Spring Security Oauth2.1 最新版 1.1.0 整合 (基于 springboot 3.1.0)gateway 完成授权认证

慈云数据 2024-03-15 技术支持 75 0

目录

背景

demo地址

版本

Spring Boot 3.1

Spring Authorization Server 1.1.0

基础

spring security

OAuth2

模块构成

授权方式

认证方式

集成过程

官方demo

代码集成

依赖

授权服务AuthorizationServerConfig配置

重要组件

测试

查看授权服务配置

访问授权服务

授权

回调

获取 access_token

获取用户信息

个性化改造

目标

基础知识

Spring Security OAuth2 Client

改造过程

auth-server改造

POM

持久化改造

AuthorizationServerConfig改造

sql脚本

DefaultSecurityConfig修改

UserService配置

异常处理

测试

根据刷新码 refresh_token 换token

自定义用户信息

userService新增方法

定义用户信息格式返回handler

SecurityFilterChain改造

测试

 auth-client客户端添加

 配置

 controller

测试

控制台

集成GateWay

代办事项 

sql脚本


背景

基于 Spring Cloud Alibaba  架构下,需要一个统一授权中心,与 gateway 配合使用实现微服务的授权与认证,下面主要介绍整个集成过程,基于springboot3.1最新版

demo地址

我放到了github上,还包括 spring-cloud-alibaba其他的集成

ricardo-m-yu/spring-cloud-alibaba (github.com)

版本

Spring Boot 3.1

最新发布的springboot3.1版本对 oauth2 提供了默认的支持,可以引用下面的依赖来快速构建,为了体验新版本特性,我这边切换到了 3.1版本

Spring Boot 3.1 提供了一个 spring-boot-starter-oauth2-authorization-server 启动器,可以支持 Spring Authorization Server 的自动配置,轻松配置基于 Servlet 的 OAuth2 授权服务器,同时@EnableAuthorizationServer这些注解也早已废弃

Spring Authorization Server 1.1.0

官方文档

Spring Authorization Server

基础

spring security

关于springsecurity的基础知识,之前写过一篇 springboot 与 Spring Security 集成的基于 jwt的授权的,可以看下面的

(296条消息) springboot 2.7整合spring security 5.7整合jwt实现用户登录注册与鉴权全记录_ricardo.M.Yu的博客-CSDN博客

OAuth2

 OAuth2可以提供一个统一的认证服务。主要模块如下:

模块构成

  • Resource owner(资源拥有者):拥有该资源的服务或用户,如我们自己或者资源网站
  • Authorization server(认证服务器):即用来认证与颁发令牌(如token)的服务
  • Resource server(资源服务器):拥有资源的服务,如我们要访问的网站
  • Client(客户端):即访问的客户端,如我们自己用的访问网站

    授权方式

    • 授权码模式(authorization_code):最正规的模式,客户端先将用户导向认证服务器,登录后获取授权码,然后进行授权,最后根据授权码获取访问令牌
    • 刷新模式(refresh_token):用刷新码获取
    • 客户端模式(client_credentials):第三方应用自己本身需要获取资源

      详见  AuthorizationGrantType 这个类

      下面的密码模式已经被废弃

      • 密码模式(resource owner password credentials):直接带用户名和密码去向认证服务器申请令牌

        认证方式

        • client_secret_basic:最常用,客户端的 client_id 和 client_secret,传递给授权服务器

        • client_secret_post:常用,客户端的 client_id 和 client_secret,传递给授权服务器,参数传递方式不同

        • client_secret_jwt:利用 JWT 进行认证

        • private_key_jwt:方式就是利用 JWT 进行认证。请求方拥有自己的公私钥(密钥对)

        • none

          详见 ClientAuthenticationMethod

          集成过程

          我下面会分为三个阶段逐次递进改造,

          • 第一阶段:官方demo演示与组件讲解测试
          • 第二阶段:个性化改造
          • 第三阶段:集成 springcloud gateway 完成分布式授权改造

            官方demo

            代码集成

            依赖

            只需要下面的这一个依赖,springboot 版本为 3.1

                org.springframework.boot
                spring-boot-starter-parent
                3.1.0
                
            
            
                org.springframework.boot
                spring-boot-starter-oauth2-authorization-server
            

            授权服务AuthorizationServerConfig配置

            spring 官方在快速开始里面给出了下面的默认最小配置,

            Getting Started (spring.io)

            我先粘下来再介绍,代码结构大概这样,一共两个配置类

             AuthorizationServerConfig

            @Configuration
            public class AuthorizationServerConfig {
                @Bean
                @Order(1)
                public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
                        throws Exception {
                    //针对 Spring Authorization Server 最佳实践配置
                    OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
                    http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
                            .oidc(Customizer.withDefaults());	// Enable OpenID Connect 1.0
                    http
                            // Redirect to the login page when not authenticated from the
                            // authorization endpoint
                            .exceptionHandling((exceptions) -> exceptions
                                    .defaultAuthenticationEntryPointFor(
                                            new LoginUrlAuthenticationEntryPoint("/login"),
                                            new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
                                    )
                            )
                            // Accept access tokens for User Info and/or Client Registration
                            .oauth2ResourceServer((resourceServer) -> resourceServer
                                    .jwt(Customizer.withDefaults()));
                    return http.build();
                }
                @Bean
                public RegisteredClientRepository registeredClientRepository() {
                    RegisteredClient oidcClient = RegisteredClient.withId(UUID.randomUUID().toString())
                            .clientId("oidc-client")
                            .clientSecret("{noop}secret")
                            .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
                            .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                            .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
                            .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
                            .redirectUri("http://www.baidu.com")
                            .redirectUri("http://localhost:9001/login/oauth2/code/oidc-client")
                            .redirectUri("http://localhost:9001/api/login/welcome")
                            .postLogoutRedirectUri("http://127.0.0.1:8080/")
                            .scope(OidcScopes.OPENID)
                            .scope(OidcScopes.PROFILE)
                            .scope("message.read")
                            .scope("message.write")
                            .scope("all")
                            // 设置 Client 需要页面审核授权
                            .clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build())
                            .build();
                    return new InMemoryRegisteredClientRepository(oidcClient);
                }
                /**
                 * 默认发放令牌
                 * @return
                 */
                @Bean
                public JWKSource jwkSource() {
                    KeyPair keyPair = generateRsaKey();
                    RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
                    RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
                    RSAKey rsaKey = new RSAKey.Builder(publicKey)
                            .privateKey(privateKey)
                            .keyID(UUID.randomUUID().toString())
                            .build();
                    JWKSet jwkSet = new JWKSet(rsaKey);
                    return new ImmutableJWKSet(jwkSet);
                }
                private static KeyPair generateRsaKey() {
                    KeyPair keyPair;
                    try {
                        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
                        keyPairGenerator.initialize(2048);
                        keyPair = keyPairGenerator.generateKeyPair();
                    }
                    catch (Exception ex) {
                        throw new IllegalStateException(ex);
                    }
                    return keyPair;
                }
                @Bean
                public JwtDecoder jwtDecoder(JWKSource jwkSource) {
                    return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
                }
                @Bean
                public AuthorizationServerSettings authorizationServerSettings() {
                    return AuthorizationServerSettings.builder().build();
                }
            }

            DefaultSecurityConfig

            @EnableWebSecurity
            @Configuration(proxyBeanMethods = false)
            public class DefaultSecurityConfig {
                @Bean
                @Order(2)
                public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http)
                        throws Exception {
                    http
                            .authorizeHttpRequests((authorize) -> authorize
                                    .requestMatchers(new AntPathRequestMatcher("/actuator/**"),
                                            new AntPathRequestMatcher("/oauth2/**"),
                                            new AntPathRequestMatcher("/**/*.json"),
                                            new AntPathRequestMatcher("/**/*.html")).permitAll()
                                    .anyRequest().authenticated()
                            )
                            .cors(Customizer.withDefaults())
                            .csrf((csrf) -> csrf.disable())
            //                .httpBasic(Customizer.withDefaults())
            //				// Form login handles the redirect to the login page from the
            //				// authorization server filter chain
                            .formLogin(Customizer.withDefaults())
                    ;
                    return http.build();
                }
                @Bean
                public UserDetailsService userDetailsService() {
                    UserDetails userDetails = User.withDefaultPasswordEncoder()
                            .username("user")
                            .password("password")
                            .roles("USER")
                            .build();
                    return new InMemoryUserDetailsManager(userDetails);
                }
            }

            分别介绍下这几个@Bean配置,也是 AuthorizationServer 的几个重要概念。

            重要组件

            • SecurityFilterChain -> authorizationServerSecurityFilterChain: Spring Security的过滤器链,用于协议端点的。

            • SecurityFilterChain -> defaultSecurityFilterChain: Spring Security的过滤器链,用于Spring Security的身份认证

            • UserDetailsService :主要进行用户身份验证

            • RegisteredClientRepository:主要用于管理客户端

            • JWKSource:用于签名访问令牌

            • KeyPair: 启动时生成的带有密钥的KeyPair实例,用于创建上面的JWKSource

            • JwtDecoder:JwtDecoder的一个实例,用于解码已签名的访问令牌

            • AuthorizationServerSettings:用于配置Spring Authorization Server的AuthorizationServerSettings实例。

              测试

              为了方便测试,上面的配置中,客户端的回调地址我已经改成了 百度的,授权方式用授权码模式,认证方式用client_secret_basic

              服务启动,端口为9000

              查看授权服务配置

              地址:

              调用  http://127.0.0.1:9000/.well-known/openid-configuration

               后,查看地址配置如下:其实就是每个请求的url

              详细的是下面

              {

                  "issuer": "http://127.0.0.1:9000",

                  "authorization_endpoint": "http://127.0.0.1:9000/oauth2/authorize",

                  "device_authorization_endpoint": "http://127.0.0.1:9000/oauth2/device_authorization",

                  "token_endpoint": "http://127.0.0.1:9000/oauth2/token",

                  "token_endpoint_auth_methods_supported": [

                      "client_secret_basic",

                      "client_secret_post",

                      "client_secret_jwt",

                      "private_key_jwt"

                  ],

                  "jwks_uri": "http://127.0.0.1:9000/oauth2/jwks",

                  "userinfo_endpoint": "http://127.0.0.1:9000/userinfo",

                  "end_session_endpoint": "http://127.0.0.1:9000/connect/logout",

                  "response_types_supported": [

                      "code"

                  ],

                  "grant_types_supported": [

                      "authorization_code",

                      "client_credentials",

                      "refresh_token",

                      "urn:ietf:params:oauth:grant-type:device_code"

                  ],

                  "revocation_endpoint": "http://127.0.0.1:9000/oauth2/revoke",

                  "revocation_endpoint_auth_methods_supported": [

                      "client_secret_basic",

                      "client_secret_post",

                      "client_secret_jwt",

                      "private_key_jwt"

