Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证
作者:mmseoamin日期:2023-12-05

目录

背景

demo地址

版本

Spring Boot 3.1

Spring Authorization Server 1.1.0

基础

spring security

OAuth2

模块构成

授权方式

认证方式

集成过程

官方demo

代码集成

依赖

授权服务AuthorizationServerConfig配置

重要组件

测试

查看授权服务配置

访问授权服务

授权

回调

获取 access_token

获取用户信息

个性化改造

目标

基础知识

Spring Security OAuth2 Client

改造过程

auth-server改造

POM

持久化改造

AuthorizationServerConfig改造

sql脚本

DefaultSecurityConfig修改

UserService配置

异常处理

测试

根据刷新码 refresh_token 换token

自定义用户信息

userService新增方法

定义用户信息格式返回handler

SecurityFilterChain改造

测试

 auth-client客户端添加

 配置

 controller

测试

控制台

集成GateWay

代办事项 

sql脚本


背景

基于 Spring Cloud Alibaba  架构下,需要一个统一授权中心,与 gateway 配合使用实现微服务的授权与认证,下面主要介绍整个集成过程,基于springboot3.1最新版

demo地址

我放到了github上,还包括 spring-cloud-alibaba其他的集成

ricardo-m-yu/spring-cloud-alibaba (github.com)

版本

Spring Boot 3.1

最新发布的springboot3.1版本对 oauth2 提供了默认的支持,可以引用下面的依赖来快速构建,为了体验新版本特性,我这边切换到了 3.1版本

Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证,第1张

Spring Boot 3.1 提供了一个 spring-boot-starter-oauth2-authorization-server 启动器,可以支持 Spring Authorization Server 的自动配置,轻松配置基于 Servlet 的 OAuth2 授权服务器,同时@EnableAuthorizationServer这些注解也早已废弃

Spring Authorization Server 1.1.0

官方文档

Spring Authorization Server

基础

spring security

关于springsecurity的基础知识,之前写过一篇 springboot 与 Spring Security 集成的基于 jwt的授权的,可以看下面的

(296条消息) springboot 2.7整合spring security 5.7整合jwt实现用户登录注册与鉴权全记录_ricardo.M.Yu的博客-CSDN博客

OAuth2

 OAuth2可以提供一个统一的认证服务。主要模块如下:

模块构成

  • Resource owner(资源拥有者):拥有该资源的服务或用户,如我们自己或者资源网站
  • Authorization server(认证服务器):即用来认证与颁发令牌(如token)的服务
  • Resource server(资源服务器):拥有资源的服务,如我们要访问的网站
  • Client(客户端):即访问的客户端,如我们自己用的访问网站

授权方式

  • 授权码模式(authorization_code):最正规的模式,客户端先将用户导向认证服务器,登录后获取授权码,然后进行授权,最后根据授权码获取访问令牌
  • 刷新模式(refresh_token):用刷新码获取
  • 客户端模式(client_credentials):第三方应用自己本身需要获取资源

详见  AuthorizationGrantType 这个类

Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证,第2张

下面的密码模式已经被废弃

  • 密码模式(resource owner password credentials):直接带用户名和密码去向认证服务器申请令牌

    认证方式

    • client_secret_basic:最常用,客户端的 client_id 和 client_secret,传递给授权服务器

    • client_secret_post:常用,客户端的 client_id 和 client_secret,传递给授权服务器,参数传递方式不同

    • client_secret_jwt:利用 JWT 进行认证

    • private_key_jwt:方式就是利用 JWT 进行认证。请求方拥有自己的公私钥(密钥对)

    • none

    详见 ClientAuthenticationMethod

    Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证,第3张

    集成过程

    我下面会分为三个阶段逐次递进改造,

    • 第一阶段:官方demo演示与组件讲解测试
    • 第二阶段:个性化改造
    • 第三阶段:集成 springcloud gateway 完成分布式授权改造

    官方demo

    代码集成

    依赖

    只需要下面的这一个依赖,springboot 版本为 3.1

    
        org.springframework.boot
        spring-boot-starter-parent
        3.1.0
        
    
    
        org.springframework.boot
        spring-boot-starter-oauth2-authorization-server
    

    授权服务AuthorizationServerConfig配置

    spring 官方在快速开始里面给出了下面的默认最小配置,

    Getting Started (spring.io)

    我先粘下来再介绍,代码结构大概这样,一共两个配置类

    Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证,第4张

     AuthorizationServerConfig

    @Configuration
    public class AuthorizationServerConfig {
        @Bean
        @Order(1)
        public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
                throws Exception {
            //针对 Spring Authorization Server 最佳实践配置
            OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
            http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
                    .oidc(Customizer.withDefaults());	// Enable OpenID Connect 1.0
            http
                    // Redirect to the login page when not authenticated from the
                    // authorization endpoint
                    .exceptionHandling((exceptions) -> exceptions
                            .defaultAuthenticationEntryPointFor(
                                    new LoginUrlAuthenticationEntryPoint("/login"),
                                    new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
                            )
                    )
                    // Accept access tokens for User Info and/or Client Registration
                    .oauth2ResourceServer((resourceServer) -> resourceServer
                            .jwt(Customizer.withDefaults()));
            return http.build();
        }
        @Bean
        public RegisteredClientRepository registeredClientRepository() {
            RegisteredClient oidcClient = RegisteredClient.withId(UUID.randomUUID().toString())
                    .clientId("oidc-client")
                    .clientSecret("{noop}secret")
                    .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
                    .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                    .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
                    .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
                    .redirectUri("http://www.baidu.com")
                    .redirectUri("http://localhost:9001/login/oauth2/code/oidc-client")
                    .redirectUri("http://localhost:9001/api/login/welcome")
                    .postLogoutRedirectUri("http://127.0.0.1:8080/")
                    .scope(OidcScopes.OPENID)
                    .scope(OidcScopes.PROFILE)
                    .scope("message.read")
                    .scope("message.write")
                    .scope("all")
                    // 设置 Client 需要页面审核授权
                    .clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build())
                    .build();
            return new InMemoryRegisteredClientRepository(oidcClient);
        }
        /**
         * 默认发放令牌
         * @return
         */
        @Bean
        public JWKSource jwkSource() {
            KeyPair keyPair = generateRsaKey();
            RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
            RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
            RSAKey rsaKey = new RSAKey.Builder(publicKey)
                    .privateKey(privateKey)
                    .keyID(UUID.randomUUID().toString())
                    .build();
            JWKSet jwkSet = new JWKSet(rsaKey);
            return new ImmutableJWKSet<>(jwkSet);
        }
        private static KeyPair generateRsaKey() {
            KeyPair keyPair;
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
                keyPairGenerator.initialize(2048);
                keyPair = keyPairGenerator.generateKeyPair();
            }
            catch (Exception ex) {
                throw new IllegalStateException(ex);
            }
            return keyPair;
        }
        @Bean
        public JwtDecoder jwtDecoder(JWKSource jwkSource) {
            return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
        }
        @Bean
        public AuthorizationServerSettings authorizationServerSettings() {
            return AuthorizationServerSettings.builder().build();
        }
    }

    DefaultSecurityConfig

    @EnableWebSecurity
    @Configuration(proxyBeanMethods = false)
    public class DefaultSecurityConfig {
        @Bean
        @Order(2)
        public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http)
                throws Exception {
            http
                    .authorizeHttpRequests((authorize) -> authorize
                            .requestMatchers(new AntPathRequestMatcher("/actuator/**"),
                                    new AntPathRequestMatcher("/oauth2/**"),
                                    new AntPathRequestMatcher("/**/*.json"),
                                    new AntPathRequestMatcher("/**/*.html")).permitAll()
                            .anyRequest().authenticated()
                    )
                    .cors(Customizer.withDefaults())
                    .csrf((csrf) -> csrf.disable())
    //                .httpBasic(Customizer.withDefaults())
    //				// Form login handles the redirect to the login page from the
    //				// authorization server filter chain
                    .formLogin(Customizer.withDefaults())
            ;
            return http.build();
        }
        @Bean
        public UserDetailsService userDetailsService() {
            UserDetails userDetails = User.withDefaultPasswordEncoder()
                    .username("user")
                    .password("password")
                    .roles("USER")
                    .build();
            return new InMemoryUserDetailsManager(userDetails);
        }
    }

    分别介绍下这几个@Bean配置,也是 AuthorizationServer 的几个重要概念。

    重要组件

    • SecurityFilterChain -> authorizationServerSecurityFilterChain: Spring Security的过滤器链,用于协议端点的。

    • SecurityFilterChain -> defaultSecurityFilterChain: Spring Security的过滤器链,用于Spring Security的身份认证

    • UserDetailsService :主要进行用户身份验证

    • RegisteredClientRepository:主要用于管理客户端

    • JWKSource:用于签名访问令牌

    • KeyPair: 启动时生成的带有密钥的KeyPair实例,用于创建上面的JWKSource

    • JwtDecoder:JwtDecoder的一个实例,用于解码已签名的访问令牌

    • AuthorizationServerSettings:用于配置Spring Authorization Server的AuthorizationServerSettings实例。

    测试

    为了方便测试,上面的配置中,客户端的回调地址我已经改成了 百度的,授权方式用授权码模式,认证方式用client_secret_basic

    服务启动,端口为9000

    Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证,第5张

    查看授权服务配置

    地址:

    调用  http://127.0.0.1:9000/.well-known/openid-configuration

     后,查看地址配置如下:其实就是每个请求的url

    Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证,第6张

    详细的是下面

    {

        "issuer": "http://127.0.0.1:9000",

        "authorization_endpoint": "http://127.0.0.1:9000/oauth2/authorize",

        "device_authorization_endpoint": "http://127.0.0.1:9000/oauth2/device_authorization",

        "token_endpoint": "http://127.0.0.1:9000/oauth2/token",

        "token_endpoint_auth_methods_supported": [

            "client_secret_basic",

            "client_secret_post",

            "client_secret_jwt",

            "private_key_jwt"

        ],

        "jwks_uri": "http://127.0.0.1:9000/oauth2/jwks",

        "userinfo_endpoint": "http://127.0.0.1:9000/userinfo",

        "end_session_endpoint": "http://127.0.0.1:9000/connect/logout",

        "response_types_supported": [

            "code"

