问题描述
我正在尝试通过Spring-Boot应用程序中的成员身份对用户进行身份验证.根据成员文档,该过程如下:
I'm trying to authenticate users using Memberful from a Spring-Boot application. Per the Memberful documentation, the process is as follows:
- 用户登录到成员URL(
https://YOURSITE.memberful.com/oauth?client_id=APPLICATION_IDENTIFIER&response_type=code) - 使用Memberful提供的URL中的代码将用户重定向到我的前端(Vue).
- 代码已传递到我的后端服务器.
- 后端服务器使用Spring的
RestTemplate.postForObject(...)将带有所有必需参数的发布请求发送到https://YOURSITE.memberful.com/oauth/token(请参见下面的代码段).
- User logs in at the memberful URL (
https://YOURSITE.memberful.com/oauth?client_id=APPLICATION_IDENTIFIER&response_type=code) - User is redirected to my front end (Vue) with a code in the URL provided by Memberful.
- The code is passed to my back end server.
- Back end server sends a post request using
RestTemplate.postForObject(...)from Spring tohttps://YOURSITE.memberful.com/oauth/tokenwith all required parameters (See snippet below).
在这一点上,期望访问令牌有效负载,但是返回403错误.
At this point an access token payload is expected, but instead a 403 Error is returned.
这是完整的方法:
import org.springframework.http.*;
import org.springframework.util.MultiValueMap;
...
private JSONObject getMemberfulAccessToken(String strCode){
String strTargetURL = "https://" + memberfulSubDomain + ".memberful.com/oauth/token";
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>();
parameters.add("client_id", memberfulApplicationIdentifier);
parameters.add("client_secret", memberfulClientSecret);
parameters.add("grant_type", "authorization_code");
parameters.add("code", strCode);
HttpEntity<MultiValueMap<String, String>> entity = new HttpEntity<>(parameters, headers);
String strAccessToken = restTemplate.postForObject(strTargetURL, entity, String.class);
return new JSONObject(strAccessToken);
}
这是回应:
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>Access denied | [My Site].memberful.com used Cloudflare to restrict access</title>
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1" />
<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,projection" />
<!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,projection" /><![endif]-->
<style type="text/css">body{margin:0;padding:0}</style>
<!--[if gte IE 10]><!--><script type="text/javascript" src="/cdn-cgi/scripts/zepto.min.js"></script><!--<![endif]-->
<!--[if gte IE 10]><!--><script type="text/javascript" src="/cdn-cgi/scripts/cf.common.js"></script><!--<![endif]-->
</head>
<body>
<div id="cf-wrapper">
<div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>
<div id="cf-error-details" class="cf-error-details-wrapper">
<div class="cf-wrapper cf-header cf-error-overview">
<h1>
<span class="cf-error-type" data-translate="error">Error</span>
<span class="cf-error-code">1010</span>
<small class="heading-ray-id">Ray ID: 515be6c26b80c514 • 2019-09-13 17:39:35 UTC</small>
</h1>
<h2 class="cf-subheadline">Access denied</h2>
</div><!-- /.header -->
<section></section><!-- spacer -->
<div class="cf-section cf-wrapper">
<div class="cf-columns two">
<div class="cf-column">
<h2 data-translate="what_happened">What happened?</h2>
<p>The owner of this website ([My Site].memberful.com) has banned your access based on your browser's signature (515be6c26b80c514-ua21).</p>
</div>
</div>
</div><!-- /.section -->
<div class="cf-error-footer cf-wrapper">
<p>
<span class="cf-footer-item">Cloudflare Ray ID: <strong>515be6c26b80c514</strong></span>
<span class="cf-footer-separator">•</span>
<span class="cf-footer-item"><span>Your IP</span>: 207.200.220.146</span>
<span class="cf-footer-separator">•</span>
<span class="cf-footer-item"><span>Performance & security by</span> <a href="https://www.cloudflare.com/5xx-error-landing?utm_source=error_footer" id="brand_link" target="_blank">Cloudflare</a></span>
</p>
</div><!-- /.error-footer -->
</div><!-- /#cf-error-details -->
</div><!-- /#cf-wrapper -->
<script type="text/javascript">
window._cf_translation = {};
</script>
</body>
</html>
推荐答案
修复:添加JVM选项-Dhttp.agent="[Anything you want as the user agent prefix]"
问题:Cloudflare的Web应用程序防火墙阻止成员身份接收带有User-Agent标头Java/1.8.0_172的请求.
The issue: Cloudflare's Web Application Firewall prevents requests with the User-Agent header Java/1.8.0_172 from being received by Memberful.
Cloudflare的文档指示如果您收到的不是Cloudflare品牌的403响应,则是由客户端(在我的情况下为Memberful)的服务器返回响应.话虽这么说,我不确定我收到的对POST请求的响应是否可以视为"Cloudflare品牌",但是在我写这篇文章时,该Membership告诉我他们没有为他们的环境.
Cloudflare's documentation indicates that if you get a 403 response that is not Cloudflare branded, it's the client's (in my case Memberful's) server that's returning the response. That being said, I'm not sure if the response I received in response to a POST request could be considered "Cloudflare branded", but at the time I'm writing this Memberful has told me they haven't applied any custom settings for their environment.
当然还有其他方法可以设置User-Agent标头值,但这就是我所做的.
Of course there are other ways to set the User-Agent header value, but this is what I did.
这篇关于来自Java的CloudFlare(Memberful)发布请求产生403错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!