sonar使用猪齿鱼登陆失败

Choerodon User Guide
#1

  • Choerodon平台版本:0.17.0

  • 运行环境:自主搭建

  • 问题描述:

    请尽量详细的描述您遇到的问题,以便我们能更快速的提供解决办法。

    如:sonnar登陆的时候选择使用猪齿鱼登陆,提示“无权访问此页。请联系管理员。”

  • 执行的操作:
    如:sonar登陆的时候选择使用猪齿鱼登陆,但是页面报错,oauth-service服务报错。

  • 报错信息(请尽量使用代码块的形式展现):

2019-07-18 08:06:22.774  INFO 7 --- [ XNIO-2 task-62] c.c.c.ConfigServicePropertySourceLocator : Fetching config from server at : http://register-server.c7n-system:8000/
2019-07-18 08:06:22.794  INFO 7 --- [ XNIO-2 task-62] c.c.c.ConfigServicePropertySourceLocator : Located environment: name=oauth-server, profiles=[default], label=, version=0.16.0, state=
2019-07-18 08:07:17.930  INFO 7 --- [ XNIO-3 task-69] o.s.l.c.support.AbstractContextSource    : Property 'userDn' not set - anonymous context will be used for read-write operations
2019-07-18 08:07:18.013 ERROR 7 --- [ XNIO-3 task-69] .o.i.c.u.ChoerodonAuthenticationProvider : ldap anonymous search failed, filter (&(objectclass=person)(uid=fruciti@dongfang.cn)), exception {}

org.springframework.ldap.AuthenticationNotSupportedException: [LDAP: error code 48 - anonymous bind disallowed]; nested exception is javax.naming.AuthenticationNotSupportedException: [LDAP: error code 48 - anonymous bind disallowed]
	at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:194) ~[spring-ldap-core-2.3.2.RELEASE.jar!/:2.3.2.RELEASE]
	at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:355) ~[spring-ldap-core-2.3.2.RELEASE.jar!/:2.3.2.RELEASE]
	at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:139) ~[spring-ldap-core-2.3.2.RELEASE.jar!/:2.3.2.RELEASE]
	at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:158) ~[spring-ldap-core-2.3.2.RELEASE.jar!/:2.3.2.RELEASE]
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:357) ~[spring-ldap-core-2.3.2.RELEASE.jar!/:2.3.2.RELEASE]
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:309) ~[spring-ldap-core-2.3.2.RELEASE.jar!/:2.3.2.RELEASE]
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:642) ~[spring-ldap-core-2.3.2.RELEASE.jar!/:2.3.2.RELEASE]
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:578) ~[spring-ldap-core-2.3.2.RELEASE.jar!/:2.3.2.RELEASE]
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:1617) ~[spring-ldap-core-2.3.2.RELEASE.jar!/:2.3.2.RELEASE]
	at io.choerodon.oauth.infra.common.util.ChoerodonAuthenticationProvider.ldapAuthentication(ChoerodonAuthenticationProvider.java:232) [classes!/:0.11.0.RELEASE]
	at io.choerodon.oauth.infra.common.util.ChoerodonAuthenticationProvider.checkPassword(ChoerodonAuthenticationProvider.java:199) [classes!/:0.11.0.RELEASE]
	at io.choerodon.oauth.infra.common.util.ChoerodonAuthenticationProvider.additionalAuthenticationChecks(ChoerodonAuthenticationProvider.java:192) [classes!/:0.11.0.RELEASE]
	at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:166) [spring-security-core-5.0.9.RELEASE.jar!/:5.0.9.RELEASE]
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) [spring-security-core-5.0.9.RELEASE.jar!/:5.0.9.RELEASE]
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199) [spring-security-core-5.0.9.RELEASE.jar!/:5.0.9.RELEASE]
	at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94) [spring-security-web-5.0.9.RELEASE.jar!/:5.0.9.RELEASE]
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) [spring-security-web-5.0.9.RELEASE.jar!/:5.0.9.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.9.RELEASE.jar!/:5.0.9.RELEASE]
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) [spring-security-web-5.0.9.RELEASE.jar!/:5.0.9.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.9.RELEASE.jar!/:5.0.9.RELEASE]
	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) [spring-security-web-5.0.9.RELEASE.jar!/:5.0.9.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.9.RELEASE.jar!/:5.0.9.RELEASE]
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-5.0.9.RELEASE.jar!/:5.0.9.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.9.RELEASE.jar!/:5.0.9.RELEASE]
	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) [spring-security-web-5.0.9.RELEASE.jar!/:5.0.9.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.9.RELEASE.jar!/:5.0.9.RELEASE]
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) [spring-security-web-5.0.9.RELEASE.jar!/:5.0.9.RELEASE]
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) [spring-security-web-5.0.9.RELEASE.jar!/:5.0.9.RELEASE]
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) [spring-web-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) [spring-web-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) [spring-web-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) [spring-web-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at org.springframework.session.web.http.SessionRepositoryFilter.doFilterInternal(SessionRepositoryFilter.java:147) [spring-session-core-2.0.7.RELEASE.jar!/:2.0.7.RELEASE]
	at org.springframework.session.web.http.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:81) [spring-session-core-2.0.7.RELEASE.jar!/:2.0.7.RELEASE]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:120) [spring-boot-actuator-2.0.6.RELEASE.jar!/:2.0.6.RELEASE]
	at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:108) [spring-boot-actuator-2.0.6.RELEASE.jar!/:2.0.6.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) [spring-web-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.10.RELEASE.jar!/:5.0.10.RELEASE]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:65) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) [undertow-core-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) [undertow-core-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) [undertow-servlet-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:336) [undertow-core-1.4.26.Final.jar!/:1.4.26.Final]
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) [undertow-core-1.4.26.Final.jar!/:1.4.26.Final]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_202]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_202]
	at java.lang.Thread.run(Thread.java:813) [na:1.8.0_202]
Caused by: javax.naming.AuthenticationNotSupportedException: [LDAP: error code 48 - anonymous bind disallowed]
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3145) ~[na:1.8.0_202]
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100) ~[na:1.8.0_202]
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886) ~[na:1.8.0_202]
	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800) ~[na:1.8.0_202]
	at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) ~[na:1.8.0_202]
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) ~[na:1.8.0_202]
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) ~[na:1.8.0_202]
	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) ~[na:1.8.0_202]
	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) ~[na:1.8.0_202]
	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) ~[na:1.8.0_202]
	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) ~[na:1.8.0_202]
	at javax.naming.InitialContext.init(InitialContext.java:244) ~[na:1.8.0_202]
	at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) ~[na:1.8.0_202]
	at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42) ~[spring-ldap-core-2.3.2.RELEASE.jar!/:2.3.2.RELEASE]
	at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:343) ~[spring-ldap-core-2.3.2.RELEASE.jar!/:2.3.2.RELEASE]
	... 85 common frames omitted