        ],

        "grant_types_supported": [

            "authorization_code",

            "client_credentials",

            "refresh_token",

            "urn:ietf:params:oauth:grant-type:device_code"

        ],

        "revocation_endpoint": "http://127.0.0.1:9000/oauth2/revoke",

        "revocation_endpoint_auth_methods_supported": [

            "client_secret_basic",

            "client_secret_post",

            "client_secret_jwt",

            "private_key_jwt"

        ],

        "introspection_endpoint": "http://127.0.0.1:9000/oauth2/introspect",

        "introspection_endpoint_auth_methods_supported": [

            "client_secret_basic",

            "client_secret_post",

            "client_secret_jwt",

            "private_key_jwt"

        ],

        "subject_types_supported": [

            "public"

        ],

        "id_token_signing_alg_values_supported": [

            "RS256"

        ],

        "scopes_supported": [

            "openid"

        ]

    }

    访问授权服务

    浏览器地址栏输入

    http://localhost:9000/oauth2/authorize?response_type=code&client_id=oidc-client&scope=message.read openid&redirect_uri=http://www.baidu.com

    用这个请求来模拟客户端,实际开发中,其实是先访问资源服务,由资源服务来拼接这几个参数来重定向到授权服务的,参数意义如下,这些参数都是需要再上面RegisteredClientRepository配置过的

    • response_type:这个意思是相应的方式为code码
    • client_id:即客户端的id,即上面配置中在 RegisteredClientRepository 配置的
    • scope:请求授权范围,也需要在上面的配置中
    • redirect_uri:授权通过后,重定向回来的地址

    输入完上面的地址后,会重定向到下面这个登录页面,

    我们输入上面配置好的用户名密码:

    user

    password

    点击登录 

    Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证,第7张

    授权

    登录过后,会到下面这个授权页面,点击授权范围,然后点击 submit

    Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证,第8张

    回调

    授权通过后,授权服务回调到了百度的地址,然后附带这我们的授权码,如下图

    Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证,第9张

    获取 access_token

    拿到授权码之后,可以用postman测试来获取 access_token

    测试接口参数

    Header

    Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证,第10张

    请求体 

    http://localhost:9000/oauth2/token?grant_type=authorization_code&code=ajdNNIj8EiLjgw3OS8yu2q8n3XXCAb6cPY5LRsOHyRlAAB1ENKdmy8M4JBkJ8PrU-3K9QdpAZtyKg8QP5q0EHN2mR1k532FQUKz1ObSuH3EuSFy5LVzut9z1QVPuefoA&redirect_uri=http://www.baidu.com

    curl命令如下

    curl --location --request POST 'http://localhost:9000/oauth2/token?grant_type=authorization_code&code=a_lOQegEwElR09Sj6auVpBdYGgnhhK0uz1Uks286ei_zkbyDFKII2uf7gMIF7CU4cLN8ZEY3EsSq9jMAZ-Rmtmlq5pI6KPB95LMQg9fFirFg2wWjdd5PEwQLMEogY9B6&redirect_uri=http%3A%2F%2Fwww.baidu.com' \

    --header 'Authorization: Basic b2lkYy1jbGllbnQ6c2VjcmV0'

     参数说明:

    • grant_type:即授权方式,authorization_code即授权码模式
    • code:即授权码,上面重定向到百度给我们的授权码
    • redirect_uri:重定向的url
      • header中的 Authorization参数:因为我们用的客户端认证方式 为  client_secret_basic ,这个需要传参,还有一些其他的认证方式,具体参数说明如下
    • client_secret_basic: 将 clientId 和 clientSecret 通过 ‘:’ 号拼接,( clientId 和 clientSecret 都在上面配置中,)并使用 Base64 进行编码得到一串字符,再在前面加个 注意有个 Basic   前缀(Basic后有一个空格), 即得到上面参数中的 Basic b2lkYy1jbGllbnQ6c2VjcmV0
    • client_secret_post :clientId 和 clientSecret 放到表单去发送请求。如下图:

      Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证,第11张

     使用我们的 client_secret_basic 方式传参,接口调用结果:

    Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证,第12张

    已经正常拿到了 access_token。

    完整的过滤器执行顺序,控制台输出

    Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证,第13张

    获取用户信息

    获取用户信息接口为  /userinfo,注意需要有 opid 的授权范围,需要传参的值为 上面获取到的access_token,并在前面拼上  Bearer 

    参数说明

    Authorization:值格式为 Bearer + ${access_token}, 注意 Bearer  后面附带空格

    curl命令

    curl --location --request POST 'http://127.0.0.1:9000/userinfo' \

    --header 'Authorization: Bearer eyJraWQiOiI4ZDc5YTIwNi1kOWZhLTQ5NWQtODJkMi1iMzk2MjQwNGQ4YmIiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJ1c2VyIiwiYXVkIjoib2lkYy1jbGllbnQiLCJuYmYiOjE2ODY3MzM4MTYsInNjb3BlIjpbIm9wZW5pZCIsIm1lc3NhZ2UucmVhZCJdLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjkwMDAiLCJleHAiOjE2ODY3MzQxMTYsImlhdCI6MTY4NjczMzgxNn0.AiGV5LIl8a4_7a7L2gbR61sjvHVLW4dZ6cElAwsWZnp-P7ocQT119KIASTPv138MU6ZK2_aF_-ER5FKaFQVSOj10Fy_Gv9PXa2ExrzTajfkPtA_t63jCcazzllaVWY4QIVD4fU8hPe6zDwjNOOX8R7hJFu2qtZ8V3bhzTlC0M4XWDAQ0goymYrAnVq8BR6hRm5-pY4nMCUZPFCeEFqGnl68EGRzosdSQeuRd-PtzB837i-C7lxqIjs4Y5hZ9mQw3R1zfa0WoP2KeN8K3WjyTIYd9PvrLIFCB5Zhj54sdNpZTy7wwC-oCVzwFFCEkgY-vprfgk4e4sZ10Lx60j--fHA' \

    --header 'Cookie: JSESSIONID=7B10DA37A285902E4AEE4586AC181343'

    效果如下:

    默认返回的只有用户名,其他的数据,需要我们来重写一些东西获取

    Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证,第14张

     过滤器执行链Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证,第15张

    BearerTokenAuthenticationFilter: 检验token

    AuthenticationEntryPointFailureHandler

    AuthenticationFailureHandler

    OidcUserInfoEndpointFilter

    个性化改造

    目标

    1. 原有的客户端注册中心是基于内存的InMemoryRegisteredClientRepository,需要改造为基于数据库,可动态注册即修改客户端信息
    2. 用户信息UserDetailsService也是基于内存,现在需要基于数据库动态添加编辑
    3. 各种异常的自定义处理与信息返回
    4. 用户信息的自定义返回
    5. 过期时间、授权方式
    6. 新增客户端client,从客户端作为入口并配置相关组件

    基础知识

    Spring Security OAuth2 Client

    组件介绍:

    • ClientRegistration:注册的客户端

    • ClientRegistrationRepository:ClientRegistration的存储仓库

    • OAuth2AuthorizedClient: 已授权过的客户端

    • OAuth2AuthorizedClientRepository :已授权过的客户端存储库持久化

    • OAuth2AuthorizationRequestRedirectFilter:该过滤器处理 /oauth2/authorization 路径,转发给 认证中心 对应的路径 /oauth2/authorize

    • OAuth2AuthorizationCodeGrantFilter:负责处理 认证中心 的授权码回调请求,如地址重定向

    • OAuth2LoginAuthenticationFilter:处理第三方认证的回调(该回调有授权码)

      拿着授权码到第三方认证服务器获取access_token和refresh_token

    改造过程

    auth-server改造

    目标

    • 客户端基于数据库增删
    • 用户信息UserDetailsService也是基于内存,现在需要基于数据库动态添加编辑
    • 异常的自定义处理与信息返回
    • 过期时间、授权方式
    • 用户信息的自定义返回

    改造如下:

    POM

    新增数据库相关依赖,包括mysql和 mybatis

     
         mysql
         mysql-connector-java
     
     
         com.alibaba
         druid-spring-boot-starter
     
     
         com.alibaba
         fastjson
     
     
         org.mybatis.spring.boot
         mybatis-spring-boot-starter
     

    配置文件增加

    spring:
      datasource:
        type: com.alibaba.druid.pool.DruidDataSource
        driver-class-name: com.mysql.cj.jdbc.Driver
        url: jdbc:mysql://192.168.1.111:8106/oauth2?useSSL=false&serverTimezone=Asia/Shanghai
        username: root
        password: 123456
    
    持久化改造

    将原先客户端的信息及授权信息配置到数据库中

    再另外增加一个 sys_user,来存储默认的用户信息

    AuthorizationServerConfig改造

    新增两个持久化用到的repository,注释掉之前基于内存的 RegisteredClientRepository

        /**
         * 注册客户端
         * @param jdbcTemplate
         * @return
         */
        @Bean
        public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) {
            return new JdbcRegisteredClientRepository(jdbcTemplate);
        }
        /**
         * 授权
         * @param jdbcTemplate
         * @param registeredClientRepository
         * @return
         */
        @Bean
        public OAuth2AuthorizationService authorizationService(JdbcTemplate jdbcTemplate, RegisteredClientRepository registeredClientRepository) {
            return new JdbcOAuth2AuthorizationService(jdbcTemplate, registeredClientRepository);
        }
    sql脚本

