问题
I am working on a microservice architecture developed in Spring boot with an API gateway service using Spring Cloud Gateway. I am using Keycloak as an identity provider. Everything is working fine normally, but I am getting intermediate authorization_request_not_found exception on user login and a whitelable error page occurs. If we try again, it works.
Below is the exception I received on Keycloak server:
[org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-264) Failed to make identity provider oauth callback: org.keycloak.broker.provider.IdentityBrokerException: No access_token from server.
at org.keycloak.keycloak-services@9.0.3//org.keycloak.broker.oidc.OIDCIdentityProvider.verifyAccessToken(OIDCIdentityProvider.java:495)
at org.keycloak.keycloak-services@9.0.3//org.keycloak.broker.oidc.OIDCIdentityProvider.getFederatedIdentity(OIDCIdentityProvider.java:360)
at org.keycloak.keycloak-services@9.0.3//org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:472)
at jdk.internal.reflect.GeneratedMethodAccessor938.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138)
at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:517)
at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:406)
at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:370)
at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:356)
at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:372)
at org.jboss.resteasy.resteasy-jaxrs@3.9.1.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:344)
... more stack trace
Below is the configuration code:
spring:
mvc:
favicon:
enabled: false
autoconfigure:
exclude: org.springframework.boot.actuate.autoconfigure.security.reactive.ReactiveManagementWebSecurityAutoConfiguration
thymeleaf:
cache: false
security:
oauth2:
resourceserver:
jwt:
jwk-set-uri : http://localhost:8080/auth/realms/<realm-name>/protocol/openid-connect/certs
client:
registration:
keycloak:
client-id: <client-id>
client-secret: <client-secret>
clientName: <client-name>
authorization-grant-type: authorization_code
provider: keycloak
redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
scope:
- openid
- profile
- email
provider:
keycloak:
issuer-uri: http://localhost:8080/auth/realms/<realm-name>
user-name-attribute: preferred_username
cloud:
gateway:
httpclient:
connect-timeout: 6000000
response-timeout: 600s
ssl:
close-notify-read-timeout: 600s
close-notify-flush-timeout: 600s
handshake-timeout: 600s
pool:
acquire-timeout: 6000000
type: fixed
max-connections: 5000
servlet:
multipart:
max-file-size: 100MB
max-request-size: 100MB
Below is some part of my pom.xml
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.9.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<properties>
<java.version>1.8</java.version>
<spring-cloud.version>Greenwich.SR5</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-gateway</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.3.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-jwt</artifactId>
<version>1.0.9.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-resource-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
Below is the stack trace of exception on Gateway server:
2020-06-13 08:04:17.237 ERROR 1 --- [or-http-epoll-3] a.w.r.e.AbstractErrorWebExceptionHandler : [47e02fef] 500 Server Error for HTTP GET "/login/oauth2/code/keycloak?state=YpBEDGlrHg1-podfMyIrKp02WYVPDIMRu_59vuRqado%3D&session_state=e8f4736b-1985-4730-af00-f55b38edf44a&code=1050f391-8438-4c18-ba52-d343ed25aa1c.e8f4736b-1985-4730-af00-f55b38edf44a.5b3ba9ec-3da5-4549-aaa8-79cf360f1d6d"
org.springframework.security.oauth2.core.OAuth2AuthorizationException: [authorization_request_not_found]
at org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.lambda$oauth2AuthorizationException$1(ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.java:82) ~[spring-security-oauth2-client-5.1.6.RELEASE.jar!/:5.1.6.RELEASE]
at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:44) [reactor-core-3.2.12.RELEASE.jar!/:3.2.12.RELEASE]
at reactor.core.publisher.Mono.subscribe(Mono.java:3858) ~[reactor-core-3.2.12.RELEASE.jar!/:3.2.12.RELEASE]
at reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:75) ~[reactor-core-3.2.12.RELEASE.jar!/:3.2.12.RELEASE]
at reactor.core.publisher.FluxHandle$HandleSubscriber.onComplete(FluxHandle.java:207) ~[reactor-core-3.2.12.RELEASE.jar!/:3.2.12.RELEASE]
at reactor.core.publisher.FluxHandle$HandleSubscriber.onNext(FluxHandle.java:128) ~[reactor-core-3.2.12.RELEASE.jar!/:3.2.12.RELEASE]
at reactor.core.publisher.FluxMap$MapConditionalSubscriber.onNext(FluxMap.java:213) ~[reactor-core-3.2.12.RELEASE.jar!/:3.2.12.RELEASE]
at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1515) ~[reactor-core-3.2.12.RELEASE.jar!/:3.2.12.RELEASE]
at reactor.core.publisher.MonoProcessor.onNext(MonoProcessor.java:389) ~[reactor-core-3.2.12.RELEASE.jar!/:3.2.12.RELEASE]
at reactor.core.publisher.FluxPeek$PeekSubscriber.onNext(FluxPeek.java:192) ~[reactor-core-3.2.12.RELEASE.jar!/:3.2.12.RELEASE]
at reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onNext(FluxSwitchIfEmpty.java:67) ~[reactor-core-3.2.12.RELEASE.jar!/:3.2.12.RELEASE]
at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1515) ~[reactor-core-3.2.12.RELEASE.jar!/:3.2.12.RELEASE]
at reactor.core.publisher.MonoSupplier.subscribe(MonoSupplier.java:61) ~[reactor-core-3.2.12.RELEASE.jar!/:3.2.12.RELEASE]
at reactor.core.publisher.Mono.subscribe(Mono.java:3858) ~[reactor-core-3.2.12.RELEASE.jar!/:3.2.12.RELEASE]
at reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:75) ~[reactor-core-3.2.12.RELEASE.jar!/:3.2.12.RELEASE]
at reactor.core.publisher.MonoNext$NextSubscriber.onComplete(MonoNext.java:96) ~[reactor-core-3.2.12.RELEASE.jar!/:3.2.12.RELEASE]
at reactor.core.publisher.FluxConcatMap$ConcatMapImmediate.drain(FluxConcatMap.java:360) ~[reactor-core-3.2.12.RELEASE.jar!/:3.2.12.RELEASE]
at reactor.core.publisher.FluxConcatMap$ConcatMapImmediate.onComplete(FluxConcatMap.java:269) ~[reactor-core-3.2.12.RELEASE.jar!/:3.2.12.RELEASE]
at reactor.core.publisher.Operators.complete(Operators.java:131) ~[reactor-core-3.2.12.RELEASE.jar!/:3.2.12.RELEASE]
at reactor.core.publisher.FluxIterable.subscribe(FluxIterable.java:122) ~[reactor-core-3.2.12.RELEASE.jar!/:3.2.12.RELEASE]
at reactor.core.publisher.FluxIterable.subscribe(FluxIterable.java:63) ~[reactor-core-3.2.12.RELEASE.jar!/:3.2.12.RELEASE]
at reactor.core.publisher.FluxConcatMap.subscribe(FluxConcatMap.java:121) ~[reactor-core-3.2.12.RELEASE.jar!/:3.2.12.RELEASE]
... more stack trace.
As far as I have seen, there is no pattern or a scenario when this exception occurs. It just occurs randomly. I have visited several blogs and other stack overflow issues but I can't figure it out what's wrong in my configs.
Is there any way I can find out what is wrong ?
Any help is much appreciated. Thanks in advance!
来源:https://stackoverflow.com/questions/62430181/intermediate-authorization-request-not-found-error-with-spring-cloud-gateway-and