看日志提示是LDAP的匿名认证相关的错误,但是在猪齿鱼的LDAP连接测试都是正常的,gitlab都可以正常跳转。

数据库中iam-service.oauth_client表里关于sonar的记录也添加了

mysql> select * from oauth_client where name='sonar';
+----+-------+-----------------+--------------+--------+---------+-----------------------------------------------------------------------+------------------------------------------------------+-----------------------+------------------------+------------------------+--------------+-----------------------+------------+---------------------+-----------------+---------------------+
| ID | NAME  | ORGANIZATION_ID | RESOURCE_IDS | SECRET | SCOPE   | AUTHORIZED_GRANT_TYPES                                                | WEB_SERVER_REDIRECT_URI                              | ACCESS_TOKEN_VALIDITY | REFRESH_TOKEN_VALIDITY | ADDITIONAL_INFORMATION | AUTO_APPROVE | OBJECT_VERSION_NUMBER | CREATED_BY | CREATION_DATE       | LAST_UPDATED_BY | LAST_UPDATE_DATE    |
+----+-------+-----------------+--------------+--------+---------+-----------------------------------------------------------------------+------------------------------------------------------+-----------------------+------------------------+------------------------+--------------+-----------------------+------------+---------------------+-----------------+---------------------+
|  6 | sonar |               1 | default      | secret | default | password,implicit,client_credentials,authorization_code,refresh_token | http://sonar.dongfang.cn/oauth2/callback/choerodon |                  3600 |                   3600 | {}                     | default      |                     1 |          0 | 2019-07-17 09:32:33 |               0 | 2019-07-17 09:32:33 |
+----+-------+-----------------+--------------+--------+---------+-----------------------------------------------------------------------+------------------------------------------------------+-----------------------+------------------------+------------------------+--------------+-----------------------+------------+---------------------+-----------------+---------------------+
1 row in set (0.00 sec)
  • 建议:

    提出您认为不合理的地方,帮助我们优化用户操作

#2

LDAP%20%E2%80%93%20%E7%BB%84%E7%BB%87%E8%AE%BE%E7%BD%AE%20%E2%80%93%20%E4%B8%B0%E7%91%9E%20%E2%80%93%20Choerodon%20%20%20%E5%A4%9A%E4%BA%91%E5%BA%94%E7%94%A8%E6%8A%80%E6%9C%AF%E9%9B%86%E6%88%90%E5%B9%B3%E5%8F%B0
LDAP%20%E2%80%93%20%E7%BB%84%E7%BB%87%E8%AE%BE%E7%BD%AE%20%E2%80%93%20%E4%B8%B0%E7%91%9E%20%E2%80%93%20Choerodon%20%20%20%E5%A4%9A%E4%BA%91%E5%BA%94%E7%94%A8%E6%8A%80%E6%9C%AF%E9%9B%86%E6%88%90%E5%B9%B3%E5%8F%B01858×968 66 KB

#3

你好~麻烦截下SonarQube的日志信息

#4

gitlab登录,使用同样的账号可以登录?

#5

sonar的日志如下

2019.07.18 03:06:31 INFO  web[AWv/mpr09q3PpTnMABUL][o.s.a.u.HttpConnectionPoolUtil] hostName:api.dongfang.cn
2019.07.18 03:06:32 WARN  web[AWv/mpr09q3PpTnMABUM][o.s.s.a.AuthenticationError] Fail to callback authentication with 'choerodon'
com.github.scribejava.core.exceptions.OAuthException: Cannot extract an access token. Response was: {"error":"invalid_client","error_description":"Bad client credentials"}
	at com.github.scribejava.core.extractors.JsonTokenExtractor.extractAccessToken(JsonTokenExtractor.java:24)
	at com.github.scribejava.core.extractors.JsonTokenExtractor.extract(JsonTokenExtractor.java:15)
	at com.github.scribejava.core.oauth.OAuth20ServiceImpl.getAccessToken(OAuth20ServiceImpl.java:37)
	at org.sonarqube.auth.choerodonoauth.ChoerodonIdentityProvider.callback(ChoerodonIdentityProvider.java:146)
	at org.sonar.server.authentication.OAuth2CallbackFilter.handleOAuth2Provider(OAuth2CallbackFilter.java:97)
	at org.sonar.server.authentication.OAuth2CallbackFilter.handleProvider(OAuth2CallbackFilter.java:77)
	at org.sonar.server.authentication.OAuth2CallbackFilter.doFilter(OAuth2CallbackFilter.java:70)
	at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126)
	at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:95)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:87)
	at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:71)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:76)
	at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:61)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.requestid.RequestIdFilter.doFilter(RequestIdFilter.java:63)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
	at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)
#6

在猪齿鱼的开发控制台上可以从仓库地址跳转到gitlab, 但是在猪齿鱼的代码质量管理页面点击项目的报告就跳转不过去,LDAP是没有问题的。

#7

您好,可能是client没有配置正确,参考下这个问题

#8

这个已经改过了,不是这个问题。sonar的日志是什么问题?

#9

这个问题就是找不到client,你们提供的报错信息也是一样的。请确认这两个参数配置正确

image
image1366×657 34.3 KB

#10

2019-07-18%2011-48-16%E5%B1%8F%E5%B9%95%E6%88%AA%E5%9B%BE
2019-07-18%2011-48-16%E5%B1%8F%E5%B9%95%E6%88%AA%E5%9B%BE802×306 29.8 KB

#11

2019-07-18%2011-52-06sonar
2019-07-18%2011-52-06sonar1798×508 46.7 KB

数据库里的配置我上面也贴出来了,帮忙看下是那里的问题?

#12

还能继续帮忙看一下么?