                  ],

                  "introspection_endpoint": "http://127.0.0.1:9000/oauth2/introspect",

                  "introspection_endpoint_auth_methods_supported": [

                      "client_secret_basic",

                      "client_secret_post",

                      "client_secret_jwt",

                      "private_key_jwt"

                  ],

                  "subject_types_supported": [

                      "public"

                  ],

                  "id_token_signing_alg_values_supported": [

                      "RS256"

                  ],

                  "scopes_supported": [

                      "openid"

                  ]

              }

              访问授权服务

              浏览器地址栏输入

              http://localhost:9000/oauth2/authorize?response_type=code&client_id=oidc-client&scope=message.read openid&redirect_uri=http://www.baidu.com

              用这个请求来模拟客户端,实际开发中,其实是先访问资源服务,由资源服务来拼接这几个参数来重定向到授权服务的,参数意义如下,这些参数都是需要再上面RegisteredClientRepository配置过的

              • response_type:这个意思是相应的方式为code码
              • client_id:即客户端的id,即上面配置中在 RegisteredClientRepository 配置的
              • scope:请求授权范围,也需要在上面的配置中
              • redirect_uri:授权通过后,重定向回来的地址

                输入完上面的地址后,会重定向到下面这个登录页面,

                我们输入上面配置好的用户名密码:

                user

                password

                点击登录 

                授权

                登录过后,会到下面这个授权页面,点击授权范围,然后点击 submit

                回调

                授权通过后,授权服务回调到了百度的地址,然后附带这我们的授权码,如下图

                获取 access_token

                拿到授权码之后,可以用postman测试来获取 access_token

                测试接口参数

                Header

                请求体 

                http://localhost:9000/oauth2/token?grant_type=authorization_code&code=ajdNNIj8EiLjgw3OS8yu2q8n3XXCAb6cPY5LRsOHyRlAAB1ENKdmy8M4JBkJ8PrU-3K9QdpAZtyKg8QP5q0EHN2mR1k532FQUKz1ObSuH3EuSFy5LVzut9z1QVPuefoA&redirect_uri=http://www.baidu.com

                curl命令如下

                curl --location --request POST 'http://localhost:9000/oauth2/token?grant_type=authorization_code&code=a_lOQegEwElR09Sj6auVpBdYGgnhhK0uz1Uks286ei_zkbyDFKII2uf7gMIF7CU4cLN8ZEY3EsSq9jMAZ-Rmtmlq5pI6KPB95LMQg9fFirFg2wWjdd5PEwQLMEogY9B6&redirect_uri=http%3A%2F%2Fwww.baidu.com' \

                --header 'Authorization: Basic b2lkYy1jbGllbnQ6c2VjcmV0'

                 参数说明:

                • grant_type:即授权方式,authorization_code即授权码模式
                • code:即授权码,上面重定向到百度给我们的授权码
                • redirect_uri:重定向的url
                  • header中的 Authorization参数:因为我们用的客户端认证方式 为  client_secret_basic ,这个需要传参,还有一些其他的认证方式,具体参数说明如下
                    • client_secret_basic: 将 clientId 和 clientSecret 通过 ‘:’ 号拼接,( clientId 和 clientSecret 都在上面配置中,)并使用 Base64 进行编码得到一串字符,再在前面加个 注意有个 Basic   前缀(Basic后有一个空格), 即得到上面参数中的 Basic b2lkYy1jbGllbnQ6c2VjcmV0
                    • client_secret_post :clientId 和 clientSecret 放到表单去发送请求。如下图:

                       使用我们的 client_secret_basic 方式传参,接口调用结果:

                      已经正常拿到了 access_token。

                      完整的过滤器执行顺序,控制台输出

                      获取用户信息

                      获取用户信息接口为  /userinfo,注意需要有 opid 的授权范围,需要传参的值为 上面获取到的access_token,并在前面拼上  Bearer 

                      参数说明

                      Authorization:值格式为 Bearer + ${access_token}, 注意 Bearer  后面附带空格

                      curl命令

                      curl --location --request POST 'http://127.0.0.1:9000/userinfo' \

                      --header 'Authorization: Bearer eyJraWQiOiI4ZDc5YTIwNi1kOWZhLTQ5NWQtODJkMi1iMzk2MjQwNGQ4YmIiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJ1c2VyIiwiYXVkIjoib2lkYy1jbGllbnQiLCJuYmYiOjE2ODY3MzM4MTYsInNjb3BlIjpbIm9wZW5pZCIsIm1lc3NhZ2UucmVhZCJdLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjkwMDAiLCJleHAiOjE2ODY3MzQxMTYsImlhdCI6MTY4NjczMzgxNn0.AiGV5LIl8a4_7a7L2gbR61sjvHVLW4dZ6cElAwsWZnp-P7ocQT119KIASTPv138MU6ZK2_aF_-ER5FKaFQVSOj10Fy_Gv9PXa2ExrzTajfkPtA_t63jCcazzllaVWY4QIVD4fU8hPe6zDwjNOOX8R7hJFu2qtZ8V3bhzTlC0M4XWDAQ0goymYrAnVq8BR6hRm5-pY4nMCUZPFCeEFqGnl68EGRzosdSQeuRd-PtzB837i-C7lxqIjs4Y5hZ9mQw3R1zfa0WoP2KeN8K3WjyTIYd9PvrLIFCB5Zhj54sdNpZTy7wwC-oCVzwFFCEkgY-vprfgk4e4sZ10Lx60j--fHA' \

                      --header 'Cookie: JSESSIONID=7B10DA37A285902E4AEE4586AC181343'

                      效果如下:

                      默认返回的只有用户名,其他的数据,需要我们来重写一些东西获取

                       过滤器执行链

                      BearerTokenAuthenticationFilter: 检验token

                      AuthenticationEntryPointFailureHandler

                      AuthenticationFailureHandler

                      OidcUserInfoEndpointFilter

                      个性化改造

                      目标

                      1. 原有的客户端注册中心是基于内存的InMemoryRegisteredClientRepository,需要改造为基于数据库,可动态注册即修改客户端信息
                      2. 用户信息UserDetailsService也是基于内存,现在需要基于数据库动态添加编辑
                      3. 各种异常的自定义处理与信息返回
                      4. 用户信息的自定义返回
                      5. 过期时间、授权方式
                      6. 新增客户端client,从客户端作为入口并配置相关组件

                      基础知识

                      Spring Security OAuth2 Client

                      组件介绍

                      • ClientRegistration:注册的客户端

                      • ClientRegistrationRepository:ClientRegistration的存储仓库

                      • OAuth2AuthorizedClient: 已授权过的客户端

                      • OAuth2AuthorizedClientRepository :已授权过的客户端存储库持久化

                      • OAuth2AuthorizationRequestRedirectFilter:该过滤器处理 /oauth2/authorization 路径,转发给 认证中心 对应的路径 /oauth2/authorize

                      • OAuth2AuthorizationCodeGrantFilter:负责处理 认证中心 的授权码回调请求,如地址重定向

                      • OAuth2LoginAuthenticationFilter:处理第三方认证的回调(该回调有授权码)

                        拿着授权码到第三方认证服务器获取access_token和refresh_token

                        改造过程

                        auth-server改造

                        目标

                        • 客户端基于数据库增删
                        • 用户信息UserDetailsService也是基于内存,现在需要基于数据库动态添加编辑
                        • 异常的自定义处理与信息返回
                        • 过期时间、授权方式
                        • 用户信息的自定义返回

                          改造如下:

                          POM

                          新增数据库相关依赖,包括mysql和 mybatis

                           
                               mysql
                               mysql-connector-java
                           
                           
                               com.alibaba
                               druid-spring-boot-starter
                           
                           
                               com.alibaba
                               fastjson
                           
                           
                               org.mybatis.spring.boot
                               mybatis-spring-boot-starter
                           

                          配置文件增加

                          spring:
                            datasource:
                              type: com.alibaba.druid.pool.DruidDataSource
                              driver-class-name: com.mysql.cj.jdbc.Driver
                              url: jdbc:mysql://192.168.1.111:8106/oauth2?useSSL=false&serverTimezone=Asia/Shanghai
                              username: root
                              password: 123456
                          
                          持久化改造

                          将原先客户端的信息及授权信息配置到数据库中

                          再另外增加一个 sys_user,来存储默认的用户信息

                          AuthorizationServerConfig改造

                          新增两个持久化用到的repository,注释掉之前基于内存的 RegisteredClientRepository

                              /**
                               * 注册客户端
                               * @param jdbcTemplate
                               * @return
                               */
                              @Bean
                              public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) {
                                  return new JdbcRegisteredClientRepository(jdbcTemplate);
                              }
                              /**
                               * 授权
                               * @param jdbcTemplate
                               * @param registeredClientRepository
                               * @return
                               */
                              @Bean
                              public OAuth2AuthorizationService authorizationService(JdbcTemplate jdbcTemplate, RegisteredClientRepository registeredClientRepository) {
                                  return new JdbcOAuth2AuthorizationService(jdbcTemplate, registeredClientRepository);
                              }
                          sql脚本

