I have created three application as "spring cloud gateway(8081)", "spring oauth2 auth server(8094)" and "spring oauth2 resource server(8097)".
When I want to request to resource server, first I need to request gw, it forwards to oauth server and I login there (oauth also has spring security layer). After successful login, it redirects to back gw server such a http://localhost:8081/login/oauth2/code/gateway?code=6ldKVF&state=0WvvWdTs8G_XchSTQKqgokua_XDVQziqVZ_VXLMqIS0%3D url. then, error happened in screen.
When I login successfully at auth server, there is a trace log in gateway server console:
2020-01-17 17:52:11.825 TRACE 11336 --- [ctor-http-nio-4] o.s.http.codec.json.Jackson2JsonDecoder :[21762c89] Decoded [{access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsib2F1dGgyLXJlc291cmNlIl0sInVzZXJfbmFtZSI6ImRnIiwic2NvcGUiOlsiY3VzdG9tX21vZCJdLCJleHAiOjE1NzkyNzI3NDEsImF1dGhvcml0aWVzIjpbIlJPTEVfQURNSU4iXSwianRpIjoiOWUzYzQ2YTQtMDJiZi00MTgwLTg1ZTktMGJhOTM0MjBhYjg4IiwiY2xpZW50X2lkIjoiZmlyc3QtY2xpZW50In0.xdWGm420tvp2Rzq0AyCgOTcDuKvP-V6JFd76KmJJf7o, token_type=bearer, refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsib2F1dGgyLXJlc291cmNlIl0sInVzZXJfbmFtZSI6ImRnIiwic2NvcGUiOlsiY3VzdG9tX21vZCJdLCJhdGkiOiI5ZTNjNDZhNC0wMmJmLTQxODAtODVlOS0wYmE5MzQyMGFiODgiLCJleHAiOjE1NzkyNzI3NTEsImF1dGhvcml0aWVzIjpbIlJPTEVfQURNSU4iXSwianRpIjoiYzEyNWExM2ItMmMzYS00ZGM0LWJjODgtZDc4ZDk1ZTljNzQ5IiwiY2xpZW50X2lkIjoiZmlyc3QtY2xpZW50In0.KhRIy7wOH2IsswDZ_AIXVFdtu6JZqtiLBZGZIypeNRw, expires_in=9, scope=custom_mod, jti=9e3c46a4-02bf-4180-85e9-0ba93420ab88}]
When I decode to access token jwt, here is the result.
{
"aud": [
"oauth2-resource"
],
"user_name": "dg",
"scope": [
"custom_mod"
],
"exp": 1579272741,
"authorities": [
"ROLE_ADMIN"
],
"jti": "9e3c46a4-02bf-4180-85e9-0ba93420ab88",
"client_id": "first-client"
}
I think, I am missing some parts to implement in gateway server or oauth server but I couldnt find. because when I tried to use okta instead of my custom auth server, there is no error.
Gateway application.properties
server.port=8081
spring.security.oauth2.client.registration.gateway.client-id=first-client
spring.security.oauth2.client.registration.gateway.client-secret=noonewilleverguess
spring.security.oauth2.client.registration.gateway.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.gateway.redirect-uri={baseUrl}/login/oauth2/code/{registrationId}
spring.security.oauth2.client.provider.gateway.authorization-uri=http://localhost:8094/oauth/authorize
spring.security.oauth2.client.provider.gateway.token-uri=http://localhost:8094/oauth/token?scope=custom_mod
spring.security.oauth2.client.provider.gateway.user-info-uri=http://localhost:8094/userinfo
spring.security.oauth2.client.provider.gateway.user-name-attribute=name
logging.level.root=trace
Here is the screen eror message:
Fri Jan 17 17:28:11 EET 2020 [83c168ec] There was an unexpected error (type=Internal Server Error, status=500). No provider found for class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken
Here is the console error message:
2020-01-17 17:40:27.204 ERROR 7180 --- [ctor-http-nio-2] a.w.r.e.AbstractErrorWebExceptionHandler : [93951d85] 500 Server Error for HTTP GET "/login/oauth2/code/gateway?code=n35lEN&state=fZ94ZsZySnUwaG1vS32cX4sXU9KJ6aRm58twQMrR9sQ%3D"
java.lang.IllegalStateException: No provider found for class org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken at org.springframework.security.web.server.authentication.AuthenticationWebFilter.lambda$authenticate$5(AuthenticationWebFilter.java:118) ~[spring-security-web-5.2.1.RELEASE.jar:5.2.1.RELEASE] Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException: Error has been observed at the following site(s): |_ checkpoint ⇢ org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter [DefaultWebFilterChain] |_ checkpoint ⇢ org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter [DefaultWebFilterChain] |_ checkpoint ⇢ org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter [DefaultWebFilterChain] |_ checkpoint ⇢ org.springframework.security.web.server.context.ReactorContextWebFilter [DefaultWebFilterChain] |_ checkpoint ⇢ org.springframework.security.web.server.csrf.CsrfWebFilter [DefaultWebFilterChain] |_ checkpoint ⇢ org.springframework.security.web.server.header.HttpHeaderWriterWebFilter [DefaultWebFilterChain] |_ checkpoint ⇢ org.springframework.security.config.web.server.ServerHttpSecurity$ServerWebExchangeReactorContextWebFilter [DefaultWebFilterChain] |_ checkpoint ⇢ org.springframework.security.web.server.WebFilterChainProxy [DefaultWebFilterChain] |_ checkpoint ⇢ HTTP GET "/login/oauth2/code/gateway?code=n35lEN&state=fZ94ZsZySnUwaG1vS32cX4sXU9KJ6aRm58twQMrR9sQ%3D" [ExceptionHandlingWebHandler] Stack trace: at org.springframework.security.web.server.authentication.AuthenticationWebFilter.lambda$authenticate$5(AuthenticationWebFilter.java:118) ~[spring-security-web-5.2.1.RELEASE.jar:5.2.1.RELEASE] at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:44) ~[reactor-core-3.3.1.RELEASE.jar:3.3.1.RELEASE] at reactor.core.publisher.Mono.subscribe(Mono.java:4105) ~[reactor-core-3.3.1.RELEASE.jar:3.3.1.RELEASE] at reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:75) ~[reactor-core-3.3.1.RELEASE.jar:3.3.1.RELEASE]
edit: shortened to understand the problem.