#13

麻烦手动使用授权码模式认证下;步骤如下:
1)将soanr 客户端的重定向地址,改为https://www.baidu.com/
2)在浏览器中调用访问,会获取到一个code
http://api.xxxx.xxxx.com/oauth/oauth/authorize?client_id=sonar&redirect_uri=https://www.baidu.com/&response_type=code
image
3)使用postman获取token
http://api.xxxx.xxxx.com/oauth/oauth/token?grant_type=authorization_code&code=s95m7m&client_id=sonar&client_secret=sonarsonar&redirect_uri=https://www.baidu.com/

image.png
image.png885×423 21.2 KB

#14

第一步:修改数据库

mysql> update oauth_client set WEB_SERVER_REDIRECT_URI='https://www.baidu.com' where name='sonar';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0

mysql> select * from oauth_client where name='sonar';
+----+-------+-----------------+--------------+--------+---------+-----------------------------------------------------------------------+-------------------------+-----------------------+------------------------+------------------------+--------------+-----------------------+------------+---------------------+-----------------+---------------------+
| ID | NAME  | ORGANIZATION_ID | RESOURCE_IDS | SECRET | SCOPE   | AUTHORIZED_GRANT_TYPES                                                | WEB_SERVER_REDIRECT_URI | ACCESS_TOKEN_VALIDITY | REFRESH_TOKEN_VALIDITY | ADDITIONAL_INFORMATION | AUTO_APPROVE | OBJECT_VERSION_NUMBER | CREATED_BY | CREATION_DATE       | LAST_UPDATED_BY | LAST_UPDATE_DATE    |
+----+-------+-----------------+--------------+--------+---------+-----------------------------------------------------------------------+-------------------------+-----------------------+------------------------+------------------------+--------------+-----------------------+------------+---------------------+-----------------+---------------------+
|  6 | sonar |               1 | default      | secret | default | password,implicit,client_credentials,authorization_code,refresh_token | https://www.baidu.com   |                  3600 |                   3600 | {}                     | default      |                     1 |          0 | 2019-07-17 09:32:33 |               0 | 2019-07-17 09:32:33 |
+----+-------+-----------------+--------------+--------+---------+-----------------------------------------------------------------------+-------------------------+-----------------------+------------------------+------------------------+--------------+-----------------------+------------+---------------------+-----------------+---------------------+
1 row in set (0.02 sec)

第二步:返回结果为
https://www.baidu.com/?code=yADr7P

第三步: postman测试

2019-07-18%2015-06-09%E5%B1%8F%E5%B9%95%E6%88%AA%E5%9B%BE222
2019-07-18%2015-06-09%E5%B1%8F%E5%B9%95%E6%88%AA%E5%9B%BE2221092×627 41.5 KB

#15

image
image750×209 6.15 KB

image
你这两个secret没有对上。

#16

改成一致后还是这个错误

#17

1.你的重定向地址也不对,image
image
2.secret和重定向地址都要和数据库一致,你再试一次

#18

2019-07-18%2016-02-04%E5%B1%8F%E5%B9%95%E6%88%AA%E5%9B%BE333
2019-07-18%2016-02-04%E5%B1%8F%E5%B9%95%E6%88%AA%E5%9B%BE3331084×603 33.9 KB

#19

麻烦再查询下select * from oauth_client where name='sonar’这个

#20 
mysql> use iam_service;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> select * from oauth_client where name='sonar';
+----+-------+-----------------+--------------+--------+---------+-----------------------------------------------------------------------+-------------------------+-----------------------+------------------------+------------------------+--------------+-----------------------+------------+---------------------+-----------------+---------------------+
| ID | NAME  | ORGANIZATION_ID | RESOURCE_IDS | SECRET | SCOPE   | AUTHORIZED_GRANT_TYPES                                                | WEB_SERVER_REDIRECT_URI | ACCESS_TOKEN_VALIDITY | REFRESH_TOKEN_VALIDITY | ADDITIONAL_INFORMATION | AUTO_APPROVE | OBJECT_VERSION_NUMBER | CREATED_BY | CREATION_DATE       | LAST_UPDATED_BY | LAST_UPDATE_DATE    |
+----+-------+-----------------+--------------+--------+---------+-----------------------------------------------------------------------+-------------------------+-----------------------+------------------------+------------------------+--------------+-----------------------+------------+---------------------+-----------------+---------------------+
|  6 | sonar |               1 | default      | secret | default | password,implicit,client_credentials,authorization_code,refresh_token | https://www.baidu.com   |                  3600 |                   3600 | {}                     | default      |                     1 |          0 | 2019-07-17 09:32:33 |               0 | 2019-07-17 09:32:33 |
+----+-------+-----------------+--------------+--------+---------+-----------------------------------------------------------------------+-------------------------+-----------------------+------------------------+------------------------+--------------+-----------------------+------------+---------------------+-----------------+---------------------+
1 row in set (0.00 sec)