                          需要用到SQL脚本和一些初始数据我直接放在了下面,包括一个sys_user用来登录,里面过期时间及相关的消息我已经 初始化好了

                          -- ----------------------------
                          -- Table structure for oauth2_authorization
                          -- ----------------------------
                          DROP TABLE IF EXISTS `oauth2_authorization`;
                          CREATE TABLE `oauth2_authorization`  (
                            `id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
                            `registered_client_id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
                            `principal_name` varchar(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
                            `authorization_grant_type` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
                            `authorized_scopes` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
                            `attributes` blob NULL,
                            `state` varchar(500) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
                            `authorization_code_value` blob NULL,
                            `authorization_code_issued_at` timestamp(0) NULL DEFAULT NULL,
                            `authorization_code_expires_at` timestamp(0) NULL DEFAULT NULL,
                            `authorization_code_metadata` blob NULL,
                            `access_token_value` blob NULL,
                            `access_token_issued_at` timestamp(0) NULL DEFAULT NULL,
                            `access_token_expires_at` timestamp(0) NULL DEFAULT NULL,
                            `access_token_metadata` blob NULL,
                            `access_token_type` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
                            `access_token_scopes` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
                            `oidc_id_token_value` blob NULL,
                            `oidc_id_token_issued_at` timestamp(0) NULL DEFAULT NULL,
                            `oidc_id_token_expires_at` timestamp(0) NULL DEFAULT NULL,
                            `oidc_id_token_metadata` blob NULL,
                            `refresh_token_value` blob NULL,
                            `refresh_token_issued_at` timestamp(0) NULL DEFAULT NULL,
                            `refresh_token_expires_at` timestamp(0) NULL DEFAULT NULL,
                            `refresh_token_metadata` blob NULL,
                            `user_code_value` blob NULL,
                            `user_code_issued_at` timestamp(0) NULL DEFAULT NULL,
                            `user_code_expires_at` timestamp(0) NULL DEFAULT NULL,
                            `user_code_metadata` blob NULL,
                            `device_code_value` blob NULL,
                            `device_code_issued_at` timestamp(0) NULL DEFAULT NULL,
                            `device_code_expires_at` timestamp(0) NULL DEFAULT NULL,
                            `device_code_metadata` blob NULL,
                            PRIMARY KEY (`id`) USING BTREE
                          ) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci ROW_FORMAT = Dynamic;
                          -- ----------------------------
                          -- Records of oauth2_authorization
                          -- ----------------------------
                          INSERT INTO `oauth2_authorization` VALUES ('684c544f-a11c-475d-a6f8-7d2c891c0bd0', '7b692184-914f-4dcb-9142-f542a7e43fa4', 'user', 'authorization_code', 'openid,message.read', 0x7B2240636C617373223A226A6176612E7574696C2E436F6C6C656374696F6E7324556E6D6F6469666961626C654D6170222C226A6176612E73656375726974792E5072696E636970616C223A7B2240636C617373223A226F72672E737072696E676672616D65776F726B2E73656375726974792E61757468656E7469636174696F6E2E557365726E616D6550617373776F726441757468656E7469636174696F6E546F6B656E222C22617574686F726974696573223A5B226A6176612E7574696C2E436F6C6C656374696F6E7324556E6D6F6469666961626C6552616E646F6D4163636573734C697374222C5B5D5D2C2264657461696C73223A7B2240636C617373223A226F72672E737072696E676672616D65776F726B2E73656375726974792E7765622E61757468656E7469636174696F6E2E57656241757468656E7469636174696F6E44657461696C73222C2272656D6F746541646472657373223A22303A303A303A303A303A303A303A31222C2273657373696F6E4964223A223141433645423144444332313637373745434232313233383934343034463941227D2C2261757468656E74696361746564223A747275652C227072696E636970616C223A7B2240636C617373223A22636F6D2E73792E617574687365727665722E646F6D61696E2E55736572496E666F222C226964223A322C22757365726E616D65223A2275736572222C2270617373776F7264223A222432612431302475772E5178624744316F35412E446C6230786A6A4C754D356E734934376962746950446F74707437424462666D4162573654475375222C226E616D65223A22E596BBE8AEADE6B5A9222C22656E61626C6564223A6E756C6C2C226163636F756E744E6F6E45787069726564223A6E756C6C2C2263726564656E7469616C734E6F6E45787069726564223A6E756C6C2C226163636F756E744E6F6E4C6F636B6564223A6E756C6C2C22617574686F726974696573223A5B226A6176612E7574696C2E41727261794C697374222C5B5D5D7D2C2263726564656E7469616C73223A6E756C6C7D2C226F72672E737072696E676672616D65776F726B2E73656375726974792E6F61757468322E636F72652E656E64706F696E742E4F4175746832417574686F72697A6174696F6E52657175657374223A7B2240636C617373223A226F72672E737072696E676672616D65776F726B2E73656375726974792E6F61757468322E636F72652E656E64706F696E742E4F4175746832417574686F72697A6174696F6E52657175657374222C22617574686F72697A6174696F6E557269223A22687474703A2F2F6C6F63616C686F73743A393030302F6F61757468322F617574686F72697A65222C22617574686F72697A6174696F6E4772616E7454797065223A7B2276616C7565223A22617574686F72697A6174696F6E5F636F6465227D2C22726573706F6E736554797065223A7B2276616C7565223A22636F6465227D2C22636C69656E744964223A226F6964632D636C69656E74222C227265646972656374557269223A22687474703A2F2F7777772E62616964752E636F6D222C2273636F706573223A5B226A6176612E7574696C2E436F6C6C656374696F6E7324556E6D6F6469666961626C65536574222C5B226F70656E6964222C226D6573736167652E72656164225D5D2C227374617465223A6E756C6C2C226164646974696F6E616C506172616D6574657273223A7B2240636C617373223A226A6176612E7574696C2E436F6C6C656374696F6E7324556E6D6F6469666961626C654D6170222C22636F6E74696E7565223A22227D2C22617574686F72697A6174696F6E52657175657374557269223A22687474703A2F2F6C6F63616C686F73743A393030302F6F61757468322F617574686F72697A653F726573706F6E73655F747970653D636F646526636C69656E745F69643D6F6964632D636C69656E742673636F70653D6F70656E69642532306D6573736167652E726561642672656469726563745F7572693D687474703A2F2F7777772E62616964752E636F6D26636F6E74696E75653D222C2261747472696275746573223A7B2240636C617373223A226A6176612E7574696C2E436F6C6C656374696F6E7324556E6D6F6469666961626C654D6170227D7D7D, NULL, 0x5F79764F55656652333835374D47634568767647556C70376B3934584474684566514F7A376F6B4A4A49397846723767673156484E37367170772D385262303965713749797867367A7748765953314B6C34614547463846487851542D64745576466A6C5A78357634546A39627A2D6F613753583636456E7775614A4A347750, '2023-07-06 08:17:08', '2023-07-06 08:22:08', 0x7B2240636C617373223A226A6176612E7574696C2E436F6C6C656374696F6E7324556E6D6F6469666961626C654D6170222C226D657461646174612E746F6B656E2E696E76616C696461746564223A66616C73657D, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
                          -- ----------------------------
                          -- Table structure for oauth2_authorization_consent
                          -- ----------------------------
                          DROP TABLE IF EXISTS `oauth2_authorization_consent`;
                          CREATE TABLE `oauth2_authorization_consent`  (
                            `registered_client_id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
                            `principal_name` varchar(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
                            `authorities` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
                            PRIMARY KEY (`registered_client_id`, `principal_name`) USING BTREE
                          ) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci ROW_FORMAT = Dynamic;
                          -- ----------------------------
                          -- Records of oauth2_authorization_consent
                          -- ----------------------------
                          -- ----------------------------
                          -- Table structure for oauth2_authorized_client
                          -- ----------------------------
                          DROP TABLE IF EXISTS `oauth2_authorized_client`;
                          CREATE TABLE `oauth2_authorized_client`  (
                            `client_registration_id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
                            `principal_name` varchar(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
                            `access_token_type` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
                            `access_token_value` blob NOT NULL,
                            `access_token_issued_at` timestamp(0) NOT NULL,
                            `access_token_expires_at` timestamp(0) NOT NULL,
                            `access_token_scopes` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
                            `refresh_token_value` blob NULL,
                            `refresh_token_issued_at` timestamp(0) NULL DEFAULT NULL,
                            `created_at` timestamp(0) NOT NULL DEFAULT CURRENT_TIMESTAMP(0),
                            PRIMARY KEY (`client_registration_id`, `principal_name`) USING BTREE
                          ) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci ROW_FORMAT = Dynamic;
                          -- ----------------------------
                          -- Records of oauth2_authorized_client
                          -- ----------------------------
                          -- ----------------------------
                          -- Table structure for oauth2_registered_client
                          -- ----------------------------
                          DROP TABLE IF EXISTS `oauth2_registered_client`;
                          CREATE TABLE `oauth2_registered_client`  (
                            `id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
                            `client_id` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
                            `client_id_issued_at` timestamp(0) NOT NULL DEFAULT CURRENT_TIMESTAMP(0),
                            `client_secret` varchar(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
                            `client_secret_expires_at` timestamp(0) NULL DEFAULT NULL,
                            `client_name` varchar(200) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
                            `client_authentication_methods` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
                            `authorization_grant_types` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
                            `redirect_uris` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
                            `post_logout_redirect_uris` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
                            `scopes` varchar(1000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
                            `client_settings` varchar(2000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
                            `token_settings` varchar(2000) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
                            PRIMARY KEY (`id`) USING BTREE
                          ) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci ROW_FORMAT = Dynamic;
                          -- ----------------------------
                          -- Records of oauth2_registered_client
                          -- ----------------------------
                          INSERT INTO `oauth2_registered_client` VALUES ('2c1a95f5-b4cd-49cd-884f-9e3a94c69e05', 'user-client', '2023-07-06 17:44:20', '$2a$10$HIatI0j2sqgPO5lSIuQH9.TxEGlrpBrI0ZD5MqwKOG6FMzwhlB7xa', NULL, '2c1a95f5-b4cd-49cd-884f-9e3a94c69e05', 'client_secret_post,client_secret_basic', 'refresh_token,client_credentials,authorization_code', 'http://www.baidu.com,http://localhost:9001/api/login/welcome,http://localhost:9001/login/oauth2/code/oidc-client', 'http://127.0.0.1:8080/', 'all,openid,profile,message.read,message.write', '{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.client.require-proof-key\":false,\"settings.client.require-authorization-consent\":false}', '{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.token.reuse-refresh-tokens\":true,\"settings.token.id-token-signature-algorithm\":[\"org.springframework.security.oauth2.jose.jws.SignatureAlgorithm\",\"RS256\"],\"settings.token.access-token-time-to-live\":[\"java.time.Duration\",3600.000000000],\"settings.token.access-token-format\":{\"@class\":\"org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat\",\"value\":\"self-contained\"},\"settings.token.refresh-token-time-to-live\":[\"java.time.Duration\",43200.000000000],\"settings.token.authorization-code-time-to-live\":[\"java.time.Duration\",300.000000000],\"settings.token.device-code-time-to-live\":[\"java.time.Duration\",300.000000000]}');
                          INSERT INTO `oauth2_registered_client` VALUES ('885e9d2a-794e-4019-8843-5675045c573e', 'oidc-client', '2023-07-06 17:44:20', '$2a$10$k50p3tJgk3B7d9DrAxYIfO37pVSVO574qEWYH.nq6FTEprHA4Esie', NULL, '885e9d2a-794e-4019-8843-5675045c573e', 'client_secret_basic', 'refresh_token,client_credentials,authorization_code', 'http://www.baidu.com,http://localhost:9001/api/login/welcome,http://localhost:9001/login/oauth2/code/oidc-client', 'http://127.0.0.1:8080/', 'all,openid,profile,message.read,message.write', '{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.client.require-proof-key\":false,\"settings.client.require-authorization-consent\":false}', '{\"@class\":\"java.util.Collections$UnmodifiableMap\",\"settings.token.reuse-refresh-tokens\":true,\"settings.token.id-token-signature-algorithm\":[\"org.springframework.security.oauth2.jose.jws.SignatureAlgorithm\",\"RS256\"],\"settings.token.access-token-time-to-live\":[\"java.time.Duration\",3600.000000000],\"settings.token.access-token-format\":{\"@class\":\"org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat\",\"value\":\"self-contained\"},\"settings.token.refresh-token-time-to-live\":[\"java.time.Duration\",43200.000000000],\"settings.token.authorization-code-time-to-live\":[\"java.time.Duration\",300.000000000],\"settings.token.device-code-time-to-live\":[\"java.time.Duration\",300.000000000]}');
                          -- ----------------------------
                          -- Table structure for sys_user
                          -- ----------------------------
                          DROP TABLE IF EXISTS `sys_user`;
                          CREATE TABLE `sys_user`  (
                            `id` bigint(20) NOT NULL COMMENT '主键',
                            `username` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '用户名',
                            `name` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '姓名',
                            `password` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '密码',
                            `status` tinyint(4) NOT NULL COMMENT '状态',
                            `create_time` datetime(0) NOT NULL COMMENT '创建时间',
                            `create_user` bigint(20) NOT NULL COMMENT '创建人',
                            `update_time` datetime(0) NOT NULL COMMENT '修改时间',
                            `update_user` bigint(20) NOT NULL COMMENT '修改人',
                            PRIMARY KEY (`id`) USING BTREE
                          ) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci ROW_FORMAT = Dynamic;
                          -- ----------------------------
                          -- Records of sys_user
                          -- ----------------------------
                          INSERT INTO `sys_user` VALUES (2, 'user', '用户', '$2a$10$uw.QxbGD1o5A.Dlb0xjjLuM5nsI47ibtiPDotpt7BDbfmAbW6TGSu', 0, '2023-06-27 18:26:23', 1, '2023-06-27 18:26:26', 1);
                          SET FOREIGN_KEY_CHECKS = 1;
                          
