清除浏览器缓存后提示OAuth Error


#1
  • Choerodon平台版本: 0.14.0

  • 遇到问题的执行步骤:
    不清除缓存登陆都是正常的,但是将浏览器的缓存删除之后,重新登陆api.example.com就提示如下

  • 文档地址:

  • 环境信息(如:节点信息):

  • 报错日志:

2019-05-10 11:34:48.809  INFO 1 --- [XNIO-3 task-241] o.s.s.o.p.e.AuthorizationEndpoint        : Handling ClientRegistrationException error: No client found : choerodon
2019-05-10 11:36:06.509  INFO 1 --- [XNIO-3 task-255] o.s.l.c.support.AbstractContextSource    : Property 'userDn' not set - anonymous context will be used for read-write operations
2019-05-10 11:36:06.516 ERROR 1 --- [XNIO-3 task-255] .o.i.c.u.ChoerodonAuthenticationProvider : ldap anonymous search failed, filter (&(objectclass=person)(cn=yangyan@example.cn)), exception {}

org.springframework.ldap.AuthenticationNotSupportedException: [LDAP: error code 48 - anonymous bind disallowed]; nested exception is javax.naming.AuthenticationNotSupportedException: [LDAP: error code 48 - anonymous bind disallowed]
	at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:194) ~[spring-ldap-core-2.3.2.RELEASE.jar!/:2.3.2.RELEASE]
	at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:355) ~[spring-ldap-core-2.3.2.RELEASE.jar!/:2.3.2.RELEASE]
	at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:139) ~[spring-ldap-core-2.3.2.RELEASE.jar!/:2.3.2.RELEASE]
	at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:158) ~[spring-ldap-core-2.3.2.RELEASE.jar!/:2.3.2.RELEASE]
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:357) ~[spring-ldap-core-2.3.2.RELEASE.jar!/:2.3.2.RELEASE]
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:309) ~[spring-ldap-core-2.3.2.RELEASE.jar!/:2.3.2.RELEASE]
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:642) ~[spring-ldap-core-2.3.2.RELEASE.jar!/:2.3.2.RELEASE]
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:578) ~[spring-ldap-core-2.3.2.RELEASE.jar!/:2.3.2.RELEASE]
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:1617) ~[spring-ldap-core-2.3.2.RELEASE.jar!/:2.3.2.RELEASE]
	at io.choerodon.oauth.infra.common.util.ChoerodonAuthenticationProvider.ldapAuthentication(ChoerodonAuthenticationProvider.java:232) [classes!/:0.8.0.RELEASE]
	at io.choerodon.oauth.infra.common.util.ChoerodonAuthenticationProvider.checkPassword(ChoerodonAuthenticationProvider.java:199) [classes!/:0.8.0.RELEASE]
	at io.choerodon.oauth.infra.common.util.ChoerodonAuthenticationProvider.additionalAuthenticationChecks(ChoerodonAuthenticationProvider.java:192) [classes!/:0.8.0.RELEASE]
	at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:166) [spring-security-core-4.2.7.RELEASE.jar!/:4.2.7.RELEASE]
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) [spring-security-core-4.2.7.RELEASE.jar!/:4.2.7.RELEASE]
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199) [spring-security-core-4.2.7.RELEASE.jar!/:4.2.7.RELEASE]
	at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94) [spring-security-web-4.2.7.RELEASE.jar!/:4.2.7.RELEASE]
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) [spring-security-web-4.2.7.RELEASE.jar!/:4.2.7.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.7.RELEASE.jar!/:4.2.7.RELEASE]
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) [spring-security-web-4.2.7.RELEASE.jar!/:4.2.7.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.7.RELEASE.jar!/:4.2.7.RELEASE]
	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) [spring-security-web-4.2.7.RELEASE.jar!/:4.2.7.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.7.RELEASE.jar!/:4.2.7.RELEASE]
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-4.2.7.RELEASE.jar!/:4.2.7.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.7.RELEASE.jar!/:4.2.7.RELEASE]
	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) [spring-security-web-4.2.7.RELEASE.jar!/:4.2.7.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) [spring-security-web-4.2.7.RELEASE.jar!/:4.2.7.RELEASE]
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) [spring-security-web-4.2.7.RELEASE.jar!/:4.2.7.RELEASE]
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) [spring-security-web-4.2.7.RELEASE.jar!/:4.2.7.RELEASE]
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347) [spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE]
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263) [spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) [spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) [spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at org.springframework.session.web.http.SessionRepositoryFilter.doFilterInternal(SessionRepositoryFilter.java:167) [spring-session-1.3.3.RELEASE.jar!/:na]
	at org.springframework.session.web.http.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:80) [spring-session-1.3.3.RELEASE.jar!/:na]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) [spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:106) [spring-boot-actuator-1.5.14.RELEASE.jar!/:1.5.14.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.micrometer.spring.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:91) [micrometer-spring-legacy-1.0.6.jar!/:1.0.6]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.18.RELEASE.jar!/:4.3.18.RELEASE]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:64) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) [undertow-core-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) [undertow-core-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) [undertow-servlet-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:336) [undertow-core-1.4.25.Final.jar!/:1.4.25.Final]
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) [undertow-core-1.4.25.Final.jar!/:1.4.25.Final]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_181]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_181]
	at java.lang.Thread.run(Thread.java:748) [na:1.8.0_181]
Caused by: javax.naming.AuthenticationNotSupportedException: [LDAP: error code 48 - anonymous bind disallowed]
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3145) ~[na:1.8.0_181]
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100) ~[na:1.8.0_181]
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886) ~[na:1.8.0_181]
	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800) ~[na:1.8.0_181]
	at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) ~[na:1.8.0_181]
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) ~[na:1.8.0_181]
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) ~[na:1.8.0_181]
	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) ~[na:1.8.0_181]
	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) ~[na:1.8.0_181]
	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) ~[na:1.8.0_181]
	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) ~[na:1.8.0_181]
	at javax.naming.InitialContext.init(InitialContext.java:244) ~[na:1.8.0_181]
	at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) ~[na:1.8.0_181]
	at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42) ~[spring-ldap-core-2.3.2.RELEASE.jar!/:2.3.2.RELEASE]
	at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:343) ~[spring-ldap-core-2.3.2.RELEASE.jar!/:2.3.2.RELEASE]
	... 88 common frames omitted