    需要用到SQL脚本和一些初始数据我直接放在了下面,包括一个sys_user用来登录,里面过期时间及相关的消息我已经 初始化好了

    -- ----------------------------
    -- Table structure for oauth2_authorization
    -- ----------------------------
    DROP TABLE IF EXISTS `oauth2_authorization`;
    CREATE TABLE `oauth2_authorization`  (
      `id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
      `registered_client_id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
      `principal_name` varchar(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
      `authorization_grant_type` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
      `authorized_scopes` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
      `attributes` blob NULL,
      `state` varchar(500) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
      `authorization_code_value` blob NULL,
      `authorization_code_issued_at` timestamp(0) NULL DEFAULT NULL,
      `authorization_code_expires_at` timestamp(0) NULL DEFAULT NULL,
      `authorization_code_metadata` blob NULL,
      `access_token_value` blob NULL,
      `access_token_issued_at` timestamp(0) NULL DEFAULT NULL,
      `access_token_expires_at` timestamp(0) NULL DEFAULT NULL,
      `access_token_metadata` blob NULL,
      `access_token_type` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
      `access_token_scopes` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
      `oidc_id_token_value` blob NULL,
      `oidc_id_token_issued_at` timestamp(0) NULL DEFAULT NULL,
      `oidc_id_token_expires_at` timestamp(0) NULL DEFAULT NULL,
      `oidc_id_token_metadata` blob NULL,
      `refresh_token_value` blob NULL,
      `refresh_token_issued_at` timestamp(0) NULL DEFAULT NULL,
      `refresh_token_expires_at` timestamp(0) NULL DEFAULT NULL,
      `refresh_token_metadata` blob NULL,
      `user_code_value` blob NULL,
      `user_code_issued_at` timestamp(0) NULL DEFAULT NULL,
      `user_code_expires_at` timestamp(0) NULL DEFAULT NULL,
      `user_code_metadata` blob NULL,
      `device_code_value` blob NULL,
      `device_code_issued_at` timestamp(0) NULL DEFAULT NULL,
      `device_code_expires_at` timestamp(0) NULL DEFAULT NULL,
      `device_code_metadata` blob NULL,
      PRIMARY KEY (`id`) USING BTREE
    ) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci ROW_FORMAT = Dynamic;
    -- ----------------------------
    -- Records of oauth2_authorization
    -- ----------------------------
    INSERT INTO `oauth2_authorization` VALUES ('684c544f-a11c-475d-a6f8-7d2c891c0bd0', '7b692184-914f-4dcb-9142-f542a7e43fa4', 'user', 'authorization_code', 'openid,message.read', 0x7B2240636C617373223A226A6176612E7574696C2E436F6C6C656374696F6E7324556E6D6F6469666961626C654D6170222C226A6176612E73656375726974792E5072696E636970616C223A7B2240636C617373223A226F72672E737072696E676672616D65776F726B2E73656375726974792E61757468656E7469636174696F6E2E557365726E616D6550617373776F726441757468656E7469636174696F6E546F6B656E222C22617574686F726974696573223A5B226A6176612E7574696C2E436F6C6C656374696F6E7324556E6D6F6469666961626C6552616E646F6D4163636573734C697374222C5B5D5D2C2264657461696C73223A7B2240636C617373223A226F72672E737072696E676672616D65776F726B2E73656375726974792E7765622E61757468656E7469636174696F6E2E57656241757468656E7469636174696F6E44657461696C73222C2272656D6F746541646472657373223A22303A303A303A303A303A303A303A31222C2273657373696F6E4964223A223141433645423144444332313637373745434232313233383934343034463941227D2C2261757468656E74696361746564223A747275652C227072696E636970616C223A7B2240636C617373223A22636F6D2E73792E617574687365727665722E646F6D61696E2E55736572496E666F222C226964223A322C22757365726E616D65223A2275736572222C2270617373776F7264223A222432612431302475772E5178624744316F35412E446C6230786A6A4C754D356E734934376962746950446F74707437424462666D4162573654475375222C226E616D65223A22E596BBE8AEADE6B5A9222C22656E61626C6564223A6E756C6C2C226163636F756E744E6F6E45787069726564223A6E756C6C2C2263726564656E7469616C734E6F6E45787069726564223A6E756C6C2C226163636F756E744E6F6E4C6F636B6564223A6E756C6C2C22617574686F726974696573223A5B226A6176612E7574696C2E41727261794C697374222C5B5D5D7D2C2263726564656E7469616C73223A6E756C6C7D2C226F72672E737072696E676672616D65776F726B2E73656375726974792E6F61757468322E636F72652E656E64706F696E742E4F4175746832417574686F72697A6174696F6E52657175657374223A7B2240636C617373223A226F72672E737072696E676672616D65776F726B2E73656375726974792E6F61757468322E636F72652E656E64706F696E742E4F4175746832417574686F72697A6174696F6E52657175657374222C22617574686F72697A6174696F6E557269223A22687474703A2F2F6C6F63616C686F73743A393030302F6F61757468322F617574686F72697A65222C22617574686F72697A6174696F6E4772616E7454797065223A7B2276616C7565223A22617574686F72697A6174696F6E5F636F6465227D2C22726573706F6E736554797065223A7B2276616C7565223A22636F6465227D2C22636C69656E744964223A226F6964632D636C69656E74222C227265646972656374557269223A22687474703A2F2F7777772E62616964752E636F6D222C2273636F706573223A5B226A6176612E7574696C2E436F6C6C656374696F6E7324556E6D6F6469666961626C65536574222C5B226F70656E6964222C226D6573736167652E72656164225D5D2C227374617465223A6E756C6C2C226164646974696F6E616C506172616D6574657273223A7B2240636C617373223A226A6176612E7574696C2E436F6C6C656374696F6E7324556E6D6F6469666961626C654D6170222C22636F6E74696E7565223A22227D2C22617574686F72697A6174696F6E52657175657374557269223A22687474703A2F2F6C6F63616C686F73743A393030302F6F61757468322F617574686F72697A653F726573706F6E73655F747970653D636F646526636C69656E745F69643D6F6964632D636C69656E742673636F70653D6F70656E69642532306D6573736167652E726561642672656469726563745F7572693D687474703A2F2F7777772E62616964752E636F6D26636F6E74696E75653D222C2261747472696275746573223A7B2240636C617373223A226A6176612E7574696C2E436F6C6C656374696F6E7324556E6D6F6469666961626C654D6170227D7D7D, NULL, 0x5F79764F55656652333835374D47634568767647556C70376B3934584474684566514F7A376F6B4A4A49397846723767673156484E37367170772D385262303965713749797867367A7748765953314B6C34614547463846487851542D64745576466A6C5A78357634546A39627A2D6F613753583636456E7775614A4A347750, '2023-07-06 08:17:08', '2023-07-06 08:22:08', 0x7B2240636C617373223A226A6176612E7574696C2E436F6C6C656374696F6E7324556E6D6F6469666961626C654D6170222C226D657461646174612E746F6B656E2E696E76616C696461746564223A66616C73657D, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
    -- ----------------------------
    -- Table structure for oauth2_authorization_consent
    -- ----------------------------
    DROP TABLE IF EXISTS `oauth2_authorization_consent`;
    CREATE TABLE `oauth2_authorization_consent`  (
      `registered_client_id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
      `principal_name` varchar(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
      `authorities` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
      PRIMARY KEY (`registered_client_id`, `principal_name`) USING BTREE
    ) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci ROW_FORMAT = Dynamic;
    -- ----------------------------
    -- Records of oauth2_authorization_consent
    -- ----------------------------
    -- ----------------------------
    -- Table structure for oauth2_authorized_client
    -- ----------------------------
    DROP TABLE IF EXISTS `oauth2_authorized_client`;
    CREATE TABLE `oauth2_authorized_client`  (
      `client_registration_id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
      `principal_name` varchar(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
      `access_token_type` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
      `access_token_value` blob NOT NULL,
      `access_token_issued_at` timestamp(0) NOT NULL,
      `access_token_expires_at` timestamp(0) NOT NULL,
      `access_token_scopes` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
      `refresh_token_value` blob NULL,
      `refresh_token_issued_at` timestamp(0) NULL DEFAULT NULL,
      `created_at` timestamp(0) NOT NULL DEFAULT CURRENT_TIMESTAMP(0),
      PRIMARY KEY (`client_registration_id`, `principal_name`) USING BTREE
    ) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci ROW_FORMAT = Dynamic;
    -- ----------------------------
    -- Records of oauth2_authorized_client
    -- ----------------------------
    -- ----------------------------
    -- Table structure for oauth2_registered_client
    -- ----------------------------
    DROP TABLE IF EXISTS `oauth2_registered_client`;
    CREATE TABLE `oauth2_registered_client`  (
      `id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
      `client_id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
      `client_id_issued_at` timestamp(0) NOT NULL DEFAULT CURRENT_TIMESTAMP(0),
      `client_secret` varchar(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
      `client_secret_expires_at` timestamp(0) NULL DEFAULT NULL,
      `client_name` varchar(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
      `client_authentication_methods` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
      `authorization_grant_types` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
      `redirect_uris` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
      `post_logout_redirect_uris` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
      `scopes` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
      `client_settings` varchar(2000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
      `token_settings` varchar(2000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
      PRIMARY KEY (`id`) USING BTREE
    ) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci ROW_FORMAT = Dynamic;
    -- ----------------------------
    -- Records of oauth2_registered_client
    -- ----------------------------
    INSERT INTO `oauth2_registered_client` VALUES ('2c1a95f5-b4cd-49cd-884f-9e3a94c69e05', 'user-client', '2023-07-06 17:44:20', 'a$HIatI0j2sqgPO5lSIuQH9.TxEGlrpBrI0ZD5MqwKOG6FMzwhlB7xa', NULL, '2c1a95f5-b4cd-49cd-884f-9e3a94c69e05', 'client_secret_post,client_secret_basic', 'refresh_token,client_credentials,authorization_code', 'http://www.baidu.com,http://localhost:9001/api/login/welcome,http://localhost:9001/login/oauth2/code/oidc-client', 'http://127.0.0.1:8080/', 'all,openid,profile,message.read,message.write', '{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.client.require-proof-key\":false,\"settings.client.require-authorization-consent\":false}', '{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.token.reuse-refresh-tokens\":true,\"settings.token.id-token-signature-algorithm\":[\"org.springframework.security.oauth2.jose.jws.SignatureAlgorithm\",\"RS256\"],\"settings.token.access-token-time-to-live\":[\"java.time.Duration\",3600.000000000],\"settings.token.access-token-format\":{\"@class\":\"org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat\",\"value\":\"self-contained\"},\"settings.token.refresh-token-time-to-live\":[\"java.time.Duration\",43200.000000000],\"settings.token.authorization-code-time-to-live\":[\"java.time.Duration\",300.000000000],\"settings.token.device-code-time-to-live\":[\"java.time.Duration\",300.000000000]}');
    INSERT INTO `oauth2_registered_client` VALUES ('885e9d2a-794e-4019-8843-5675045c573e', 'oidc-client', '2023-07-06 17:44:20', 'a$k50p3tJgk3B7d9DrAxYIfO37pVSVO574qEWYH.nq6FTEprHA4Esie', NULL, '885e9d2a-794e-4019-8843-5675045c573e', 'client_secret_basic', 'refresh_token,client_credentials,authorization_code', 'http://www.baidu.com,http://localhost:9001/api/login/welcome,http://localhost:9001/login/oauth2/code/oidc-client', 'http://127.0.0.1:8080/', 'all,openid,profile,message.read,message.write', '{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.client.require-proof-key\":false,\"settings.client.require-authorization-consent\":false}', '{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.token.reuse-refresh-tokens\":true,\"settings.token.id-token-signature-algorithm\":[\"org.springframework.security.oauth2.jose.jws.SignatureAlgorithm\",\"RS256\"],\"settings.token.access-token-time-to-live\":[\"java.time.Duration\",3600.000000000],\"settings.token.access-token-format\":{\"@class\":\"org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat\",\"value\":\"self-contained\"},\"settings.token.refresh-token-time-to-live\":[\"java.time.Duration\",43200.000000000],\"settings.token.authorization-code-time-to-live\":[\"java.time.Duration\",300.000000000],\"settings.token.device-code-time-to-live\":[\"java.time.Duration\",300.000000000]}');
    -- ----------------------------
    -- Table structure for sys_user
    -- ----------------------------
    DROP TABLE IF EXISTS `sys_user`;
    CREATE TABLE `sys_user`  (
      `id` bigint(20) NOT NULL COMMENT '主键',
      `username` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '用户名',
      `name` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '姓名',
      `password` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '密码',
      `status` tinyint(4) NOT NULL COMMENT '状态',
      `create_time` datetime(0) NOT NULL COMMENT '创建时间',
      `create_user` bigint(20) NOT NULL COMMENT '创建人',
      `update_time` datetime(0) NOT NULL COMMENT '修改时间',
      `update_user` bigint(20) NOT NULL COMMENT '修改人',
      PRIMARY KEY (`id`) USING BTREE
    ) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci ROW_FORMAT = Dynamic;
    -- ----------------------------
    -- Records of sys_user
    -- ----------------------------
    INSERT INTO `sys_user` VALUES (2, 'user', '用户', 'a$uw.QxbGD1o5A.Dlb0xjjLuM5nsI47ibtiPDotpt7BDbfmAbW6TGSu', 0, '2023-06-27 18:26:23', 1, '2023-06-27 18:26:26', 1);
    SET FOREIGN_KEY_CHECKS = 1;
    
