作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
我正在创建一个网络应用程序,它有两种类型的用户,比如 A 和 B。目前,登录流程是这样的,
index.html
上有一个登录链接,指向/login
index.html
根据A、B两张表中是否存在一个表项来判断用户类型。
代码是这样的
@EnableOAuth2Sso
@Configuration
public class WebSecurityConfigurator extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.antMatcher("/**")
.authorizeRequests()
.antMatchers("/", "/index.html")
.permitAll()
.anyRequest()
.authenticated();
}
}
我想简化这个过程,其中,
/login-A
和 /login-B
最佳答案
如果您使用 @EnableOAuth2Client
代替 @EnableOAuth2Sso
,您将能够定义多个 OAuth2ClientAuthenticationProcessingFilter。
您的配置类似于..
@EnableOAuth2Client
@RestController
@Configuration
public class WebSecurityConfigurator extends WebSecurityConfigurerAdapter {
@Autowired
OAuth2ClientContext oauth2ClientContext;
@RequestMapping("/user")
public Principal user(Principal principal) {
return principal;
}
// @formatter:off
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**")
.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class)
.authorizeRequests()
.antMatchers("/", "/login**", "/webjars/**")
.permitAll()
.anyRequest()
.authenticated()
.and()
.logout()
.logoutSuccessUrl("/").permitAll().and().csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
}
// @formatter:on
private Filter ssoFilter() {
CompositeFilter filter = new CompositeFilter();
List filters = new ArrayList<>();
OAuth2ClientAuthenticationProcessingFilter googleFilterA = new OAuth2ClientAuthenticationProcessingFilter(
"/login/googleA");
OAuth2RestTemplate googleTemplateA = new OAuth2RestTemplate(googleA(), oauth2ClientContext);
googleFilterA.setRestTemplate(googleTemplateA);
tokenServices = new UserInfoTokenServices(googleResource().getUserInfoUri(), googleA().getClientId());
tokenServices.setRestTemplate(googleTemplateA);
googleFilterA.setTokenServices(tokenServices);
OAuth2ClientAuthenticationProcessingFilter googleFilterB = new OAuth2ClientAuthenticationProcessingFilter(
"/login/googleB");
OAuth2RestTemplate googleTemplateB = new OAuth2RestTemplate(googleB(), oauth2ClientContext);
googleFilterB.setRestTemplate(googleTemplateB);
tokenServices = new UserInfoTokenServices(googleResource().getUserInfoUri(), googleB().getClientId());
tokenServices.setRestTemplate(googleTemplateB);
googleFilterB.setTokenServices(tokenServices);
filters.add(googleFilterA);
filters.add(googleFilterB);
filter.setFilters(filters);
return filter;
}
@Bean
public FilterRegistrationBean oauth2ClientFilterRegistration(OAuth2ClientContextFilter filter) {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(filter);
registration.setOrder(-100);
return registration;
}
@Bean
@ConfigurationProperties("google.clientA")
public AuthorizationCodeResourceDetails googleA() {
return new AuthorizationCodeResourceDetails();
}
@Bean
@ConfigurationProperties("google.resource")
public ResourceServerProperties googleResource() {
return new ResourceServerProperties();
}
@Bean
@ConfigurationProperties("google.clientB")
public AuthorizationCodeResourceDetails googleB() {
return new AuthorizationCodeResourceDetails();
}
}
您将在 application.yml 文件中定义以下属性
google:
clientA:
clientId: 12894100090-tqso3lih5o42isneort886la2pesafmp.apps.googleusercontent.com
clientSecret: 9xfU16efvxQ-BTMsXT9wOLpw
accessTokenUri: https://accounts.google.com/o/oauth2/token
userAuthorizationUri: https://accounts.google.com/o/oauth2/auth
clientAuthenticationScheme: form
scope: profile email
redirect-uri: http://yourapp.com/pathA
clientB:
clientId: 12894100090-tqso3lih5o42isneort886la2pesafmp.apps.googleusercontent.com
clientSecret: 9xfU16efvxQ-BTMsXT9wOLpw
accessTokenUri: https://accounts.google.com/o/oauth2/token
userAuthorizationUri: https://accounts.google.com/o/oauth2/auth
clientAuthenticationScheme: form
scope: profile email drive
redirect-uri: http://yourapp.com/pathB
resource:
userInfoUri: https://www.googleapis.com/oauth2/v3/userinfo
您的 index.html 将为两种类型的用户提供两个链接 /login/googleA
和 /login/googleB
。
有关更多详细信息,请参阅以下教程。
https://spring.io/guides/tutorials/spring-boot-oauth2/
更新-
为了重定向到不同的页面,您可以为两个客户端扩展 OAuth2ClientAuthenticationProcessingFilter
类,例如..
class GoogleAAuthenticationProcessingFilter extends OAuth2ClientAuthenticationProcessingFilter {
@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
FilterChain chain, Authentication authResult) throws IOException, ServletException {
super.successfulAuthentication(request, response, chain, authResult);
// here you can redirect to whatever location you want to
}
}
class GoogleBAuthenticationProcessingFilter extends OAuth2ClientAuthenticationProcessingFilter {
@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
FilterChain chain, Authentication authResult) throws IOException, ServletException {
super.successfulAuthentication(request, response, chain, authResult);
// here you can redirect to whatever location you want to
}
}
并使用扩展类
OAuth2ClientAuthenticationProcessingFilter googleFilterA = new GoogleAAuthenticationProcessingFilter(
"/login/googleA");
OAuth2ClientAuthenticationProcessingFilter googleFilterB = new GoogleBAuthenticationProcessingFilter(
"/login/googleB");
关于java - Spring 安全 OAuth2 : How do I provide two seperate login links for two type of users?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47844363/
我是一名优秀的程序员,十分优秀!