                          DefaultSecurityConfig修改

                          之前的用户信息我们是基于内存配置的,现在我们基于mysql来做修改,注释掉之前的 UserDetailsService,并配置加密 PasswordEncoder,

                              @Bean
                              public PasswordEncoder passwordEncoder() {
                                  return new BCryptPasswordEncoder();
                              }
                          UserService配置

                          新增 UserService

                          @Slf4j
                          @Service
                          public class UserService implements UserDetailsService {
                              @Resource
                              private UserMapper userMapper;
                              @Override
                              public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
                                  return userMapper.getByUsername(username);
                              }
                          }

                          UserMapper

                          @Mapper
                          public interface UserMapper {
                              @Select("select * from sys_user where username = #{username}")
                              UserInfo getByUsername(@Param("username") String username);
                          }
                          异常处理

                           新增异常处理handler

                          @Component
                          public class Oauth2FailureHandler implements AuthenticationFailureHandler {
                              @Override
                              public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
                                  String message;
                                  if (exception instanceof OAuth2AuthenticationException auth2AuthenticationException) {
                                      OAuth2Error error = auth2AuthenticationException.getError();
                                      message = "认证信息错误:" + error.getErrorCode() + error.getDescription();
                                  } else {
                                      message = exception.getMessage();
                                  }
                                  response.setContentType("application/json;charset=UTF-8");
                                  response.setStatus(HttpStatus.OK.value());
                                  response.getWriter().write(JSONObject.toJSONString(ReturnVO.failed(401, message)));
                                  response.getWriter().flush();
                              }
                          }

                          将此handler配置到 SecurityFilterChain 中,修改 authorizationServerSecurityFilterChain

                              @Bean
                              @Order(1)
                              public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
                                      throws Exception {
                                  //针对 Spring Authorization Server 最佳实践配置
                                  OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
                                  http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
                                          //设置客户端授权中失败的handler处理
                                          .clientAuthentication((auth) -> auth.errorResponseHandler(new Oauth2FailureHandler()))
                                          //token 相关配置 如  /oauth2/token接口
                                          .tokenEndpoint((token) -> token.errorResponseHandler(new Oauth2FailureHandler()))
                                          .oidc(Customizer.withDefaults());	// Enable OpenID Connect 1.0
                                  http.csrf(AbstractHttpConfigurer::disable)
                                          .exceptionHandling((exceptions) -> exceptions
                                                  .defaultAuthenticationEntryPointFor(
                                                          new LoginUrlAuthenticationEntryPoint("/login"),
                                                          new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
                                                    )
                                          )
                                          // Accept access tokens for User Info and/or Client Registration
                                          .oauth2ResourceServer((resourceServer) -> resourceServer
                                                  .jwt(Customizer.withDefaults()));
                                  return http.build();
                              }
                          测试

                          重复上面的访问授权服务步骤,登录后控制台发现已经调用了后端的查询用户方法

                          同时,数据库里面授权数据也有了

                          拿着code去换token

                          根据刷新码 refresh_token 换token

                          上面返回了 refresh_token, 我们这边根据他去换 新的token,

                          传参:

                               Body参数如下:

                          • grant_type:refresh_token
                          • refresh_token:上面返回的值

                                 Header参数如下:

                            •  Authorization:和上面一样是base64加密过后的

                              curl命令

                               curl --location --request POST 'http://localhost:9000/oauth2/token?grant_type=refresh_token&refresh_token=O-ufrbFjv51U0PfxCk0v64c6Qk7D9cFXcI5klMSk8I2S8_wOXueiVJhpezzR5wnLzZ1BrPcZHOKwqDwCmD3aAresxN-QLC5p97Nck0Vcg72i6uJVQ748HBIen1GUMBRj' \

                              --header 'Authorization: Basic b2lkYy1jbGllbnQ6c2VjcmV0' \

                              --header 'Cookie: JSESSIONID=8391DF634525DC2508AD30D2322E2A5B'

                              返回信息如下: 

                              自定义用户信息

                              有这么两种方式,

                              1、自定义 ID 令牌

                              2、自定义用户信息映射器

                              两种本质其实都是将用户信息放到 token中的 claims中

                              我这边选择了第二种,改造过程如下

                              userService新增方法
                               public Map getUserInfoMap(String username) throws UsernameNotFoundException {
                                      return userMapper.getUserInfoMap(username);
                                  }
                              定义用户信息格式返回handler

                              定义一个handler返回一些其他信息

                              @Component
                              public class Oauth2SuccessHandler implements AuthenticationSuccessHandler {
                                  @Override
                                  public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
                                      OidcUserInfoAuthenticationToken userInfoAuthenticationToken = (OidcUserInfoAuthenticationToken) authentication;
                                      response.setContentType("application/json;charset=UTF-8");
                                      response.setStatus(HttpStatus.OK.value());
                                      response.getWriter().write(JSONObject.toJSONString(ReturnVO.success(userInfoAuthenticationToken.getUserInfo())));
                                      response.getWriter().flush();
                                  }
                              }
                              SecurityFilterChain改造

                              新增自定义用户信息映射器,并配置到过滤器链中,改造后的如下

                               @Bean
                                  @Order(1)
                                  public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
                                          throws Exception {
                                      //针对 Spring Authorization Server 最佳实践配置
                                      OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
                                      //自定义用户映射器
                                      Function userInfoMapper = (context) -> {
                                          OidcUserInfoAuthenticationToken authentication = context.getAuthentication();
                                          JwtAuthenticationToken principal = (JwtAuthenticationToken) authentication.getPrincipal();
                                          return new OidcUserInfo(userService.getUserInfoMap(principal.getName()));
                                      };
                                      http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
                                              //设置客户端授权中失败的handler处理
                                              .clientAuthentication((auth) ->
                                                      auth.errorResponseHandler(new Oauth2FailureHandler()))
                                              //token 相关配置 如  /oauth2/token接口
                                              .tokenEndpoint((token) -> token.errorResponseHandler(new Oauth2FailureHandler()))
                                              // Enable OpenID Connect 1.0, 包括用户信息等
                                              //.oidc(Customizer.withDefaults());
                                              .oidc((oidc) -> {
                                                  oidc.userInfoEndpoint((userInfo) -> {
                                                              userInfo.userInfoMapper(userInfoMapper);
                                                              userInfo.userInfoResponseHandler(new Oauth2SuccessHandler());
                                                          }
                                                  );
                                              });
                                      http.csrf(AbstractHttpConfigurer::disable)
                                              .exceptionHandling((exceptions) -> exceptions
                                                      .defaultAuthenticationEntryPointFor(
                                                              new LoginUrlAuthenticationEntryPoint("/login"),
                                                              new MediaTypeRequestMatcher(MediaType.TEXT_HTML)
                                                      )
                                              )
                                              // Accept access tokens for User Info and/or Client Registration
                                              .oauth2ResourceServer((resourceServer) -> resourceServer
                                                      .jwt(Customizer.withDefaults()));
                                      return http.build();
                                  }
                              测试

                              启动后,重新走登录及获取用户信息流程,发现返回的结构如下,信息已经成功从库中查出并返回

                               

                               auth-client客户端添加

                              增加一个 client模块,结构如下

                               配置

                              POM

                                  
                                      org.springframework.boot
                                      spring-boot-starter-oauth2-client
                                  
                                  
                                      org.springframework.boot
                                      spring-boot-starter-web
                                  
                              

                              配置文件

                              打开了 trace的日志,方便监控,端口设置为9001

                              注意:下面的 issuer-uri 为 auth-server的uri,这里我把他设置为了局域网ip,而不是localhost,因为 oauth2默认的如果是同一域名,会导致会话的session替换掉,而导致 authorization_request_not_found 错误。

                              server:
                                port: 9001
                              logging:
                                level:
                                  root: INFO
                                  org.springframework.web: debug
                                  org.springframework.security: debug
                                  org.springframework.security.oauth2: debug
                                  org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping: trace
                                  org.springframework.security.web.FilterChainProxy: trace # 过滤器执行顺序
                                  org.springframework.security.web.access.ExceptionTranslationFilter: trace #异常处理
                              spring:
                                security:
                                  oauth2:
                                    client:
                                      provider:
                                        test-provider1:
                                          issuer-uri: http://192.168.1.125:9000
                                      registration:
                                        oidc-client:
                                          client-id: oidc-client
                                          client-secret: secret
                                          client-name: 测试客户端
                                          provider: test-provider1
                                          redirect-uri: '{baseUrl}/{action}/oauth2/code/{registrationId}'
                                          authorization-grant-type: authorization_code
                                          scope:
                                            - openid
                                            - profile
                                            - all
                               controller

                              加了一个 controller来做默认的客户端首页。

                              @RestController
                              @RequestMapping
                              public class IndexController {
                                  @GetMapping("")
                                  public String welcome() {
                                      return "

                              index!