    DefaultSecurityConfig修改

    之前的用户信息我们是基于内存配置的,现在我们基于mysql来做修改,注释掉之前的 UserDetailsService,并配置加密 PasswordEncoder,

        @Bean
        public PasswordEncoder passwordEncoder() {
            return new BCryptPasswordEncoder();
        }
    UserService配置

    新增 UserService

    @Slf4j
    @Service
    public class UserService implements UserDetailsService {
        @Resource
        private UserMapper userMapper;
        @Override
        public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
            return userMapper.getByUsername(username);
        }
    }

    UserMapper

    @Mapper
    public interface UserMapper {
        @Select("select * from sys_user where username = #{username}")
        UserInfo getByUsername(@Param("username") String username);
    }
    异常处理

     新增异常处理handler

    @Component
    public class Oauth2FailureHandler implements AuthenticationFailureHandler {
        @Override
        public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
            String message;
            if (exception instanceof OAuth2AuthenticationException auth2AuthenticationException) {
                OAuth2Error error = auth2AuthenticationException.getError();
                message = "认证信息错误:" + error.getErrorCode() + error.getDescription();
            } else {
                message = exception.getMessage();
            }
            response.setContentType("application/json;charset=UTF-8");
            response.setStatus(HttpStatus.OK.value());
            response.getWriter().write(JSONObject.toJSONString(ReturnVO.failed(401, message)));
            response.getWriter().flush();
        }
    }

    将此handler配置到 SecurityFilterChain 中,修改 authorizationServerSecurityFilterChain

        @Bean
        @Order(1)
        public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
                throws Exception {
            //针对 Spring Authorization Server 最佳实践配置
            OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
            http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
                    //设置客户端授权中失败的handler处理
                    .clientAuthentication((auth) -> auth.errorResponseHandler(new Oauth2FailureHandler()))
                    //token 相关配置 如  /oauth2/token接口
                    .tokenEndpoint((token) -> token.errorResponseHandler(new Oauth2FailureHandler()))
                    .oidc(Customizer.withDefaults());	// Enable OpenID Connect 1.0
            http.csrf(AbstractHttpConfigurer::disable)
                    .exceptionHandling((exceptions) -> exceptions
                            .defaultAuthenticationEntryPointFor(
                                    new LoginUrlAuthenticationEntryPoint("/login"),
                                    new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
                              )
                    )
                    // Accept access tokens for User Info and/or Client Registration
                    .oauth2ResourceServer((resourceServer) -> resourceServer
                            .jwt(Customizer.withDefaults()));
            return http.build();
        }
    测试

    重复上面的访问授权服务步骤,登录后控制台发现已经调用了后端的查询用户方法

    Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证,第16张

    同时,数据库里面授权数据也有了

    Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证,第17张

    拿着code去换token

    Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证,第18张

    根据刷新码 refresh_token 换token

    上面返回了 refresh_token, 我们这边根据他去换 新的token,

    传参:

         Body参数如下:

    • grant_type:refresh_token
    • refresh_token:上面返回的值

           Header参数如下:

      •  Authorization:和上面一样是base64加密过后的

    curl命令

     curl --location --request POST 'http://localhost:9000/oauth2/token?grant_type=refresh_token&refresh_token=O-ufrbFjv51U0PfxCk0v64c6Qk7D9cFXcI5klMSk8I2S8_wOXueiVJhpezzR5wnLzZ1BrPcZHOKwqDwCmD3aAresxN-QLC5p97Nck0Vcg72i6uJVQ748HBIen1GUMBRj' \

    --header 'Authorization: Basic b2lkYy1jbGllbnQ6c2VjcmV0' \

    --header 'Cookie: JSESSIONID=8391DF634525DC2508AD30D2322E2A5B'

    返回信息如下: 

    Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证,第19张

    自定义用户信息

    有这么两种方式,

    1、自定义 ID 令牌

    2、自定义用户信息映射器

    两种本质其实都是将用户信息放到 token中的 claims中

    我这边选择了第二种,改造过程如下

    userService新增方法
     public Map getUserInfoMap(String username) throws UsernameNotFoundException {
            return userMapper.getUserInfoMap(username);
        }
    定义用户信息格式返回handler

    定义一个handler返回一些其他信息

    @Component
    public class Oauth2SuccessHandler implements AuthenticationSuccessHandler {
        @Override
        public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
            OidcUserInfoAuthenticationToken userInfoAuthenticationToken = (OidcUserInfoAuthenticationToken) authentication;
            response.setContentType("application/json;charset=UTF-8");
            response.setStatus(HttpStatus.OK.value());
            response.getWriter().write(JSONObject.toJSONString(ReturnVO.success(userInfoAuthenticationToken.getUserInfo())));
            response.getWriter().flush();
        }
    }
    SecurityFilterChain改造

    新增自定义用户信息映射器,并配置到过滤器链中,改造后的如下

     @Bean
        @Order(1)
        public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
                throws Exception {
            //针对 Spring Authorization Server 最佳实践配置
            OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
            //自定义用户映射器
            Function userInfoMapper = (context) -> {
                OidcUserInfoAuthenticationToken authentication = context.getAuthentication();
                JwtAuthenticationToken principal = (JwtAuthenticationToken) authentication.getPrincipal();
                return new OidcUserInfo(userService.getUserInfoMap(principal.getName()));
            };
            http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
                    //设置客户端授权中失败的handler处理
                    .clientAuthentication((auth) ->
                            auth.errorResponseHandler(new Oauth2FailureHandler()))
                    //token 相关配置 如  /oauth2/token接口
                    .tokenEndpoint((token) -> token.errorResponseHandler(new Oauth2FailureHandler()))
                    // Enable OpenID Connect 1.0, 包括用户信息等
                    //.oidc(Customizer.withDefaults());
                    .oidc((oidc) -> {
                        oidc.userInfoEndpoint((userInfo) -> {
                                    userInfo.userInfoMapper(userInfoMapper);
                                    userInfo.userInfoResponseHandler(new Oauth2SuccessHandler());
                                }
                        );
                    });
            http.csrf(AbstractHttpConfigurer::disable)
                    .exceptionHandling((exceptions) -> exceptions
                            .defaultAuthenticationEntryPointFor(
                                    new LoginUrlAuthenticationEntryPoint("/login"),
                                    new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
                            )
                    )
                    // Accept access tokens for User Info and/or Client Registration
                    .oauth2ResourceServer((resourceServer) -> resourceServer
                            .jwt(Customizer.withDefaults()));
            return http.build();
        }
    测试

    启动后,重新走登录及获取用户信息流程,发现返回的结构如下,信息已经成功从库中查出并返回

    Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证,第20张

     

     auth-client客户端添加

    增加一个 client模块,结构如下

    Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证,第21张

     配置

    POM

    
        
            org.springframework.boot
            spring-boot-starter-oauth2-client
        
        
            org.springframework.boot
            spring-boot-starter-web
        
    

    配置文件

    打开了 trace的日志,方便监控,端口设置为9001

    注意:下面的 issuer-uri 为 auth-server的uri,这里我把他设置为了局域网ip,而不是localhost,因为 oauth2默认的如果是同一域名,会导致会话的session替换掉,而导致 authorization_request_not_found 错误。

    server:
      port: 9001
    logging:
      level:
        root: INFO
        org.springframework.web: debug
        org.springframework.security: debug
        org.springframework.security.oauth2: debug
        org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping: trace
        org.springframework.security.web.FilterChainProxy: trace # 过滤器执行顺序
        org.springframework.security.web.access.ExceptionTranslationFilter: trace #异常处理
    spring:
      security:
        oauth2:
          client:
            provider:
              test-provider1:
                issuer-uri: http://192.168.1.125:9000
            registration:
              oidc-client:
                client-id: oidc-client
                client-secret: secret
                client-name: 测试客户端
                provider: test-provider1
                redirect-uri: '{baseUrl}/{action}/oauth2/code/{registrationId}'
                authorization-grant-type: authorization_code
                scope:
                  - openid
                  - profile
                  - all
     controller

    加了一个 controller来做默认的客户端首页。

    @RestController
    @RequestMapping
    public class IndexController {
        @GetMapping("")
        public String welcome() {
            return "

    index!

