问题描述
我正在尝试在我的Spring Boot应用程序中实现基于Google的身份验证。 一切在 normal 版本(我自己的应用程序)中都可以正常运行,但有时必须通过iframe在第三方网站(具有不同的域)中提供服务。
我无法完成它,因为每次都抛出Possible CSRF detected - state parameter was required but no state could be found
异常。
奇怪的是-它仅在Google Chrome浏览器中发生,而在Firefox中没有问题。
我认为cookie /域/会话内容存在一些问题,但是我找不到解决方法。
我正在使用
-
Spring Boot 1.4.7.RELEASE
来自 -
org.springframework.security.oauth:spring-security-oauth2:2.0.14.RELEASE
spring-security-oauth2
的我的Oauth2过滤器创建如下:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and().csrf().disable()
.cors().and()
.addFilterBefore(oauthFilter(...client),BasicAuthenticationFilter.class)
.headers().cacheControl().disable();
}
private Filter oauthFilter(AuthorizationCodeResourceDetails client) {
OAuth2ClientAuthenticationProcessingFilter filter = new OAuth2ClientAuthenticationProcessingFilter("/login/google");
OAuth2RestTemplate template = new OAuth2RestTemplate(client,oauth2ClientContext);
filter.setRestTemplate(template);
UserInfoTokenServices userInfoTokenServices = new UserInfoTokenServices(...);
userInfoTokenServices.setPrincipalExtractor(...);
filter.setTokenServices(userInfoTokenServices);
filter.setAuthenticationFailureHandler(...);
filter.setAuthenticationSuccessHandler(...);
return filter;
}
完全例外:
org.springframework.security.oauth2.common.exceptions.InvalidRequestException: Possible CSRF detected - state parameter was required but no state could be found
at org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider.getParametersForTokenRequest(AuthorizationCodeAccessTokenProvider.java:255)
at org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider.obtainAccessToken(AuthorizationCodeAccessTokenProvider.java:209)
at org.springframework.security.oauth2.client.token.AccessTokenProviderChain.obtainNewAccessTokenInternal(AccessTokenProviderChain.java:148)
at org.springframework.security.oauth2.client.token.AccessTokenProviderChain.obtainAccessToken(AccessTokenProviderChain.java:121)
at org.springframework.security.oauth2.client.OAuth2RestTemplate.acquireAccessToken(OAuth2RestTemplate.java:221)
at org.springframework.security.oauth2.client.OAuth2RestTemplate.getAccessToken(OAuth2RestTemplate.java:173)
at org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter.attemptAuthentication(OAuth2ClientAuthenticationProcessingFilter.java:105)
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)