                              "; } }
                              测试

                              启动客户端,网页输入客户端地址  http://localhost:9001/

                              会默认跳转到服务端的授权页,输入密码登录后,回调到了首页

                              控制台

                              控制台打印,想深入研究的可以去对应的类里面去

                              client

                              D:\dev\jdk17\bin\java.exe -agentlib:jdwp=transport=dt_socket,address=127.0.0.1:63809,suspend=y,server=n -XX:TieredStopAtLevel=1 -Dspring.output.ansi.enabled=always -Dcom.sun.management.jmxremote -Dspring.jmx.enabled=true -Dspring.liveBeansView.mbeanDomain -Dspring.application.admin.enabled=true "-Dmanagement.endpoints.jmx.exposure.include=*" -javaagent:C:\Users\yuxunhao\AppData\Local\JetBrains\IntelliJIdea2023.1\captureAgent\debugger-agent.jar=file:/C:/Users/yuxunhao/AppData/Local/Temp/capture.props -Dfile.encoding=UTF-8 -classpath "D:\code\cloud-alibaba\auth\auth-client\target\classes;D:\maven_repository\org\springframework\boot\spring-boot-starter-oauth2-client\3.1.0\spring-boot-starter-oauth2-client-3.1.0.jar;D:\maven_repository\org\springframework\security\spring-security-config\6.1.0\spring-security-config-6.1.0.jar;D:\maven_repository\org\springframework\spring-aop\6.0.9\spring-aop-6.0.9.jar;D:\maven_repository\org\springframework\spring-beans\6.0.9\spring-beans-6.0.9.jar;D:\maven_repository\org\springframework\spring-context\6.0.9\spring-context-6.0.9.jar;D:\maven_repository\org\springframework\security\spring-security-core\6.1.0\spring-security-core-6.1.0.jar;D:\maven_repository\org\springframework\security\spring-security-crypto\6.1.0\spring-security-crypto-6.1.0.jar;D:\maven_repository\org\springframework\spring-expression\6.0.9\spring-expression-6.0.9.jar;D:\maven_repository\io\micrometer\micrometer-observation\1.11.0\micrometer-observation-1.11.0.jar;D:\maven_repository\io\micrometer\micrometer-commons\1.11.0\micrometer-commons-1.11.0.jar;D:\maven_repository\org\springframework\security\spring-security-oauth2-client\6.1.0\spring-security-oauth2-client-6.1.0.jar;D:\maven_repository\org\springframework\security\spring-security-oauth2-core\6.1.0\spring-security-oauth2-core-6.1.0.jar;D:\maven_repository\org\springframework\security\spring-security-web\6.1.0\spring-security-web-6.1.0.jar;D:\maven_repository\com\nimbusds\oauth2-oidc-sdk\9.43.2\oauth2-oidc-sdk-9.43.2.jar;D:\maven_repository\com\github\stephenc\jcip\jcip-annotations\1.0-1\jcip-annotations-1.0-1.jar;D:\maven_repository\com\nimbusds\content-type\2.2\content-type-2.2.jar;D:\maven_repository\net\minidev\json-smart\2.4.10\json-smart-2.4.10.jar;D:\maven_repository\net\minidev\accessors-smart\2.4.9\accessors-smart-2.4.9.jar;D:\maven_repository\org\ow2\asm\asm\9.3\asm-9.3.jar;D:\maven_repository\com\nimbusds\lang-tag\1.7\lang-tag-1.7.jar;D:\maven_repository\org\springframework\security\spring-security-oauth2-jose\6.1.0\spring-security-oauth2-jose-6.1.0.jar;D:\maven_repository\com\nimbusds\nimbus-jose-jwt\9.31\nimbus-jose-jwt-9.31.jar;D:\maven_repository\org\springframework\boot\spring-boot-starter-web\3.1.0\spring-boot-starter-web-3.1.0.jar;D:\maven_repository\org\springframework\boot\spring-boot-starter-json\3.1.0\spring-boot-starter-json-3.1.0.jar;D:\maven_repository\com\fasterxml\jackson\core\jackson-databind\2.15.0\jackson-databind-2.15.0.jar;D:\maven_repository\com\fasterxml\jackson\core\jackson-annotations\2.15.0\jackson-annotations-2.15.0.jar;D:\maven_repository\com\fasterxml\jackson\core\jackson-core\2.15.0\jackson-core-2.15.0.jar;D:\maven_repository\com\fasterxml\jackson\datatype\jackson-datatype-jdk8\2.15.0\jackson-datatype-jdk8-2.15.0.jar;D:\maven_repository\com\fasterxml\jackson\datatype\jackson-datatype-jsr310\2.15.0\jackson-datatype-jsr310-2.15.0.jar;D:\maven_repository\com\fasterxml\jackson\module\jackson-module-parameter-names\2.15.0\jackson-module-parameter-names-2.15.0.jar;D:\maven_repository\org\springframework\boot\spring-boot-starter-tomcat\3.1.0\spring-boot-starter-tomcat-3.1.0.jar;D:\maven_repository\org\apache\tomcat\embed\tomcat-embed-core\10.1.8\tomcat-embed-core-10.1.8.jar;D:\maven_repository\org\apache\tomcat\embed\tomcat-embed-el\10.1.8\tomcat-embed-el-10.1.8.jar;D:\maven_repository\org\apache\tomcat\embed\tomcat-embed-websocket\10.1.8\tomcat-embed-websocket-10.1.8.jar;D:\maven_repository\org\springframework\spring-web\6.0.9\spring-web-6.0.9.jar;D:\maven_repository\org\springframework\spring-webmvc\6.0.9\spring-webmvc-6.0.9.jar;D:\maven_repository\org\springframework\boot\spring-boot-starter\3.1.0\spring-boot-starter-3.1.0.jar;D:\maven_repository\org\springframework\boot\spring-boot\3.1.0\spring-boot-3.1.0.jar;D:\maven_repository\org\springframework\boot\spring-boot-autoconfigure\3.1.0\spring-boot-autoconfigure-3.1.0.jar;D:\maven_repository\org\springframework\boot\spring-boot-starter-logging\3.1.0\spring-boot-starter-logging-3.1.0.jar;D:\maven_repository\ch\qos\logback\logback-classic\1.4.7\logback-classic-1.4.7.jar;D:\maven_repository\ch\qos\logback\logback-core\1.4.7\logback-core-1.4.7.jar;D:\maven_repository\org\slf4j\slf4j-api\2.0.7\slf4j-api-2.0.7.jar;D:\maven_repository\org\apache\logging\log4j\log4j-to-slf4j\2.20.0\log4j-to-slf4j-2.20.0.jar;D:\maven_repository\org\apache\logging\log4j\log4j-api\2.20.0\log4j-api-2.20.0.jar;D:\maven_repository\org\slf4j\jul-to-slf4j\2.0.7\jul-to-slf4j-2.0.7.jar;D:\maven_repository\jakarta\annotation\jakarta.annotation-api\2.1.1\jakarta.annotation-api-2.1.1.jar;D:\maven_repository\org\springframework\spring-core\6.0.9\spring-core-6.0.9.jar;D:\maven_repository\org\springframework\spring-jcl\6.0.9\spring-jcl-6.0.9.jar;D:\maven_repository\org\yaml\snakeyaml\1.33\snakeyaml-1.33.jar;D:\dev\IntelliJ IDEA 2023.1.1\lib\idea_rt.jar" com.sy.authclient.AuthClientApplication
                              Connected to the target VM, address: '127.0.0.1:63809', transport: 'socket'
                                .   ____          _            __ _ _
                               /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
                              ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
                               \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
                                '  |____| .__|_| |_|_| |_\__, | / / / /
                               =========|_|==============|___/=/_/_/_/
                               :: Spring Boot ::                (v3.1.0)
                              2023-06-25T18:09:18.148+08:00  INFO 5712 --- [           main] c.sy.authclient.AuthClientApplication    : Starting AuthClientApplication using Java 17.0.6 with PID 5712 (D:\code\cloud-alibaba\auth\auth-client\target\classes started by yuxunhao in D:\code\cloud-alibaba)
                              2023-06-25T18:09:18.152+08:00  INFO 5712 --- [           main] c.sy.authclient.AuthClientApplication    : No active profile set, falling back to 1 default profile: "default"
                              2023-06-25T18:09:18.715+08:00  INFO 5712 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 9001 (http)
                              2023-06-25T18:09:18.723+08:00  INFO 5712 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
                              2023-06-25T18:09:18.723+08:00  INFO 5712 --- [           main] o.apache.catalina.core.StandardEngine    : Starting Servlet engine: [Apache Tomcat/10.1.8]
                              2023-06-25T18:09:18.779+08:00  INFO 5712 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
                              2023-06-25T18:09:18.779+08:00  INFO 5712 --- [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 591 ms
                              2023-06-25T18:09:18.876+08:00 DEBUG 5712 --- [           main] o.s.web.client.RestTemplate              : HTTP GET http://192.168.1.125:9000/.well-known/openid-configuration
                              2023-06-25T18:09:18.886+08:00 DEBUG 5712 --- [           main] o.s.web.client.RestTemplate              : Accept=[application/json, application/*+json]
                              2023-06-25T18:09:18.894+08:00 DEBUG 5712 --- [           main] o.s.web.client.RestTemplate              : Response 200 OK
                              2023-06-25T18:09:18.895+08:00 DEBUG 5712 --- [           main] o.s.web.client.RestTemplate              : Reading to [java.util.Map]
                              2023-06-25T18:09:18.938+08:00 DEBUG 5712 --- [           main] swordEncoderAuthenticationManagerBuilder : No authenticationProviders and no parentAuthenticationManager defined. Returning null.
                              2023-06-25T18:09:18.995+08:00 DEBUG 5712 --- [           main] s.w.s.m.m.a.RequestMappingHandlerMapping : 5 mappings in 'requestMappingHandlerMapping'
                              2023-06-25T18:09:19.029+08:00 DEBUG 5712 --- [           main] o.s.w.s.handler.SimpleUrlHandlerMapping  : Patterns [/webjars/**, /**] in 'resourceHandlerMapping'
                              2023-06-25T18:09:19.080+08:00  INFO 5712 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Will secure any request with [org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]
                              2023-06-25T18:09:19.083+08:00  WARN 5712 --- [           main] o.s.s.c.a.web.builders.WebSecurity       : You are asking Spring Security to ignore Mvc [pattern='/webjars/**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.
                              2023-06-25T18:09:19.083+08:00  INFO 5712 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Will not secure Mvc [pattern='/webjars/**']
                              2023-06-25T18:09:19.084+08:00  WARN 5712 --- [           main] o.s.s.c.a.web.builders.WebSecurity       : You are asking Spring Security to ignore Mvc [pattern='/assets/**']. This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.
                              2023-06-25T18:09:19.084+08:00  INFO 5712 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Will not secure Mvc [pattern='/assets/**']
                              2023-06-25T18:09:19.116+08:00 DEBUG 5712 --- [           main] s.w.s.m.m.a.RequestMappingHandlerAdapter : ControllerAdvice beans: 0 @ModelAttribute, 0 @InitBinder, 1 RequestBodyAdvice, 1 ResponseBodyAdvice
                              2023-06-25T18:09:19.137+08:00 DEBUG 5712 --- [           main] .m.m.a.ExceptionHandlerExceptionResolver : ControllerAdvice beans: 0 @ExceptionHandler, 1 ResponseBodyAdvice
                              2023-06-25T18:09:19.186+08:00  INFO 5712 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 9001 (http) with context path ''
                              2023-06-25T18:09:19.192+08:00  INFO 5712 --- [           main] c.sy.authclient.AuthClientApplication    : Started AuthClientApplication in 1.347 seconds (process running for 1.747)
                              2023-06-25T18:09:26.836+08:00  INFO 5712 --- [nio-9001-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring DispatcherServlet 'dispatcherServlet'
                              2023-06-25T18:09:26.836+08:00  INFO 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'
                              2023-06-25T18:09:26.836+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Detected StandardServletMultipartResolver
                              2023-06-25T18:09:26.836+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Detected AcceptHeaderLocaleResolver
                              2023-06-25T18:09:26.836+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Detected FixedThemeResolver
                              2023-06-25T18:09:26.837+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Detected org.springframework.web.servlet.view.DefaultRequestToViewNameTranslator@658d05b2
                              2023-06-25T18:09:26.837+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Detected org.springframework.web.servlet.support.SessionFlashMapManager@4258ed3f
                              2023-06-25T18:09:26.837+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : enableLoggingRequestDetails='false': request parameters and headers will be masked to prevent unsafe logging of potentially sensitive data
                              2023-06-25T18:09:26.837+08:00  INFO 5712 --- [nio-9001-exec-1] o.s.web.servlet.DispatcherServlet        : Completed initialization in 1 ms
                              2023-06-25T18:09:26.843+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3)
                              2023-06-25T18:09:26.848+08:00 DEBUG 5712 --- [nio-9001-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
                              2023-06-25T18:09:26.848+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3)
                              2023-06-25T18:09:26.848+08:00 DEBUG 5712 --- [nio-9001-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
                              2023-06-25T18:09:26.848+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3)
                              2023-06-25T18:09:26.850+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Securing GET /api/login/welcome
                              2023-06-25T18:09:26.850+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/17)
                              2023-06-25T18:09:26.851+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/17)
                              2023-06-25T18:09:26.852+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/17)
                              2023-06-25T18:09:26.852+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/17)
                              2023-06-25T18:09:26.853+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/17)
                              2023-06-25T18:09:26.854+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/17)
                              2023-06-25T18:09:26.854+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17)
                              2023-06-25T18:09:30.948+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (8/17)
                              2023-06-25T18:09:31.636+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking OAuth2LoginAuthenticationFilter (9/17)
                              2023-06-25T18:09:31.636+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking DefaultLoginPageGeneratingFilter (10/17)
                              2023-06-25T18:09:31.637+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking DefaultLogoutPageGeneratingFilter (11/17)
                              2023-06-25T18:09:31.637+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (12/17)
                              2023-06-25T18:09:31.637+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (13/17)
                              2023-06-25T18:09:31.638+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking AnonymousAuthenticationFilter (14/17)
                              2023-06-25T18:09:31.639+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationCodeGrantFilter (15/17)
                              2023-06-25T18:09:32.315+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (16/17)
                              2023-06-25T18:09:32.316+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.security.web.FilterChainProxy        : Invoking AuthorizationFilter (17/17)
                              2023-06-25T18:09:32.317+08:00 DEBUG 5712 --- [nio-9001-exec-1] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
                              2023-06-25T18:09:32.317+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter  : Set SecurityContextHolder to anonymous SecurityContext
                              2023-06-25T18:09:32.940+08:00 TRACE 5712 --- [nio-9001-exec-1] o.s.s.w.a.ExceptionTranslationFilter     : Sending AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=null], Granted Authorities=[ROLE_ANONYMOUS]] to authentication entry point since access is denied
                              org.springframework.security.access.AccessDeniedException: Access Denied
                              	at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:98) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter.doFilterInternal(OAuth2AuthorizationCodeGrantFilter.java:183) ~[spring-security-oauth2-client-6.1.0.jar:6.1.0]
                              	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
                              	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter.doFilterInternal(DefaultLogoutPageGeneratingFilter.java:58) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
                              	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:188) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:174) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.doFilterInternal(OAuth2AuthorizationRequestRedirectFilter.java:181) ~[spring-security-oauth2-client-6.1.0.jar:6.1.0]
                              	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
                              	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.doFilterInternal(OAuth2AuthorizationRequestRedirectFilter.java:181) ~[spring-security-oauth2-client-6.1.0.jar:6.1.0]
                              	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
                              	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
                              	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
                              	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
                              	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
                              	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191) ~[spring-security-web-6.1.0.jar:6.1.0]
                              	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352) ~[spring-web-6.0.9.jar:6.0.9]