    "; } }
    测试

    启动客户端,网页输入客户端地址  http://localhost:9001/

    会默认跳转到服务端的授权页,输入密码登录后,回调到了首页

    Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证,第22张

    控制台

    控制台打印,想深入研究的可以去对应的类里面去

    client

    D:\dev\jdk17\bin\java.exe -agentlib:jdwp=transport=dt_socket,address=127.0.0.1:63809,suspend=y,server=n -XX:TieredStopAtLevel=1 -Dspring.output.ansi.enabled=always -Dcom.sun.management.jmxremote -Dspring.jmx.enabled=true -Dspring.liveBeansView.mbeanDomain -Dspring.application.admin.enabled=true "-Dmanagement.endpoints.jmx.exposure.include=*" -javaagent:C:\Users\yuxunhao\AppData\Local\JetBrains\IntelliJIdea2023.1\captureAgent\debugger-agent.jar=file:/C:/Users/yuxunhao/AppData/Local/Temp/capture.props -Dfile.encoding=UTF-8 -classpath "D:\code\cloud-alibaba\auth\auth-client\target\classes;D:\maven_repository\org\springframework\boot\spring-boot-starter-oauth2-client\3.1.0\spring-boot-starter-oauth2-client-3.1.0.jar;D:\maven_repository\org\springframework\security\spring-security-config\6.1.0\spring-security-config-6.1.0.jar;D:\maven_repository\org\springframework\spring-aop\6.0.9\spring-aop-6.0.9.jar;D:\maven_repository\org\springframework\spring-beans\6.0.9\spring-beans-6.0.9.jar;D:\maven_repository\org\springframework\spring-context\6.0.9\spring-context-6.0.9.jar;D:\maven_repository\org\springframework\security\spring-security-core\6.1.0\spring-security-core-6.1.0.jar;D:\maven_repository\org\springframework\security\spring-security-crypto\6.1.0\spring-security-crypto-6.1.0.jar;D:\maven_repository\org\springframework\spring-expression\6.0.9\spring-expression-6.0.9.jar;D:\maven_repository\io\micrometer\micrometer-observation\1.11.0\micrometer-observation-1.11.0.jar;D:\maven_repository\io\micrometer\micrometer-commons\1.11.0\micrometer-commons-1.11.0.jar;D:\maven_repository\org\springframework\security\spring-security-oauth2-client\6.1.0\spring-security-oauth2-client-6.1.0.jar;D:\maven_repository\org\springframework\security\spring-security-oauth2-core\6.1.0\spring-security-oauth2-core-6.1.0.jar;D:\maven_repository\org\springframework\security\spring-security-web\6.1.0\spring-security-web-6.1.0.jar;D:\maven_repository\com\nimbusds\oauth2-oidc-sdk\9.43.2\oauth2-oidc-sdk-9.43.2.jar;D:\maven_repository\com\github\stephenc\jcip\jcip-annotations\1.0-1\jcip-annotations-1.0-1.jar;D:\maven_repository\com\nimbusds\content-type\2.2\content-type-2.2.jar;D:\maven_repository\net\minidev\json-smart\2.4.10\json-smart-2.4.10.jar;D:\maven_repository\net\minidev\accessors-smart\2.4.9\accessors-smart-2.4.9.jar;D:\maven_repository\org\ow2\asm\asm\9.3\asm-9.3.jar;D:\maven_repository\com\nimbusds\lang-tag\1.7\lang-tag-1.7.jar;D:\maven_repository\org\springframework\security\spring-security-oauth2-jose\6.1.0\spring-security-oauth2-jose-6.1.0.jar;D:\maven_repository\com\nimbusds\nimbus-jose-jwt\9.31\nimbus-jose-jwt-9.31.jar;D:\maven_repository\org\springframework\boot\spring-boot-starter-web\3.1.0\spring-boot-starter-web-3.1.0.jar;D:\maven_repository\org\springframework\boot\spring-boot-starter-json\3.1.0\spring-boot-starter-json-3.1.0.jar;D:\maven_repository\com\fasterxml\jackson\core\jackson-databind\2.15.0\jackson-databind-2.15.0.jar;D:\maven_repository\com\fasterxml\jackson\core\jackson-annotations\2.15.0\jackson-annotations-2.15.0.jar;D:\maven_repository\com\fasterxml\jackson\core\jackson-core\2.15.0\jackson-core-2.15.0.jar;D:\maven_repository\com\fasterxml\jackson\datatype\jackson-datatype-jdk8\2.15.0\jackson-datatype-jdk8-2.15.0.jar;D:\maven_repository\com\fasterxml\jackson\datatype\jackson-datatype-jsr310\2.15.0\jackson-datatype-jsr310-2.15.0.jar;D:\maven_repository\com\fasterxml\jackson\module\jackson-module-parameter-names\2.15.0\jackson-module-parameter-names-2.15.0.jar;D:\maven_repository\org\springframework\boot\spring-boot-starter-tomcat\3.1.0\spring-boot-starter-tomcat-3.1.0.jar;D:\maven_repository\org\apache\tomcat\embed\tomcat-embed-core\10.1.8\tomcat-embed-core-10.1.8.jar;D:\maven_repository\org\apache\tomcat\embed\tomcat-embed-el\10.1.8\tomcat-embed-el-10.1.8.jar;D:\maven_repository\org\apache\tomcat\embed\tomcat-embed-websocket\10.1.8\tomcat-embed-websocket-10.1.8.jar;D:\maven_repository\org\springframework\spring-web\6.0.9\spring-web-6.0.9.jar;D:\maven_repository\org\springframework\spring-webmvc\6.0.9\spring-webmvc-6.0.9.jar;D:\maven_repository\org\springframework\boot\spring-boot-starter\3.1.0\spring-boot-starter-3.1.0.jar;D:\maven_repository\org\springframework\boot\spring-boot\3.1.0\spring-boot-3.1.0.jar;D:\maven_repository\org\springframework\boot\spring-boot-autoconfigure\3.1.0\spring-boot-autoconfigure-3.1.0.jar;D:\maven_repository\org\springframework\boot\spring-boot-starter-logging\3.1.0\spring-boot-starter-logging-3.1.0.jar;D:\maven_repository\ch\qos\logback\logback-classic\1.4.7\logback-classic-1.4.7.jar;D:\maven_repository\ch\qos\logback\logback-core\1.4.7\logback-core-1.4.7.jar;D:\maven_repository\org\slf4j\slf4j-api\2.0.7\slf4j-api-2.0.7.jar;D:\maven_repository\org\apache\logging\log4j\log4j-to-slf4j\2.20.0\log4j-to-slf4j-2.20.0.jar;D:\maven_repository\org\apache\logging\log4j\log4j-api\2.20.0\log4j-api-2.20.0.jar;D:\maven_repository\org\slf4j\jul-to-slf4j\2.0.7\jul-to-slf4j-2.0.7.jar;D:\maven_repository\jakarta\annotation\jakarta.annotation-api\2.1.1\jakarta.annotation-api-2.1.1.jar;D:\maven_repository\org\springframework\spring-core\6.0.9\spring-core-6.0.9.jar;D:\maven_repository\org\springframework\spring-jcl\6.0.9\spring-jcl-6.0.9.jar;D:\maven_repository\org\yaml\snakeyaml\1.33\snakeyaml-1.33.jar;D:\dev\IntelliJ IDEA 2023.1.1\lib\idea_rt.jar" com.sy.authclient.AuthClientApplication
    Connected to the target VM, address: '127.0.0.1:63809', transport: 'socket'
      .   ____          _            __ _ _
     /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
    ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
     \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
      '  |____| .__|_| |_|_| |_\__, | / / / /
     =========|_|==============|___/=/_/_/_/
     :: Spring Boot ::                (v3.1.0)
    2023-06-25T18:09:18.148+08:00  INFO 5712 --- [           main] c.sy.authclient.AuthClientApplication    : Starting AuthClientApplication using Java 17.0.6 with PID 5712 (D:\code\cloud-alibaba\auth\auth-client\target\classes started by yuxunhao in D:\code\cloud-alibaba)
    2023-06-25T18:09:18.152+08:00  INFO 5712 --- [           main] c.sy.authclient.AuthClientApplication    : No active profile set, falling back to 1 default profile: "default"
    2023-06-25T18:09:18.715+08:00  INFO 5712 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 9001 (http)
    2023-06-25T18:09:18.723+08:00  INFO 5712 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
    2023-06-25T18:09:18.723+08:00  INFO 5712 --- [           main] o.apache.catalina.core.StandardEngine    : Starting Servlet engine: [Apache Tomcat/10.1.8]
    2023-06-25T18:09:18.779+08:00  INFO 5712 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
    2023-06-25T18:09:18.779+08:00  INFO 5712 --- [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 591 ms
    2023-06-25T18:09:18.876+08:00 DEBUG 5712 --- [           main] o.s.web.client.RestTemplate              : HTTP GET http://192.168.1.125:9000/.well-known/openid-configuration
    2023-06-25T18:09:18.886+08:00 DEBUG 5712 --- [           main] o.s.web.client.RestTemplate              : Accept=[application/json, application/*+json]
    2023-06-25T18:09:18.894+08:00 DEBUG 5712 --- [           main] o.s.web.client.RestTemplate              : Response 200 OK
    2023-06-25T18:09:18.895+08:00 DEBUG 5712 --- [           main] o.s.web.client.RestTemplate              : Reading to [java.util.Map]
    2023-06-25T18:09:18.938+08:00 DEBUG 5712 --- [           main] swordEncoderAuthenticationManagerBuilder : No authenticationProviders and no parentAuthenticationManager defined. Returning null.
    2023-06-25T18:09:18.995+08:00 DEBUG 5712 --- [           main] s.w.s.m.m.a.RequestMappingHandlerMapping : 5 mappings in 'requestMappingHandlerMapping'
    2023-06-25T18:09:19.029+08:00 DEBUG 5712 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Patterns [/webjars/**, /**] in 'resourceHandlerMapping'
    2023-06-25T18:09:19.080+08:00  INFO 5712 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Will secure any request with [org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]
    2023-06-25T18:09:19.083+08:00  WARN 5712 --- [           main] o.s.s.c.a.web.builders.WebSecurity       : You are asking Spring Security to ignore Mvc [pattern='/webjars/**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.
    2023-06-25T18:09:19.083+08:00  INFO 5712 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Will not secure Mvc [pattern='/webjars/**']
    2023-06-25T18:09:19.084+08:00  WARN 5712 --- [           main] o.s.s.c.a.web.builders.WebSecurity       : You are asking Spring Security to ignore Mvc [pattern='/assets/**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.
    2023-06-25T18:09:19.084+08:00  INFO 5712 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Will not secure Mvc [pattern='/assets/**']
    2023-06-25T18:09:19.116+08:00 DEBUG 5712 --- [           main] s.w.s.m.m.a.RequestMappingHandlerAdapter : ControllerAdvice beans: 0 @ModelAttribute, 0 @InitBinder, 1 RequestBodyAdvice, 1 ResponseBodyAdvice
    2023-06-25T18:09:19.137+08:00 DEBUG 5712 --- [           main] .m.m.a.ExceptionHandlerExceptionResolver : ControllerAdvice beans: 0 @ExceptionHandler, 1 ResponseBodyAdvice
    2023-06-25T18:09:19.186+08:00  INFO 5712 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 9001 (http) with context path ''
    2023-06-25T18:09:19.192+08:00  INFO 5712 --- [           main] c.sy.authclient.AuthClientApplication    : Started AuthClientApplication in 1.347 seconds (process running for 1.747)
    2023-06-25T18:09:26.836+08:00  INFO 5712 --- [nio-9001-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring DispatcherServlet 'dispatcherServlet'
    2023-06-25T18:09:26.836+08:00  INFO 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'
    2023-06-25T18:09:26.836+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Detected StandardServletMultipartResolver
    2023-06-25T18:09:26.836+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Detected AcceptHeaderLocaleResolver
    2023-06-25T18:09:26.836+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Detected FixedThemeResolver
    2023-06-25T18:09:26.837+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Detected org.springframework.web.servlet.view.DefaultRequestToViewNameTranslator@658d05b2
    2023-06-25T18:09:26.837+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Detected org.springframework.web.servlet.support.SessionFlashMapManager@4258ed3f
    2023-06-25T18:09:26.837+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : enableLoggingRequestDetails='false': request parameters and headers will be masked to prevent unsafe logging of potentially sensitive data
    2023-06-25T18:09:26.837+08:00  INFO 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Completed initialization in 1 ms
    2023-06-25T18:09:26.843+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3)
    2023-06-25T18:09:26.848+08:00 DEBUG 5712 --- [nio-9001-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
    2023-06-25T18:09:26.848+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3)
    2023-06-25T18:09:26.848+08:00 DEBUG 5712 --- [nio-9001-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
    2023-06-25T18:09:26.848+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3)
    2023-06-25T18:09:26.850+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Securing GET /api/login/welcome
    2023-06-25T18:09:26.850+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/17)
    2023-06-25T18:09:26.851+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/17)
    2023-06-25T18:09:26.852+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/17)
    2023-06-25T18:09:26.852+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/17)
    2023-06-25T18:09:26.853+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/17)
    2023-06-25T18:09:26.854+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/17)
    2023-06-25T18:09:26.854+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17)
    2023-06-25T18:09:30.948+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (8/17)
    2023-06-25T18:09:31.636+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking OAuth2LoginAuthenticationFilter (9/17)
    2023-06-25T18:09:31.636+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking DefaultLoginPageGeneratingFilter (10/17)
    2023-06-25T18:09:31.637+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking DefaultLogoutPageGeneratingFilter (11/17)
    2023-06-25T18:09:31.637+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (12/17)
    2023-06-25T18:09:31.637+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (13/17)
    2023-06-25T18:09:31.638+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking AnonymousAuthenticationFilter (14/17)
    2023-06-25T18:09:31.639+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationCodeGrantFilter (15/17)
    2023-06-25T18:09:32.315+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (16/17)
    2023-06-25T18:09:32.316+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking AuthorizationFilter (17/17)
    2023-06-25T18:09:32.317+08:00 DEBUG 5712 --- [nio-9001-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
    2023-06-25T18:09:32.317+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter  : Set SecurityContextHolder to anonymous SecurityContext
    2023-06-25T18:09:32.940+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.s.w.a.ExceptionTranslationFilter     : Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied
    org.springframework.security.access.AccessDeniedException: Access Denied
    	at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:98) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter.doFilterInternal(OAuth2AuthorizationCodeGrantFilter.java:183) ~[spring-security-oauth2-client-6.1.0.jar:6.1.0]
    	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter.doFilterInternal(DefaultLogoutPageGeneratingFilter.java:58) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:188) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:174) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.doFilterInternal(OAuth2AuthorizationRequestRedirectFilter.java:181) ~[spring-security-oauth2-client-6.1.0.jar:6.1.0]
