在 Azure AD 集成 Spring Boot 应用程序中检索 OAuth 2.0 访问令牌时出错

问题描述 投票:0回答:1

我已使用依赖项 spring-cloud-azure-starter-active-directory 在 Spring Boot 项目的 application.properties 文件中配置了 Azure AD 凭据。这是配置:

spring.cloud.azure.active-directory.enabled=true
spring.cloud.azure.active-directory.profile.tenant-id=${TENANT_ID_ENV_VAR}
spring.cloud.azure.active-directory.credential.client-id=${CLIENT_ID_ENV_VAR}
spring.cloud.azure.active-directory.credential.client-secret=${CLIENT_SECRET_ENV_VAR}

申请代码:

@RestController
public class HelloController {

    @GetMapping("/user")
    public String getUserInfo(
            @AuthenticationPrincipal OAuth2User principal) {

        // Retrieve the email or username from the principal
        String userName = principal.getAttribute("preferred_username");

        // Return a response with the user's email
        return "Hello: " + userName;
    }
}

目前,我在特定的 Azure Web App (ASP) 服务器上遇到错误:

[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: I/O error on POST request for "https://login.microsoftonline.com/0d993ad3-fa73-421a-b129-1fe5590103f3/oauth2/v2.0/token": login.microsoftonline.com: Temporary failure in name resolution.

我已经交叉检查了 AD 凭据,并且在本地环境和不同的 Web 应用程序中也得到了成功的响应。在参考了下面提到的一些Google文档和链接之后,我已经进行了必要的调整,但我仍然在该网络应用程序上遇到相同的错误。

Spring Boot 版本:

<properties>
        <java.version>17</java.version>
        <spring-cloud-azure.version>5.5.0</spring-cloud-azure.version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-oauth2-client</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>com.azure.spring</groupId>
            <artifactId>spring-cloud-azure-starter-active-directory</artifactId>
        </dependency>
    </dependencies>

链接:https://learn.microsoft.com/en-us/answers/questions/1600366/receiving-(invalid-token-response)-error-while-imp

您能否指导我如何修复/解决此问题以及导致此问题的可能原因是什么。

这是错误截图供您参考。 enter image description here

spring spring-boot azure azure-active-directory azure-web-app-service
1个回答
0
投票

我在本地和 Azure Web 应用程序中成功检索了 

username
access token

HelloController.java:

我已如下修改

HelloController
以检索访问令牌。

            @RegisteredOAuth2AuthorizedClient("azure") OAuth2AuthorizedClient authorizedClient,
            @RequestParam(name = "path", required = false) String path) {
        if (principal != null) {
            String userName = principal.getAttribute("preferred_username");
            String accessToken = authorizedClient.getAccessToken().getTokenValue();
            return "Hello: " + userName + "<br>Access Token: " + accessToken;
        } else {
            return "No user found";
        }
    }
}

以下是完整的

HelloController
课程。

import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class HelloController {

    @GetMapping("/user")
    public String AccessManagementEntity(
            @AuthenticationPrincipal OAuth2User principal,
            @RegisteredOAuth2AuthorizedClient("azure") OAuth2AuthorizedClient authorizedClient,
            @RequestParam(name = "path", required = false) String path) {
        if (principal != null) {
            String userName = principal.getAttribute("preferred_username");
            String accessToken = authorizedClient.getAccessToken().getTokenValue();
            return "Hello: " + userName + "<br>Access Token: " + accessToken;
        } else {
            return "No user found";
        }
    }
}

SecurityConfig.java:

我在 

SecurityConfig
类中添加了登录逻辑。

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;

@Configuration
public class SecurityConfig {
    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
        http
                .csrf(ServerHttpSecurity.CsrfSpec::disable)
                .authorizeExchange(exchange -> exchange
                        .pathMatchers("/signin/**", "/login/oauth2/**").permitAll()
                        .anyExchange().authenticated()
                )
                .oauth2Login(oauth2 -> oauth2
                        .authenticationSuccessHandler((webFilterExchange, authentication) -> {
                            return webFilterExchange.getExchange().getResponse().setComplete();
                        })
                );
        return http.build();
    }
}

应用程序属性:

spring.security.oauth2.client.registration.azure.client-id=<clientID>
spring.security.oauth2.client.registration.azure.client-secret=<clientSecret>
spring.security.oauth2.client.registration.azure.client-authentication-method=client_secret_basic
spring.security.oauth2.client.registration.azure.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.azure.redirect-uri=http://localhost:8080/login/oauth2/code/azure
spring.security.oauth2.client.registration.azure.scope=openid,profile,email
spring.security.oauth2.client.registration.azure.client-name=Azure
spring.security.oauth2.client.provider.azure.issuer-uri=https://login.microsoftonline.com/<tenantID>/v2.0
spring.security.oauth2.client.provider.azure.authorization-uri=https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/authorize
spring.security.oauth2.client.provider.azure.token-uri=https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token
spring.security.oauth2.client.provider.azure.user-info-uri=https://graph.microsoft.com/oidc/userinfo
azure.activedirectory.tenant-id=<tenantID>
logging.level.org.springframework.security=DEBUG

pom.xml:

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-webflux</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-oauth2-client</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-oauth2-jose</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-thymeleaf</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>io.projectreactor</groupId>
        <artifactId>reactor-test</artifactId>
        <scope>test</scope>
    </dependency>
</dependencies>

我已在 

Authentication
下的服务主体中添加了本地和 Azure Web Apps 的重定向 URI,如下所示。

http://localhost:8080/login/oauth2/code/azure

<AzureWebAppsURL>/login/oauth2/code/azure

enter image description here

本地输出:

enter image description here

我在浏览器中成功检索到了

userName
Access Token

enter image description here

Note
:部署之前,请确保将 
application.properties
文件中的重定向 URI 更新为 Web 应用程序 URL,如下所示。

spring.security.oauth2.client.registration.azure.redirect-uri=<AzureWebAppsURL>/login/oauth2/code/azure

Azure Web 应用程序输出:

我在 Azure Web 应用程序中成功检索了 

userName
Access Token

enter image description here

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.