调接口遇到的异常错误:
{ "error": "unauthorized", "error_description": "Full authentication is required to access this resource" }
1.开启日志debug模式,日志打印的错误是:
org.springframework.security.access.AccessDeniedException: Access is denied
2.向上排查到:
cloud-wjw-report-sso:: 2021-03-02 15:57:45 DEBUG [http-nio-9001-exec-5] o.s.s.o.p.authentication.BearerTokenExtractor - Token not found in headers. Trying request parameters.
cloud-wjw-report-sso:: 2021-03-02 15:57:45 DEBUG [http-nio-9001-exec-5] o.s.s.o.p.authentication.BearerTokenExtractor - Token not found in request parameters. Not an OAuth2 request.
3.双击shift查找类,BearerTokenExtractor,定位到:
protected String extractToken(HttpServletRequest request) { String token = this.extractHeaderToken(request); if (token == null) { logger.debug("Token not found in headers. Trying request parameters."); token = request.getParameter("access_token"); if (token == null) { logger.debug("Token not found in request parameters. Not an OAuth2 request."); } else { request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_TYPE, "Bearer"); } } return token; }
4.梳理逻辑可知,header里的传参数方式如下,并非 access_token
protected String extractHeaderToken(HttpServletRequest request) { Enumeration headers = request.getHeaders("Authorization"); String value; do { if (!headers.hasMoreElements()) { return null; } value = (String)headers.nextElement(); } while(!value.toLowerCase().startsWith("Bearer".toLowerCase())); String authHeaderValue = value.substring("Bearer".length()).trim(); request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_TYPE, value.substring(0, "Bearer".length()).trim()); int commaIndex = authHeaderValue.indexOf(44); if (commaIndex > 0) { authHeaderValue = authHeaderValue.substring(0, commaIndex); } return authHeaderValue; }
5.源自jwt的标准:
https://jwt.io/introduction/