    	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.doFilterInternal(OAuth2AuthorizationRequestRedirectFilter.java:181) ~[spring-security-oauth2-client-6.1.0.jar:6.1.0]
    	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191) ~[spring-security-web-6.1.0.jar:6.1.0]
    	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352) ~[spring-web-6.0.9.jar:6.0.9]
    	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268) ~[spring-web-6.0.9.jar:6.0.9]
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
    	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-6.0.9.jar:6.0.9]
    	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
    	at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-6.0.9.jar:6.0.9]
    	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
    	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-6.0.9.jar:6.0.9]
    	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
    	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:166) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
    	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
    	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
    	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
    	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
    	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
    	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
    	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
    	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
    	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:894) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
    	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1741) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
    	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
    	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
    	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
    	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
    	at java.base/java.lang.Thread.run(Thread.java:833) ~[na:na]
    2023-06-25T18:09:32.969+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.s.w.s.HttpSessionRequestCache        : Saved request http://localhost:9001/api/login/welcome?continue to session
    2023-06-25T18:09:32.971+08:00 DEBUG 5712 --- [nio-9001-exec-1] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using And [Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], Not [And [Or [Ant [pattern='/login'], Ant [pattern='/favicon.ico']], And [Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@2793808, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]]]], org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer$$Lambda$809/0x000000080103adb8@4af06c88]
    2023-06-25T18:09:32.971+08:00 DEBUG 5712 --- [nio-9001-exec-1] s.w.a.DelegatingAuthenticationEntryPoint : Match found! Executing org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint@1a1cb815
    2023-06-25T18:09:32.971+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.s.web.DefaultRedirectStrategy        : Redirecting to http://localhost:9001/oauth2/authorization/oidc-client
    2023-06-25T18:09:32.977+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3)
    2023-06-25T18:09:32.979+08:00 DEBUG 5712 --- [nio-9001-exec-2] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped to ResourceHttpRequestHandler [classpath [META-INF/resources/], classpath [resources/], classpath [static/], classpath [public/], ServletContext [/]]
    2023-06-25T18:09:32.980+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3)
    2023-06-25T18:09:32.980+08:00 DEBUG 5712 --- [nio-9001-exec-2] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped to ResourceHttpRequestHandler [classpath [META-INF/resources/], classpath [resources/], classpath [static/], classpath [public/], ServletContext [/]]
    2023-06-25T18:09:32.980+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3)
    2023-06-25T18:09:32.980+08:00 DEBUG 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Securing GET /oauth2/authorization/oidc-client
    2023-06-25T18:09:32.980+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/17)
    2023-06-25T18:09:32.980+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/17)
    2023-06-25T18:09:32.980+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/17)
    2023-06-25T18:09:32.980+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/17)
    2023-06-25T18:09:32.981+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/17)
    2023-06-25T18:09:32.981+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/17)
    2023-06-25T18:09:32.981+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17)
    2023-06-25T18:09:35.475+08:00 DEBUG 5712 --- [nio-9001-exec-2] o.s.s.web.DefaultRedirectStrategy        : Redirecting to http://192.168.1.125:9000/oauth2/authorize?response_type=code&client_id=oidc-client&scope=openid%20profile%20all&state=TU46I58jnaXR0IdX4mGacIZkMOXfywv7o9-GNmQ12oI%3D&redirect_uri=http://localhost:9001/login/oauth2/code/oidc-client&nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8
    2023-06-25T18:09:36.481+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3)
    2023-06-25T18:09:36.482+08:00 DEBUG 5712 --- [nio-9001-exec-3] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.IndexController#welcome(String, String, String)
    2023-06-25T18:09:36.482+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3)
    2023-06-25T18:09:36.482+08:00 DEBUG 5712 --- [nio-9001-exec-3] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.IndexController#welcome(String, String, String)
    2023-06-25T18:09:36.482+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3)
    2023-06-25T18:09:36.482+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Securing GET /login/oauth2/code/oidc-client?code=mFkDdqxcVtO8TzDcFFMgex4kxlMzQsX3epjmJp-cMQRc2JzkEK18cY6pFHUMiDuCHjAcqFcjfwztaCrRWL6FBt1nxrrk6l1O8Xa9Iej6hMzrXWVPAth--DMFXvwVgApK&state=TU46I58jnaXR0IdX4mGacIZkMOXfywv7o9-GNmQ12oI%3D
    2023-06-25T18:09:36.482+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/17)
    2023-06-25T18:09:36.482+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/17)
    2023-06-25T18:09:36.483+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/17)
    2023-06-25T18:09:36.483+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/17)
    2023-06-25T18:09:36.483+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/17)
    2023-06-25T18:09:36.483+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/17)
    2023-06-25T18:09:36.483+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17)
    2023-06-25T18:09:37.261+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (8/17)
    2023-06-25T18:09:38.059+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking OAuth2LoginAuthenticationFilter (9/17)
    2023-06-25T18:09:44.576+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : HTTP POST http://192.168.1.125:9000/oauth2/token
    2023-06-25T18:09:44.577+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Accept=[application/json, application/*+json]
    2023-06-25T18:09:44.577+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Writing [{grant_type=[authorization_code], code=[mFkDdqxcVtO8TzDcFFMgex4kxlMzQsX3epjmJp-cMQRc2JzkEK18cY6pFHUMiDuCHjAcqFcjfwztaCrRWL6FBt1nxrrk6l1O8Xa9Iej6hMzrXWVPAth--DMFXvwVgApK], redirect_uri=[http://localhost:9001/login/oauth2/code/oidc-client]}] as "application/x-www-form-urlencoded;charset=UTF-8"
    2023-06-25T18:09:48.353+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Response 200 OK
    2023-06-25T18:09:48.354+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Reading to [org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse] as "application/json;charset=UTF-8"
    2023-06-25T18:09:48.393+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : HTTP GET http://192.168.1.125:9000/oauth2/jwks
    2023-06-25T18:09:48.393+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Accept=[text/plain, application/json, application/*+json, */*]
    2023-06-25T18:09:48.397+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Response 200 OK
    2023-06-25T18:09:48.397+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Reading to [java.lang.String] as "application/json;charset=ISO-8859-1"
    2023-06-25T18:09:48.415+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : HTTP GET http://192.168.1.125:9000/userinfo
    2023-06-25T18:09:48.415+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Accept=[application/json, application/*+json]
    2023-06-25T18:09:52.253+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Response 200 OK
    2023-06-25T18:09:52.254+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Reading to [java.util.Map]
    2023-06-25T18:09:52.268+08:00 DEBUG 5712 --- [nio-9001-exec-3] .s.ChangeSessionIdAuthenticationStrategy : Changed session id from F5FB786C57F37610E3A9671AB47DAE23
    2023-06-25T18:09:52.269+08:00 DEBUG 5712 --- [nio-9001-exec-3] w.c.HttpSessionSecurityContextRepository : Stored SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=Name: [user], Granted Authorities: [[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=user, aud=[oidc-client], azp=oidc-client, auth_time=2023-06-25T09:50:36Z, iss=http://192.168.1.125:9000, exp=2023-06-25T10:39:48Z, iat=2023-06-25T10:09:48Z, nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8, sid=7TkynZgAwHYhWeEnl4soX232xgREd1FFcPagGUIc5cc}], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=F5FB786C57F37610E3A9671AB47DAE23], Granted Authorities=[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]]] to HttpSession [org.apache.catalina.session.StandardSessionFacade@3e9daaba]
    2023-06-25T18:09:52.269+08:00 DEBUG 5712 --- [nio-9001-exec-3] .s.o.c.w.OAuth2LoginAuthenticationFilter : Set SecurityContextHolder to OAuth2AuthenticationToken [Principal=Name: [user], Granted Authorities: [[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=user, aud=[oidc-client], azp=oidc-client, auth_time=2023-06-25T09:50:36Z, iss=http://192.168.1.125:9000, exp=2023-06-25T10:39:48Z, iat=2023-06-25T10:09:48Z, nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8, sid=7TkynZgAwHYhWeEnl4soX232xgREd1FFcPagGUIc5cc}], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=F5FB786C57F37610E3A9671AB47DAE23], Granted Authorities=[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]]
    2023-06-25T18:09:52.269+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.s.web.DefaultRedirectStrategy        : Redirecting to http://localhost:9001/api/login/welcome?continue
    2023-06-25T18:09:52.276+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3)
    2023-06-25T18:09:52.277+08:00 DEBUG 5712 --- [nio-9001-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
    2023-06-25T18:09:52.277+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3)
    2023-06-25T18:09:52.277+08:00 DEBUG 5712 --- [nio-9001-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
    2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3)
    2023-06-25T18:09:52.278+08:00 DEBUG 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Securing GET /api/login/welcome?continue
    2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/17)
    2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/17)
    2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/17)
    2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/17)
    2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/17)
    2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/17)
    2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17)
    2023-06-25T18:10:00.651+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (8/17)
    2023-06-25T18:10:01.613+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking OAuth2LoginAuthenticationFilter (9/17)
    2023-06-25T18:10:01.613+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking DefaultLoginPageGeneratingFilter (10/17)
    2023-06-25T18:10:01.614+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking DefaultLogoutPageGeneratingFilter (11/17)
    2023-06-25T18:10:01.614+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (12/17)
    2023-06-25T18:10:01.614+08:00 DEBUG 5712 --- [nio-9001-exec-4] o.s.s.w.s.HttpSessionRequestCache        : Loaded matching saved request http://localhost:9001/api/login/welcome?continue
    2023-06-25T18:10:01.615+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (13/17)
    2023-06-25T18:10:01.615+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking AnonymousAuthenticationFilter (14/17)
    2023-06-25T18:10:01.615+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationCodeGrantFilter (15/17)
    2023-06-25T18:10:02.644+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (16/17)
    2023-06-25T18:10:02.644+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking AuthorizationFilter (17/17)
    2023-06-25T18:10:02.645+08:00 DEBUG 5712 --- [nio-9001-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
    2023-06-25T18:10:02.645+08:00 DEBUG 5712 --- [nio-9001-exec-4] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=Name: [user], Granted Authorities: [[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=user, aud=[oidc-client], azp=oidc-client, auth_time=2023-06-25T09:50:36Z, iss=http://192.168.1.125:9000, exp=2023-06-25T10:39:48Z, iat=2023-06-25T10:09:48Z, nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8, sid=7TkynZgAwHYhWeEnl4soX232xgREd1FFcPagGUIc5cc}], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=F5FB786C57F37610E3A9671AB47DAE23], Granted Authorities=[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]]]
    2023-06-25T18:10:04.181+08:00 DEBUG 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Secured GET /api/login/welcome?continue
    2023-06-25T18:10:04.183+08:00 DEBUG 5712 --- [nio-9001-exec-4] o.s.web.servlet.DispatcherServlet        : GET "/api/login/welcome?continue", parameters={masked}
    2023-06-25T18:10:04.183+08:00 DEBUG 5712 --- [nio-9001-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
    2023-06-25T18:10:04.196+08:00 DEBUG 5712 --- [nio-9001-exec-4] m.m.a.RequestResponseBodyMethodProcessor : Using 'text/html', given [text/html, application/xhtml+xml, image/webp, image/apng, application/xml;q=0.9, */*;q=0.8, application/signed-exchange;v=b3;q=0.7] and supported [text/plain, */*, application/json, application/*+json]
    2023-06-25T18:10:04.197+08:00 DEBUG 5712 --- [nio-9001-exec-4] m.m.a.RequestResponseBodyMethodProcessor : Writing ["

