1
我在localhost:8080上使用/ api和/ app all運行/ uaa時沒有問題。授權碼流程和隱式流程都完美無瑕。當在不同域中運行時,Cloudfoundry UAA資源應用(/ api)訪問被拒絕
但是,我發現在同一個域上運行所有應用程序都不太現實,所以我決定在不同的域上測試它們。下面是我所做的: - 在本地主機上啓動/ UAA:8080 - 在本地主機上啓動/ API:8181 - 在本地主機上啓動/應用:8282 - 更改所有URL配置爲指向正確的地址
授權流量仍然正常。但是,我得到了拒絕訪問,導致隱式流程出現javascript錯誤。
當/應用程序試圖聯繫/ API,/ API拋出這樣的:
------------------------------------------------------------------------------------
DEBUG --- FilterSecurityInterceptor: Secure object: FilterInvocation: URL: /apps; Attributes: [scope=cloud_controller.read]
[2013-11-04 18:26:42.521] samples/api - ???? [http-8181-2] .... DEBUG --- FilterSecurityInterceptor: Previously Authenticated: org.sprin[email protected]9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
[2013-11-04 18:26:42.521] samples/api - ???? [http-8181-2] .... DEBUG --- UnanimousBased: Voter: [email protected]82ec7, returned: 0
[2013-11-04 18:26:42.521] samples/api - ???? [http-8181-2] .... DEBUG --- UnanimousBased: Voter: [email protected]645, returned: 0
[2013-11-04 18:26:42.522] samples/api - ???? [http-8181-2] .... DEBUG --- ExceptionTranslationFilter: Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AbstractAccessDecisionManager.checkAllowIfAllAbstainDecisions(AbstractAccessDecisionManager.java:70)
at org.springframework.security.access.vote.UnanimousBased.decide(UnanimousBased.java:107)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:206)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.cloudfoundry.identity.api.web.ContentTypeFilter.doFilter(ContentTypeFilter.java:64)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter.doFilter(OAuth2AuthenticationProcessingFilter.java:131)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.cloudfoundry.identity.api.web.CorsFilter.doFilterInternal(CorsFilter.java:37)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:722)
------------------------------------------------------------------------------------
似乎/ API無法檢索驗證上下文用戶瑪麗莎的身份,因爲它只得到了匿名用戶(運行本地主機上的所有三個應用程序都將顯示'從安全http會話中檢索到的marissa')。
我想知道什麼是在不同的域上配置UAA及其示例的正確方法。
看起來好像你試圖用斜槓'/'來添加格式到你的問題。嘗試單擊編輯窗口上方的橙色矩形問號以獲取格式化幫助。除此之外,是否有任何方法可以使您的調試轉儲更簡潔?我不認爲很多人會想要閱讀所有這些。 –