                              	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268) ~[spring-web-6.0.9.jar:6.0.9]
                              	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
                              	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
                              	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-6.0.9.jar:6.0.9]
                              	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
                              	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
                              	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
                              	at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-6.0.9.jar:6.0.9]
                              	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
                              	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
                              	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
                              	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-6.0.9.jar:6.0.9]
                              	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar:6.0.9]
                              	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
                              	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
                              	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:166) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
                              	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
                              	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
                              	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
                              	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
                              	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
                              	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
                              	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
                              	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
                              	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:894) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
                              	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1741) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
                              	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
                              	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
                              	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
                              	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-10.1.8.jar:10.1.8]
                              	at java.base/java.lang.Thread.run(Thread.java:833) ~[na:na]
                              2023-06-25T18:09:32.969+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.s.w.s.HttpSessionRequestCache        : Saved request http://localhost:9001/api/login/welcome?continue to session
                              2023-06-25T18:09:32.971+08:00 DEBUG 5712 --- [nio-9001-exec-1] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using And [Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], Not [And [Or [Ant [pattern='/login'], Ant [pattern='/favicon.ico']], And [Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@2793808, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]]]], org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer$$Lambda$809/0x000000080103adb8@4af06c88]
                              2023-06-25T18:09:32.971+08:00 DEBUG 5712 --- [nio-9001-exec-1] s.w.a.DelegatingAuthenticationEntryPoint : Match found! Executing org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint@1a1cb815
                              2023-06-25T18:09:32.971+08:00 DEBUG 5712 --- [nio-9001-exec-1] o.s.s.web.DefaultRedirectStrategy        : Redirecting to http://localhost:9001/oauth2/authorization/oidc-client
                              2023-06-25T18:09:32.977+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3)
                              2023-06-25T18:09:32.979+08:00 DEBUG 5712 --- [nio-9001-exec-2] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped to ResourceHttpRequestHandler [classpath [META-INF/resources/], classpath [resources/], classpath [static/], classpath [public/], ServletContext [/]]
                              2023-06-25T18:09:32.980+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3)
                              2023-06-25T18:09:32.980+08:00 DEBUG 5712 --- [nio-9001-exec-2] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped to ResourceHttpRequestHandler [classpath [META-INF/resources/], classpath [resources/], classpath [static/], classpath [public/], ServletContext [/]]
                              2023-06-25T18:09:32.980+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3)
                              2023-06-25T18:09:32.980+08:00 DEBUG 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Securing GET /oauth2/authorization/oidc-client
                              2023-06-25T18:09:32.980+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/17)
                              2023-06-25T18:09:32.980+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/17)
                              2023-06-25T18:09:32.980+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/17)
                              2023-06-25T18:09:32.980+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/17)
                              2023-06-25T18:09:32.981+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/17)
                              2023-06-25T18:09:32.981+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/17)
                              2023-06-25T18:09:32.981+08:00 TRACE 5712 --- [nio-9001-exec-2] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17)
                              2023-06-25T18:09:35.475+08:00 DEBUG 5712 --- [nio-9001-exec-2] o.s.s.web.DefaultRedirectStrategy        : Redirecting to http://192.168.1.125:9000/oauth2/authorize?response_type=code&client_id=oidc-client&scope=openid%20profile%20all&state=TU46I58jnaXR0IdX4mGacIZkMOXfywv7o9-GNmQ12oI%3D&redirect_uri=http://localhost:9001/login/oauth2/code/oidc-client&nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8
                              2023-06-25T18:09:36.481+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3)
                              2023-06-25T18:09:36.482+08:00 DEBUG 5712 --- [nio-9001-exec-3] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.IndexController#welcome(String, String, String)
                              2023-06-25T18:09:36.482+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3)
                              2023-06-25T18:09:36.482+08:00 DEBUG 5712 --- [nio-9001-exec-3] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.IndexController#welcome(String, String, String)
                              2023-06-25T18:09:36.482+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3)
                              2023-06-25T18:09:36.482+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Securing GET /login/oauth2/code/oidc-client?code=mFkDdqxcVtO8TzDcFFMgex4kxlMzQsX3epjmJp-cMQRc2JzkEK18cY6pFHUMiDuCHjAcqFcjfwztaCrRWL6FBt1nxrrk6l1O8Xa9Iej6hMzrXWVPAth--DMFXvwVgApK&state=TU46I58jnaXR0IdX4mGacIZkMOXfywv7o9-GNmQ12oI%3D
                              2023-06-25T18:09:36.482+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/17)
                              2023-06-25T18:09:36.482+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/17)
                              2023-06-25T18:09:36.483+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/17)
                              2023-06-25T18:09:36.483+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/17)
                              2023-06-25T18:09:36.483+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/17)
                              2023-06-25T18:09:36.483+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/17)
                              2023-06-25T18:09:36.483+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17)
                              2023-06-25T18:09:37.261+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (8/17)
                              2023-06-25T18:09:38.059+08:00 TRACE 5712 --- [nio-9001-exec-3] o.s.security.web.FilterChainProxy        : Invoking OAuth2LoginAuthenticationFilter (9/17)
                              2023-06-25T18:09:44.576+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : HTTP POST http://192.168.1.125:9000/oauth2/token
                              2023-06-25T18:09:44.577+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Accept=[application/json, application/*+json]
                              2023-06-25T18:09:44.577+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Writing [{grant_type=[authorization_code], code=[mFkDdqxcVtO8TzDcFFMgex4kxlMzQsX3epjmJp-cMQRc2JzkEK18cY6pFHUMiDuCHjAcqFcjfwztaCrRWL6FBt1nxrrk6l1O8Xa9Iej6hMzrXWVPAth--DMFXvwVgApK], redirect_uri=[http://localhost:9001/login/oauth2/code/oidc-client]}] as "application/x-www-form-urlencoded;charset=UTF-8"
                              2023-06-25T18:09:48.353+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Response 200 OK
                              2023-06-25T18:09:48.354+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Reading to [org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse] as "application/json;charset=UTF-8"
                              2023-06-25T18:09:48.393+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : HTTP GET http://192.168.1.125:9000/oauth2/jwks
                              2023-06-25T18:09:48.393+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Accept=[text/plain, application/json, application/*+json, */*]
                              2023-06-25T18:09:48.397+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Response 200 OK
                              2023-06-25T18:09:48.397+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Reading to [java.lang.String] as "application/json;charset=ISO-8859-1"
                              2023-06-25T18:09:48.415+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : HTTP GET http://192.168.1.125:9000/userinfo
                              2023-06-25T18:09:48.415+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Accept=[application/json, application/*+json]
                              2023-06-25T18:09:52.253+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Response 200 OK
                              2023-06-25T18:09:52.254+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.web.client.RestTemplate              : Reading to [java.util.Map]
                              2023-06-25T18:09:52.268+08:00 DEBUG 5712 --- [nio-9001-exec-3] .s.ChangeSessionIdAuthenticationStrategy : Changed session id from F5FB786C57F37610E3A9671AB47DAE23
                              2023-06-25T18:09:52.269+08:00 DEBUG 5712 --- [nio-9001-exec-3] w.c.HttpSessionSecurityContextRepository : Stored SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=Name: [user], Granted Authorities: [[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=user, aud=[oidc-client], azp=oidc-client, auth_time=2023-06-25T09:50:36Z, iss=http://192.168.1.125:9000, exp=2023-06-25T10:39:48Z, iat=2023-06-25T10:09:48Z, nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8, sid=7TkynZgAwHYhWeEnl4soX232xgREd1FFcPagGUIc5cc}], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=F5FB786C57F37610E3A9671AB47DAE23], Granted Authorities=[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]]] to HttpSession [org.apache.catalina.session.StandardSessionFacade@3e9daaba]
                              2023-06-25T18:09:52.269+08:00 DEBUG 5712 --- [nio-9001-exec-3] .s.o.c.w.OAuth2LoginAuthenticationFilter : Set SecurityContextHolder to OAuth2AuthenticationToken [Principal=Name: [user], Granted Authorities: [[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=user, aud=[oidc-client], azp=oidc-client, auth_time=2023-06-25T09:50:36Z, iss=http://192.168.1.125:9000, exp=2023-06-25T10:39:48Z, iat=2023-06-25T10:09:48Z, nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8, sid=7TkynZgAwHYhWeEnl4soX232xgREd1FFcPagGUIc5cc}], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=F5FB786C57F37610E3A9671AB47DAE23], Granted Authorities=[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]]
                              2023-06-25T18:09:52.269+08:00 DEBUG 5712 --- [nio-9001-exec-3] o.s.s.web.DefaultRedirectStrategy        : Redirecting to http://localhost:9001/api/login/welcome?continue
                              2023-06-25T18:09:52.276+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3)
                              2023-06-25T18:09:52.277+08:00 DEBUG 5712 --- [nio-9001-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
                              2023-06-25T18:09:52.277+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3)
                              2023-06-25T18:09:52.277+08:00 DEBUG 5712 --- [nio-9001-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
                              2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3)
                              2023-06-25T18:09:52.278+08:00 DEBUG 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Securing GET /api/login/welcome?continue
                              2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/17)
                              2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/17)
                              2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/17)
                              2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/17)
                              2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/17)
                              2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/17)
                              2023-06-25T18:09:52.278+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17)
                              2023-06-25T18:10:00.651+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationRequestRedirectFilter (8/17)
                              2023-06-25T18:10:01.613+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking OAuth2LoginAuthenticationFilter (9/17)
                              2023-06-25T18:10:01.613+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking DefaultLoginPageGeneratingFilter (10/17)
                              2023-06-25T18:10:01.614+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking DefaultLogoutPageGeneratingFilter (11/17)
                              2023-06-25T18:10:01.614+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking RequestCacheAwareFilter (12/17)
                              2023-06-25T18:10:01.614+08:00 DEBUG 5712 --- [nio-9001-exec-4] o.s.s.w.s.HttpSessionRequestCache        : Loaded matching saved request http://localhost:9001/api/login/welcome?continue
                              2023-06-25T18:10:01.615+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderAwareRequestFilter (13/17)
                              2023-06-25T18:10:01.615+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking AnonymousAuthenticationFilter (14/17)
                              2023-06-25T18:10:01.615+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking OAuth2AuthorizationCodeGrantFilter (15/17)
                              2023-06-25T18:10:02.644+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking ExceptionTranslationFilter (16/17)
                              2023-06-25T18:10:02.644+08:00 TRACE 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Invoking AuthorizationFilter (17/17)
                              2023-06-25T18:10:02.645+08:00 DEBUG 5712 --- [nio-9001-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
                              2023-06-25T18:10:02.645+08:00 DEBUG 5712 --- [nio-9001-exec-4] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=Name: [user], Granted Authorities: [[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=user, aud=[oidc-client], azp=oidc-client, auth_time=2023-06-25T09:50:36Z, iss=http://192.168.1.125:9000, exp=2023-06-25T10:39:48Z, iat=2023-06-25T10:09:48Z, nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8, sid=7TkynZgAwHYhWeEnl4soX232xgREd1FFcPagGUIc5cc}], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=F5FB786C57F37610E3A9671AB47DAE23], Granted Authorities=[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]]]
                              2023-06-25T18:10:04.181+08:00 DEBUG 5712 --- [nio-9001-exec-4] o.s.security.web.FilterChainProxy        : Secured GET /api/login/welcome?continue
                              2023-06-25T18:10:04.183+08:00 DEBUG 5712 --- [nio-9001-exec-4] o.s.web.servlet.DispatcherServlet        : GET "/api/login/welcome?continue", parameters={masked}
                              2023-06-25T18:10:04.183+08:00 DEBUG 5712 --- [nio-9001-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome()
                              2023-06-25T18:10:04.196+08:00 DEBUG 5712 --- [nio-9001-exec-4] m.m.a.RequestResponseBodyMethodProcessor : Using 'text/html', given [text/html, application/xhtml+xml, image/webp, image/apng, application/xml;q=0.9, */*;q=0.8, application/signed-exchange;v=b3;q=0.7] and supported [text/plain, */*, application/json, application/*+json]
                              2023-06-25T18:10:04.197+08:00 DEBUG 5712 --- [nio-9001-exec-4] m.m.a.RequestResponseBodyMethodProcessor : Writing ["