    Welcome!

    "] 2023-06-25T18:10:04.199+08:00 DEBUG 5712 --- [nio-9001-exec-4] o.s.web.servlet.DispatcherServlet : Completed 200 OK 2023-06-25T18:15:58.455+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3) 2023-06-25T18:15:58.455+08:00 DEBUG 5712 --- [nio-9001-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome() 2023-06-25T18:15:58.455+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3) 2023-06-25T18:15:58.455+08:00 DEBUG 5712 --- [nio-9001-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome() 2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3) 2023-06-25T18:15:58.456+08:00 DEBUG 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Securing GET /api/login/welcome?continue 2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/17) 2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/17) 2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/17) 2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/17) 2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking CsrfFilter (5/17) 2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (6/17) 2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17) 2023-06-25T18:16:03.860+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking OAuth2AuthorizationRequestRedirectFilter (8/17) 2023-06-25T18:16:04.596+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking OAuth2LoginAuthenticationFilter (9/17) 2023-06-25T18:16:04.596+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking DefaultLoginPageGeneratingFilter (10/17) 2023-06-25T18:16:04.597+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking DefaultLogoutPageGeneratingFilter (11/17) 2023-06-25T18:16:04.597+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (12/17) 2023-06-25T18:16:04.597+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (13/17) 2023-06-25T18:16:04.597+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (14/17) 2023-06-25T18:16:04.597+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking OAuth2AuthorizationCodeGrantFilter (15/17) 2023-06-25T18:16:05.355+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (16/17) 2023-06-25T18:16:05.355+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking AuthorizationFilter (17/17) 2023-06-25T18:16:05.355+08:00 DEBUG 5712 --- [nio-9001-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome() 2023-06-25T18:16:05.357+08:00 DEBUG 5712 --- [nio-9001-exec-7] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=Name: [user], Granted Authorities: [[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=user, aud=[oidc-client], azp=oidc-client, auth_time=2023-06-25T09:50:36Z, iss=http://192.168.1.125:9000, exp=2023-06-25T10:39:48Z, iat=2023-06-25T10:09:48Z, nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8, sid=7TkynZgAwHYhWeEnl4soX232xgREd1FFcPagGUIc5cc}], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=F5FB786C57F37610E3A9671AB47DAE23], Granted Authorities=[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]]] 2023-06-25T18:16:06.043+08:00 DEBUG 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Secured GET /api/login/welcome?continue 2023-06-25T18:16:06.043+08:00 DEBUG 5712 --- [nio-9001-exec-7] o.s.web.servlet.DispatcherServlet : GET "/api/login/welcome?continue", parameters={masked} 2023-06-25T18:16:06.043+08:00 DEBUG 5712 --- [nio-9001-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome() 2023-06-25T18:16:06.045+08:00 DEBUG 5712 --- [nio-9001-exec-7] m.m.a.RequestResponseBodyMethodProcessor : Using 'text/html', given [text/html, application/xhtml+xml, image/webp, image/apng, application/xml;q=0.9, */*;q=0.8, application/signed-exchange;v=b3;q=0.7] and supported [text/plain, */*, application/json, application/*+json] 2023-06-25T18:16:06.045+08:00 DEBUG 5712 --- [nio-9001-exec-7] m.m.a.RequestResponseBodyMethodProcessor : Writing ["

    Welcome!

