和JavaScript交互
    SQL SERVER 2005 Tempdb
    学习atlas
    sql server系统表详细说明(转)
    js 基数排序的过程
    vuerouter 刷新页面后 url地址不变 参数还在 保留当前页 routerlink取值 this.$route
  • 原文地址:https://www.cnblogs.com/reroyalup/p/13071271.html
Copyright © 2011-2022 走看看