                              Welcome!

                              "] 2023-06-25T18:10:04.199+08:00 DEBUG 5712 --- [nio-9001-exec-4] o.s.web.servlet.DispatcherServlet : Completed 200 OK 2023-06-25T18:15:58.455+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3) 2023-06-25T18:15:58.455+08:00 DEBUG 5712 --- [nio-9001-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome() 2023-06-25T18:15:58.455+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3) 2023-06-25T18:15:58.455+08:00 DEBUG 5712 --- [nio-9001-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome() 2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3) 2023-06-25T18:15:58.456+08:00 DEBUG 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Securing GET /api/login/welcome?continue 2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/17) 2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/17) 2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/17) 2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/17) 2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking CsrfFilter (5/17) 2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (6/17) 2023-06-25T18:15:58.456+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17) 2023-06-25T18:16:03.860+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking OAuth2AuthorizationRequestRedirectFilter (8/17) 2023-06-25T18:16:04.596+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking OAuth2LoginAuthenticationFilter (9/17) 2023-06-25T18:16:04.596+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking DefaultLoginPageGeneratingFilter (10/17) 2023-06-25T18:16:04.597+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking DefaultLogoutPageGeneratingFilter (11/17) 2023-06-25T18:16:04.597+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (12/17) 2023-06-25T18:16:04.597+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (13/17) 2023-06-25T18:16:04.597+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (14/17) 2023-06-25T18:16:04.597+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking OAuth2AuthorizationCodeGrantFilter (15/17) 2023-06-25T18:16:05.355+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (16/17) 2023-06-25T18:16:05.355+08:00 TRACE 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Invoking AuthorizationFilter (17/17) 2023-06-25T18:16:05.355+08:00 DEBUG 5712 --- [nio-9001-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome() 2023-06-25T18:16:05.357+08:00 DEBUG 5712 --- [nio-9001-exec-7] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=Name: [user], Granted Authorities: [[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=user, aud=[oidc-client], azp=oidc-client, auth_time=2023-06-25T09:50:36Z, iss=http://192.168.1.125:9000, exp=2023-06-25T10:39:48Z, iat=2023-06-25T10:09:48Z, nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8, sid=7TkynZgAwHYhWeEnl4soX232xgREd1FFcPagGUIc5cc}], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=F5FB786C57F37610E3A9671AB47DAE23], Granted Authorities=[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]]] 2023-06-25T18:16:06.043+08:00 DEBUG 5712 --- [nio-9001-exec-7] o.s.security.web.FilterChainProxy : Secured GET /api/login/welcome?continue 2023-06-25T18:16:06.043+08:00 DEBUG 5712 --- [nio-9001-exec-7] o.s.web.servlet.DispatcherServlet : GET "/api/login/welcome?continue", parameters={masked} 2023-06-25T18:16:06.043+08:00 DEBUG 5712 --- [nio-9001-exec-7] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome() 2023-06-25T18:16:06.045+08:00 DEBUG 5712 --- [nio-9001-exec-7] m.m.a.RequestResponseBodyMethodProcessor : Using 'text/html', given [text/html, application/xhtml+xml, image/webp, image/apng, application/xml;q=0.9, */*;q=0.8, application/signed-exchange;v=b3;q=0.7] and supported [text/plain, */*, application/json, application/*+json] 2023-06-25T18:16:06.045+08:00 DEBUG 5712 --- [nio-9001-exec-7] m.m.a.RequestResponseBodyMethodProcessor : Writing ["

                              Welcome!

                              "] 2023-06-25T18:16:06.045+08:00 DEBUG 5712 --- [nio-9001-exec-7] o.s.web.servlet.DispatcherServlet : Completed 200 OK 2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3) 2023-06-25T18:16:17.363+08:00 DEBUG 5712 --- [nio-9001-exec-8] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome() 2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3) 2023-06-25T18:16:17.363+08:00 DEBUG 5712 --- [nio-9001-exec-8] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome() 2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3) 2023-06-25T18:16:17.363+08:00 DEBUG 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Securing GET /api/login/welcome?continue 2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/17) 2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/17) 2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/17) 2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/17) 2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking CsrfFilter (5/17) 2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (6/17) 2023-06-25T18:16:17.363+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17) 2023-06-25T18:16:22.300+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking OAuth2AuthorizationRequestRedirectFilter (8/17) 2023-06-25T18:16:30.632+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking OAuth2LoginAuthenticationFilter (9/17) 2023-06-25T18:16:30.633+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking DefaultLoginPageGeneratingFilter (10/17) 2023-06-25T18:16:30.634+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking DefaultLogoutPageGeneratingFilter (11/17) 2023-06-25T18:16:30.635+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (12/17) 2023-06-25T18:16:30.636+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (13/17) 2023-06-25T18:16:30.636+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (14/17) 2023-06-25T18:16:30.636+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking OAuth2AuthorizationCodeGrantFilter (15/17) 2023-06-25T18:18:28.978+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (16/17) 2023-06-25T18:18:28.978+08:00 TRACE 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Invoking AuthorizationFilter (17/17) 2023-06-25T18:18:28.979+08:00 DEBUG 5712 --- [nio-9001-exec-8] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome() 2023-06-25T18:18:28.979+08:00 DEBUG 5712 --- [nio-9001-exec-8] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=Name: [user], Granted Authorities: [[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=user, aud=[oidc-client], azp=oidc-client, auth_time=2023-06-25T09:50:36Z, iss=http://192.168.1.125:9000, exp=2023-06-25T10:39:48Z, iat=2023-06-25T10:09:48Z, nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8, sid=7TkynZgAwHYhWeEnl4soX232xgREd1FFcPagGUIc5cc}], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=F5FB786C57F37610E3A9671AB47DAE23], Granted Authorities=[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]]] 2023-06-25T18:18:30.125+08:00 DEBUG 5712 --- [nio-9001-exec-8] o.s.security.web.FilterChainProxy : Secured GET /api/login/welcome?continue 2023-06-25T18:18:30.126+08:00 DEBUG 5712 --- [nio-9001-exec-8] o.s.web.servlet.DispatcherServlet : GET "/api/login/welcome?continue", parameters={masked} 2023-06-25T18:18:30.127+08:00 DEBUG 5712 --- [nio-9001-exec-8] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome() 2023-06-25T18:18:30.130+08:00 DEBUG 5712 --- [nio-9001-exec-8] m.m.a.RequestResponseBodyMethodProcessor : Using 'text/html', given [text/html, application/xhtml+xml, image/webp, image/apng, application/xml;q=0.9, */*;q=0.8, application/signed-exchange;v=b3;q=0.7] and supported [text/plain, */*, application/json, application/*+json] 2023-06-25T18:18:30.131+08:00 DEBUG 5712 --- [nio-9001-exec-8] m.m.a.RequestResponseBodyMethodProcessor : Writing ["

                              Welcome!