2019-05-10 11:36:07.251  INFO 1 --- [XNIO-3 task-256] o.s.s.o.p.e.AuthorizationEndpoint        : Handling ClientRegistrationException error: No client found : choerodon
2019-05-10 11:36:12.563  INFO 1 --- [ XNIO-2 task-51] c.c.c.ConfigServicePropertySourceLocator : Fetching config from server at: http://register-server.c7n-system:8000/
2019-05-10 11:36:12.569  INFO 1 --- [ XNIO-2 task-51] c.c.c.ConfigServicePropertySourceLocator : Located environment: name=oauth-server, profiles=[default], label=, version=0.14.0, state=
2019-05-10 11:36:18.825  INFO 1 --- [trap-executor-0] c.n.d.s.r.aws.ConfigClusterResolver      : Resolving eureka endpoints via configuration
2019-05-10 11:36:25.308  INFO 1 --- [XNIO-3 task-258] o.s.s.o.p.e.AuthorizationEndpoint        : Handling ClientRegistrationException error: No client found : choerodon
2019-05-10 11:38:08.742  INFO 1 --- [XNIO-3 task-259] o.s.s.o.p.e.AuthorizationEndpoint        : Handling ClientRegistrationException error: No client found : choerodon
2019-05-10 11:39:02.176  INFO 1 --- [XNIO-3 task-260] o.s.s.o.p.e.AuthorizationEndpoint        : Handling ClientRegistrationException error: No client found : choerodon
2019-05-10 11:39:02.940  INFO 1 --- [XNIO-3 task-257] o.s.s.o.p.e.AuthorizationEndpoint        : Handling ClientRegistrationException error: No client found : choerodon
2019-05-10 11:39:03.191  INFO 1 --- [XNIO-3 task-261] o.s.s.o.p.e.AuthorizationEndpoint        : Handling ClientRegistrationException error: No client found : choerodon
2019-05-10 11:39:03.360  INFO 1 --- [XNIO-3 task-263] o.s.s.o.p.e.AuthorizationEndpoint        : Handling ClientRegistrationException error: No client found : choerodon
2019-05-10 11:39:03.514  INFO 1 --- [XNIO-3 task-262] o.s.s.o.p.e.AuthorizationEndpoint        : Handling ClientRegistrationException error: No client found : choerodon
2019-05-10 11:39:13.735  INFO 1 --- [XNIO-3 task-267] o.s.s.o.p.e.AuthorizationEndpoint        : Handling ClientRegistrationException error: No client found : choerodon
2019-05-10 11:39:22.452  INFO 1 --- [XNIO-3 task-268] o.s.s.o.p.e.AuthorizationEndpoint        : Handling ClientRegistrationException error: No client found : choerodon

  • 原因分析:

    日志的结果看起来像是ldap的匿名认证相关问题,但是所做的操作仅仅只是清除浏览器的缓存,应该是不涉及ldap相关的操作。为何会出现截图中的错误?

  • 疑问:

    提出您对于遇到和解决该问题时的疑问


#2

你好,这个错误和ldap 没有关系。是客户端配置不正确。请确保一下步骤是否正确执行

1、在 iam_service.oauth_client 表中添加前端的client,并配置正确的跳转地址。
2、配置oauth-server 服务的环境变量CHOERODON_DEFAULT_REDIRECT_URL 与前端跳转地址保持一致。
3、在前端服务的环境变量中配置PRO_CLIENT_ID与数据库的 client_name 保持一致