    "] 2023-06-25T18:16:06.045+08:00 DEBUG 5712 --- [nio-9001-exec-7] o.s.web.servlet.DispatcherServlet : Completed 200 OK 2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3) 2023-06-25T18:16:17.363+08:00 DEBUG 5712 --- [nio-9001-exec-8] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome() 2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3) 2023-06-25T18:16:17.363+08:00 DEBUG 5712 --- [nio-9001-exec-8] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome() 2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3) 2023-06-25T18:16:17.363+08:00 DEBUG 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Securing GET /api/login/welcome?continue 2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/17) 2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/17) 2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/17) 2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/17) 2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking CsrfFilter (5/17) 2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (6/17) 2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17) 2023-06-25T18:16:22.300+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking OAuth2AuthorizationRequestRedirectFilter (8/17) 2023-06-25T18:16:30.632+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking OAuth2LoginAuthenticationFilter (9/17) 2023-06-25T18:16:30.633+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking DefaultLoginPageGeneratingFilter (10/17) 2023-06-25T18:16:30.634+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking DefaultLogoutPageGeneratingFilter (11/17) 2023-06-25T18:16:30.635+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (12/17) 2023-06-25T18:16:30.636+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (13/17) 2023-06-25T18:16:30.636+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (14/17) 2023-06-25T18:16:30.636+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking OAuth2AuthorizationCodeGrantFilter (15/17) 2023-06-25T18:18:28.978+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (16/17) 2023-06-25T18:18:28.978+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking AuthorizationFilter (17/17) 2023-06-25T18:18:28.979+08:00 DEBUG 5712 --- [nio-9001-exec-8] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome() 2023-06-25T18:18:28.979+08:00 DEBUG 5712 --- [nio-9001-exec-8] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=Name: [user], Granted Authorities: [[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=user, aud=[oidc-client], azp=oidc-client, auth_time=2023-06-25T09:50:36Z, iss=http://192.168.1.125:9000, exp=2023-06-25T10:39:48Z, iat=2023-06-25T10:09:48Z, nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8, sid=7TkynZgAwHYhWeEnl4soX232xgREd1FFcPagGUIc5cc}], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=F5FB786C57F37610E3A9671AB47DAE23], Granted Authorities=[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]]] 2023-06-25T18:18:30.125+08:00 DEBUG 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Secured GET /api/login/welcome?continue 2023-06-25T18:18:30.126+08:00 DEBUG 5712 --- [nio-9001-exec-8] o.s.web.servlet.DispatcherServlet : GET "/api/login/welcome?continue", parameters={masked} 2023-06-25T18:18:30.127+08:00 DEBUG 5712 --- [nio-9001-exec-8] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome() 2023-06-25T18:18:30.130+08:00 DEBUG 5712 --- [nio-9001-exec-8] m.m.a.RequestResponseBodyMethodProcessor : Using 'text/html', given [text/html, application/xhtml+xml, image/webp, image/apng, application/xml;q=0.9, */*;q=0.8, application/signed-exchange;v=b3;q=0.7] and supported [text/plain, */*, application/json, application/*+json] 2023-06-25T18:18:30.131+08:00 DEBUG 5712 --- [nio-9001-exec-8] m.m.a.RequestResponseBodyMethodProcessor : Writing ["

    Welcome!

    "] 2023-06-25T18:18:30.132+08:00 DEBUG 5712 --- [nio-9001-exec-8] o.s.web.servlet.DispatcherServlet : Completed 200 OK 2023-06-25T18:18:46.973+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3) 2023-06-25T18:18:46.974+08:00 DEBUG 5712 --- [io-9001-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome() 2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3) 2023-06-25T18:18:46.974+08:00 DEBUG 5712 --- [io-9001-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome() 2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3) 2023-06-25T18:18:46.974+08:00 DEBUG 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Securing GET /api/login/welcome?continue 2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/17) 2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/17) 2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/17) 2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/17) 2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking CsrfFilter (5/17) 2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (6/17) 2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17) 2023-06-25T18:18:49.075+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking OAuth2AuthorizationRequestRedirectFilter (8/17) 2023-06-25T18:18:50.364+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking OAuth2LoginAuthenticationFilter (9/17) 2023-06-25T18:18:50.365+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking DefaultLoginPageGeneratingFilter (10/17) 2023-06-25T18:18:50.365+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking DefaultLogoutPageGeneratingFilter (11/17) 2023-06-25T18:18:50.365+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (12/17) 2023-06-25T18:18:50.365+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (13/17) 2023-06-25T18:18:50.366+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (14/17) 2023-06-25T18:18:50.366+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking OAuth2AuthorizationCodeGrantFilter (15/17) 2023-06-25T18:18:51.766+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (16/17) 2023-06-25T18:18:51.767+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking AuthorizationFilter (17/17) 2023-06-25T18:19:57.364+08:00 DEBUG 5712 --- [io-9001-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome() 2023-06-25T18:19:57.366+08:00 DEBUG 5712 --- [io-9001-exec-10] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=Name: [user], Granted Authorities: [[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=user, aud=[oidc-client], azp=oidc-client, auth_time=2023-06-25T09:50:36Z, iss=http://192.168.1.125:9000, exp=2023-06-25T10:39:48Z, iat=2023-06-25T10:09:48Z, nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8, sid=7TkynZgAwHYhWeEnl4soX232xgREd1FFcPagGUIc5cc}], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=F5FB786C57F37610E3A9671AB47DAE23], Granted Authorities=[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]]] 2023-06-25T18:20:35.651+08:00 DEBUG 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Secured GET /api/login/welcome?continue 2023-06-25T18:20:35.652+08:00 DEBUG 5712 --- [io-9001-exec-10] o.s.web.servlet.DispatcherServlet : GET "/api/login/welcome?continue", parameters={masked} 2023-06-25T18:20:35.652+08:00 DEBUG 5712 --- [io-9001-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome() 2023-06-25T18:20:35.655+08:00 DEBUG 5712 --- [io-9001-exec-10] m.m.a.RequestResponseBodyMethodProcessor : Using 'text/html', given [text/html, application/xhtml+xml, image/webp, image/apng, application/xml;q=0.9, */*;q=0.8, application/signed-exchange;v=b3;q=0.7] and supported [text/plain, */*, application/json, application/*+json] 2023-06-25T18:20:35.655+08:00 DEBUG 5712 --- [io-9001-exec-10] m.m.a.RequestResponseBodyMethodProcessor : Writing ["

    Welcome!

    "] 2023-06-25T18:20:35.657+08:00 DEBUG 5712 --- [io-9001-exec-10] o.s.web.servlet.DispatcherServlet : Completed 200 OK

    集成GateWay

    正在集成中。。。

    关于 Spring Cloud Alibaba 的基础环境搭建,可以看下面的文章,很详细,本文主要介绍集成OAuth2的过程

    Spring Cloud Alibaba 最新版本整合完整使用及与各中间件集成(基于Spring Boot 3.0.x)_ricardo.M.Yu的博客-CSDN博客

    代办事项 

    现在需要做的改造如下:

    1、新建授权服务,集成 oauth2-authorization-server ,即auth模块做授权中心

    2、修改业务模块,集成 oauth2-client,即做资源中心与客户端

    3、修改网关模块,即 gateway 做相关修改

    Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证,第23张

    Oauth2主要结构

    OAuth2AuthorizationEndpointFilter: 针对 /login 或自行请求 授权码的处理器

    OAuth2TokenEndpointFilter:针对获取 token 时的处理器

    ProviderManager:

    OAuth2ClientAuthenticationFilter

    OAuth2TokenEndpointFilter

    ClientSecretAuthenticationProvider

    DelegatingAuthenticationConverter

    OAuth2AuthorizationCodeAuthenticationProvider

    OAuth2AuthorizationEndpointFilter

    UsernamePasswordAuthenticationFilter

    AuthenticationEntryPoint 

    LoginUrlAuthenticationEntryPoint

    sql脚本

    我直接整理好了

    /*
    IMPORTANT:
        If using PostgreSQL, update ALL columns defined with 'blob' to 'text',
        as PostgreSQL does not support the 'blob' data type.
    */
    CREATE TABLE oauth2_authorization (
        id varchar(100) NOT NULL,
        registered_client_id varchar(100) NOT NULL,
        principal_name varchar(200) NOT NULL,
        authorization_grant_type varchar(100) NOT NULL,
        authorized_scopes varchar(1000) DEFAULT NULL,
        attributes blob DEFAULT NULL,
        state varchar(500) DEFAULT NULL,
        authorization_code_value blob DEFAULT NULL,
        authorization_code_issued_at timestamp DEFAULT NULL,
        authorization_code_expires_at timestamp DEFAULT NULL,
        authorization_code_metadata blob DEFAULT NULL,
        access_token_value blob DEFAULT NULL,
        access_token_issued_at timestamp DEFAULT NULL,
        access_token_expires_at timestamp DEFAULT NULL,
        access_token_metadata blob DEFAULT NULL,
        access_token_type varchar(100) DEFAULT NULL,
        access_token_scopes varchar(1000) DEFAULT NULL,
        oidc_id_token_value blob DEFAULT NULL,
        oidc_id_token_issued_at timestamp DEFAULT NULL,
        oidc_id_token_expires_at timestamp DEFAULT NULL,
        oidc_id_token_metadata blob DEFAULT NULL,
        refresh_token_value blob DEFAULT NULL,
        refresh_token_issued_at timestamp DEFAULT NULL,
        refresh_token_expires_at timestamp DEFAULT NULL,
        refresh_token_metadata blob DEFAULT NULL,
        user_code_value blob DEFAULT NULL,
        user_code_issued_at timestamp DEFAULT NULL,
        user_code_expires_at timestamp DEFAULT NULL,
        user_code_metadata blob DEFAULT NULL,
        device_code_value blob DEFAULT NULL,
        device_code_issued_at timestamp DEFAULT NULL,
        device_code_expires_at timestamp DEFAULT NULL,
        device_code_metadata blob DEFAULT NULL,
        PRIMARY KEY (id)
    );
    CREATE TABLE oauth2_authorization_consent (
        registered_client_id varchar(100) NOT NULL,
        principal_name varchar(200) NOT NULL,
        authorities varchar(1000) NOT NULL,
        PRIMARY KEY (registered_client_id, principal_name)
    );
    CREATE TABLE oauth2_registered_client (
        id varchar(100) NOT NULL,
        client_id varchar(100) NOT NULL,
        client_id_issued_at timestamp DEFAULT CURRENT_TIMESTAMP NOT NULL,
        client_secret varchar(200) DEFAULT NULL,
        client_secret_expires_at timestamp DEFAULT NULL,
        client_name varchar(200) NOT NULL,
        client_authentication_methods varchar(1000) NOT NULL,
        authorization_grant_types varchar(1000) NOT NULL,
        redirect_uris varchar(1000) DEFAULT NULL,
        post_logout_redirect_uris varchar(1000) DEFAULT NULL,
        scopes varchar(1000) NOT NULL,
        client_settings varchar(2000) NOT NULL,
        token_settings varchar(2000) NOT NULL,
        PRIMARY KEY (id)
    );