                              "] 2023-06-25T18:18:30.132+08:00 DEBUG 5712 --- [nio-9001-exec-8] o.s.web.servlet.DispatcherServlet : Completed 200 OK 2023-06-25T18:18:46.973+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/webjars/**'], Filters=[]] (1/3) 2023-06-25T18:18:46.974+08:00 DEBUG 5712 --- [io-9001-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome() 2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=Mvc [pattern='/assets/**'], Filters=[]] (2/3) 2023-06-25T18:18:46.974+08:00 DEBUG 5712 --- [io-9001-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome() 2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@3bfae028, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1775c4e7, org.springframework.security.web.context.SecurityContextHolderFilter@2e5e6fc4, org.springframework.security.web.header.HeaderWriterFilter@604d23fa, org.springframework.security.web.csrf.CsrfFilter@6f347d7, org.springframework.security.web.authentication.logout.LogoutFilter@799f916e, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@74b86971, org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter@7f79edee, org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter@1ca610a0, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@abad89c, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@47829d6d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@79980d8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58324c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2f677247, org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter@ac91282, org.springframework.security.web.access.ExceptionTranslationFilter@834e986, org.springframework.security.web.access.intercept.AuthorizationFilter@3fbe503c]] (3/3) 2023-06-25T18:18:46.974+08:00 DEBUG 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Securing GET /api/login/welcome?continue 2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking DisableEncodeUrlFilter (1/17) 2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking WebAsyncManagerIntegrationFilter (2/17) 2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderFilter (3/17) 2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking HeaderWriterFilter (4/17) 2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking CsrfFilter (5/17) 2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking LogoutFilter (6/17) 2023-06-25T18:18:46.974+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking OAuth2AuthorizationRequestRedirectFilter (7/17) 2023-06-25T18:18:49.075+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking OAuth2AuthorizationRequestRedirectFilter (8/17) 2023-06-25T18:18:50.364+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking OAuth2LoginAuthenticationFilter (9/17) 2023-06-25T18:18:50.365+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking DefaultLoginPageGeneratingFilter (10/17) 2023-06-25T18:18:50.365+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking DefaultLogoutPageGeneratingFilter (11/17) 2023-06-25T18:18:50.365+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking RequestCacheAwareFilter (12/17) 2023-06-25T18:18:50.365+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking SecurityContextHolderAwareRequestFilter (13/17) 2023-06-25T18:18:50.366+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking AnonymousAuthenticationFilter (14/17) 2023-06-25T18:18:50.366+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking OAuth2AuthorizationCodeGrantFilter (15/17) 2023-06-25T18:18:51.766+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking ExceptionTranslationFilter (16/17) 2023-06-25T18:18:51.767+08:00 TRACE 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Invoking AuthorizationFilter (17/17) 2023-06-25T18:19:57.364+08:00 DEBUG 5712 --- [io-9001-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome() 2023-06-25T18:19:57.366+08:00 DEBUG 5712 --- [io-9001-exec-10] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=Name: [user], Granted Authorities: [[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]], User Attributes: [{sub=user, aud=[oidc-client], azp=oidc-client, auth_time=2023-06-25T09:50:36Z, iss=http://192.168.1.125:9000, exp=2023-06-25T10:39:48Z, iat=2023-06-25T10:09:48Z, nonce=CX2FAAvMv2Hzj8Wv1OXXC-W5LWNS1dWow70sSVF5Qx8, sid=7TkynZgAwHYhWeEnl4soX232xgREd1FFcPagGUIc5cc}], Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=F5FB786C57F37610E3A9671AB47DAE23], Granted Authorities=[OIDC_USER, SCOPE_all, SCOPE_openid, SCOPE_profile]]] 2023-06-25T18:20:35.651+08:00 DEBUG 5712 --- [io-9001-exec-10] o.s.security.web.FilterChainProxy : Secured GET /api/login/welcome?continue 2023-06-25T18:20:35.652+08:00 DEBUG 5712 --- [io-9001-exec-10] o.s.web.servlet.DispatcherServlet : GET "/api/login/welcome?continue", parameters={masked} 2023-06-25T18:20:35.652+08:00 DEBUG 5712 --- [io-9001-exec-10] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to com.sy.authclient.controller.LoginController#welcome() 2023-06-25T18:20:35.655+08:00 DEBUG 5712 --- [io-9001-exec-10] m.m.a.RequestResponseBodyMethodProcessor : Using 'text/html', given [text/html, application/xhtml+xml, image/webp, image/apng, application/xml;q=0.9, */*;q=0.8, application/signed-exchange;v=b3;q=0.7] and supported [text/plain, */*, application/json, application/*+json] 2023-06-25T18:20:35.655+08:00 DEBUG 5712 --- [io-9001-exec-10] m.m.a.RequestResponseBodyMethodProcessor : Writing ["

                              Welcome!

                              "] 2023-06-25T18:20:35.657+08:00 DEBUG 5712 --- [io-9001-exec-10] o.s.web.servlet.DispatcherServlet : Completed 200 OK

                              集成GateWay

                              正在集成中。。。

                              关于 Spring Cloud Alibaba 的基础环境搭建,可以看下面的文章,很详细,本文主要介绍集成OAuth2的过程

                              Spring Cloud Alibaba 最新版本整合完整使用及与各中间件集成(基于Spring Boot 3.0.x)_ricardo.M.Yu的博客-CSDN博客

                              代办事项 

                              现在需要做的改造如下:

                              1、新建授权服务,集成 oauth2-authorization-server ,即auth模块做授权中心

                              2、修改业务模块,集成 oauth2-client,即做资源中心与客户端

                              3、修改网关模块,即 gateway 做相关修改

                              Oauth2主要结构

                              OAuth2AuthorizationEndpointFilter: 针对 /login 或自行请求 授权码的处理器

                              OAuth2TokenEndpointFilter:针对获取 token 时的处理器

                              ProviderManager:

                              OAuth2ClientAuthenticationFilter

                              OAuth2TokenEndpointFilter

                              ClientSecretAuthenticationProvider

                              DelegatingAuthenticationConverter

                              OAuth2AuthorizationCodeAuthenticationProvider

                              OAuth2AuthorizationEndpointFilter

                              UsernamePasswordAuthenticationFilter

                              AuthenticationEntryPoint 

                              LoginUrlAuthenticationEntryPoint

                              sql脚本

                              我直接整理好了

                              /*
                              IMPORTANT:
                                  If using PostgreSQL, update ALL columns defined with 'blob' to 'text',
                                  as PostgreSQL does not support the 'blob' data type.
                              */
                              CREATE TABLE oauth2_authorization (
                                  id varchar(100) NOT NULL,
                                  registered_client_id varchar(100) NOT NULL,
                                  principal_name varchar(200) NOT NULL,
                                  authorization_grant_type varchar(100) NOT NULL,
                                  authorized_scopes varchar(1000) DEFAULT NULL,
                                  attributes blob DEFAULT NULL,
                                  state varchar(500) DEFAULT NULL,
                                  authorization_code_value blob DEFAULT NULL,
                                  authorization_code_issued_at timestamp DEFAULT NULL,
                                  authorization_code_expires_at timestamp DEFAULT NULL,
                                  authorization_code_metadata blob DEFAULT NULL,
                                  access_token_value blob DEFAULT NULL,
                                  access_token_issued_at timestamp DEFAULT NULL,
                                  access_token_expires_at timestamp DEFAULT NULL,
                                  access_token_metadata blob DEFAULT NULL,
                                  access_token_type varchar(100) DEFAULT NULL,
                                  access_token_scopes varchar(1000) DEFAULT NULL,
                                  oidc_id_token_value blob DEFAULT NULL,
                                  oidc_id_token_issued_at timestamp DEFAULT NULL,
                                  oidc_id_token_expires_at timestamp DEFAULT NULL,
                                  oidc_id_token_metadata blob DEFAULT NULL,
                                  refresh_token_value blob DEFAULT NULL,
                                  refresh_token_issued_at timestamp DEFAULT NULL,
                                  refresh_token_expires_at timestamp DEFAULT NULL,
                                  refresh_token_metadata blob DEFAULT NULL,
                                  user_code_value blob DEFAULT NULL,
                                  user_code_issued_at timestamp DEFAULT NULL,
                                  user_code_expires_at timestamp DEFAULT NULL,
                                  user_code_metadata blob DEFAULT NULL,
                                  device_code_value blob DEFAULT NULL,
                                  device_code_issued_at timestamp DEFAULT NULL,
                                  device_code_expires_at timestamp DEFAULT NULL,
                                  device_code_metadata blob DEFAULT NULL,
                                  PRIMARY KEY (id)
                              );
                              CREATE TABLE oauth2_authorization_consent (
                                  registered_client_id varchar(100) NOT NULL,
                                  principal_name varchar(200) NOT NULL,
                                  authorities varchar(1000) NOT NULL,
                                  PRIMARY KEY (registered_client_id, principal_name)
                              );
                              CREATE TABLE oauth2_registered_client (
                                  id varchar(100) NOT NULL,
                                  client_id varchar(100) NOT NULL,
                                  client_id_issued_at timestamp DEFAULT CURRENT_TIMESTAMP NOT NULL,
                                  client_secret varchar(200) DEFAULT NULL,
                                  client_secret_expires_at timestamp DEFAULT NULL,
                                  client_name varchar(200) NOT NULL,
                                  client_authentication_methods varchar(1000) NOT NULL,
                                  authorization_grant_types varchar(1000) NOT NULL,
                                  redirect_uris varchar(1000) DEFAULT NULL,
                                  post_logout_redirect_uris varchar(1000) DEFAULT NULL,
                                  scopes varchar(1000) NOT NULL,
                                  client_settings varchar(2000) NOT NULL,
                                  token_settings varchar(2000) NOT NULL,
                                  PRIMARY KEY (id)
                              );
                              
微信扫一扫加客服

微信扫一扫加客服

点击启动AI问答
Draggable Icon