我已经设置了一个小项目,使用Spring Boot(1.5.2),Spring Security和Spring Security OAuth2实现OAuth2使用Google API登录 .
您可以在以下位置找到来源:https://github.com/ccoloradoc/OAuth2Sample
我可以通过谷歌进行身份验证并提取用户信息 . 但是,在我注销后,由于我得到"400 Bad Request"后,我无法再次登录,之后我尝试将“https://accounts.google.com/o/oauth2/auth”与我的RestTemplate连接以调用google api .
有关进一步参考,请参阅Filter attemptAuthentication方法 .
这是我的安全配置类
@Configuration
@EnableGlobalAuthentication
@EnableOAuth2Client
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
@PropertySource(value = {"classpath:oauth.properties"})
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Resource
@Qualifier("accessTokenRequest")
private AccessTokenRequest accessTokenRequest;
@Autowired
private OAuth2ClientContextFilter oAuth2ClientContextFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.
authorizeRequests()
.antMatchers(HttpMethod.GET, "/login","/public/**", "/resources/**","/resources/public/**").permitAll()
.antMatchers("/google_oauth2_login").anonymous()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/login")
.defaultSuccessUrl("/")
.and()
.csrf().disable()
.logout()
.logoutSuccessUrl("/")
.logoutUrl("/logout")
.deleteCookies("remember-me")
.and()
.rememberMe()
.and()
.addFilterAfter(oAuth2ClientContextFilter,ExceptionTranslationFilter.class)
.addFilterAfter(googleOAuth2Filter(),OAuth2ClientContextFilter.class)
.userDetailsService(userDetailsService);
// @formatter:on
}
@Bean
@ConfigurationProperties("google.client")
public OAuth2ProtectedResourceDetails auth2ProtectedResourceDetails() {
return new AuthorizationCodeResourceDetails();
}
@Bean
public OAuth2RestTemplate oauth2RestTemplate() {
return new OAuth2RestTemplate(auth2ProtectedResourceDetails(),
new DefaultOAuth2ClientContext(accessTokenRequest));
}
@Bean
public GoogleOAuth2Filter googleOAuth2Filter() {
return new GoogleOAuth2Filter("/google_oauth2_login");
}
/*
* Building our custom Google Provider
* */
@Bean
public GoogleOauth2AuthProvider googleOauth2AuthProvider() {
return new GoogleOauth2AuthProvider();
}
/*
* Using autowired to assign it to the auth manager
* */
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
auth.authenticationProvider(googleOauth2AuthProvider());
}
@Bean
public SpringSecurityDialect springSecurityDialect() {
return new SpringSecurityDialect();
}
@Bean
public TokenStore tokenStore() {
return new InMemoryTokenStore();
}
}
这是我的身份验证提供者:
public class GoogleOauth2AuthProvider implements AuthenticationProvider {
private static final Logger logger = LoggerFactory.getLogger(GoogleOauth2AuthProvider.class);
@Autowired(required = true)
private UserDetailsService userDetailsService;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
logger.info("Provider Manager Executed");
CustomOAuth2AuthenticationToken token = (CustomOAuth2AuthenticationToken) authentication;
UserDetailsImpl registeredUser = (UserDetailsImpl) token.getPrincipal();
try {
registeredUser = (UserDetailsImpl) userDetailsService
.loadUserByUsername(registeredUser.getEmail());
} catch (UsernameNotFoundException usernameNotFoundException) {
logger.info("User trying google/login not already a registered user. Register Him !!");
}
return token;
}
@Override
public boolean supports(Class<?> authentication) {
return CustomOAuth2AuthenticationToken.class
.isAssignableFrom(authentication);
}
}
UserDetailService是Spring安全核心的一个实现,它从数据库读取用户并将其转换为实现Spring安全核心UserDetails的UserDetails POJO .
这是我的过滤器实现:
public class GoogleOAuth2Filter extends AbstractAuthenticationProcessingFilter {
/**
* Logger
*/
private static final Logger log = LoggerFactory.getLogger(GoogleOAuth2Filter.class);
private static final Authentication dummyAuthentication;
static {
dummyAuthentication = new UsernamePasswordAuthenticationToken(
"dummyUserName23452346789", "dummyPassword54245",
CustomUserDetails.DEFAULT_ROLES);
}
private static final String NAME = "name";
private static final String EMAIL = "email";
private static final String PICTURE = "picture";
private static final Logger logger = LoggerFactory
.getLogger(GoogleOAuth2Filter.class);
@Value(value = "${google.authorization.url}")
private String googleAuhorizationUrl;
public GoogleOAuth2Filter(String defaultFilterProcessesUrl) {
super(defaultFilterProcessesUrl);
}
@Autowired
private UserService userService;
@Autowired
private OAuth2RestTemplate oauth2RestTemplate;
@Autowired
@Override
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
super.setAuthenticationManager(authenticationManager);
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException,
IOException, ServletException {
logger.info("Google Oauth Filter Triggered!!");
URI authURI;
try {
authURI = new URI(googleAuhorizationUrl);
} catch (URISyntaxException e) {
log.error("\n\n\n\nERROR WHILE CREATING GOOGLE AUTH URL", e);
return null;
}
SecurityContext context = SecurityContextHolder.getContext();
// auth null or not authenticated.
String code = request.getParameter("code");
Map<String, String[]> parameterMap = request.getParameterMap();
logger.debug(parameterMap.toString());
if (StringUtils.isEmpty(code)) {
// Google authentication in progress. will return null.
logger.debug("Will set dummy user in context ");
context.setAuthentication(dummyAuthentication);
// trigger google oauth2.
// ERROR ON SECOND LOGIN ATTEMPT
oauth2RestTemplate.postForEntity(authURI, null, Object.class);
return null;
} else {
logger.debug("Response from Google Recieved !!");
ResponseEntity<Object> forEntity = oauth2RestTemplate.getForEntity(
"https://www.googleapis.com/plus/v1/people/me/openIdConnect",
Object.class);
@SuppressWarnings("unchecked")
Map<String, String> profile = (Map<String, String>) forEntity.getBody();
CustomOAuth2AuthenticationToken authenticationToken = getOAuth2Token(
profile.get(EMAIL), profile.get(NAME), profile.get(PICTURE));
authenticationToken.setAuthenticated(false);
return getAuthenticationManager().authenticate(authenticationToken);
}
}
private CustomOAuth2AuthenticationToken getOAuth2Token(
String email, String name, String picture) {
User user = userService.findByEmail(email);
//Register user
if(user == null) {
user = new User(name, email, picture);
userService.saveOrUpdate(user);
}
UserDetailsImpl registeredUser = new UserDetailsImpl(name, email, picture);
CustomOAuth2AuthenticationToken authenticationToken =
new CustomOAuth2AuthenticationToken(registeredUser);
return authenticationToken;
}
}
2 回答
如果你使用
EnableOAuth2Sso
方法(虽然它隐藏了很多你的过程),事情变得容易多了 . The Spring Boot tutorial on OAuth2对此非常彻底,我在网上有其他一些例子(例如https://github.com/SoatGroup/spring-boot-google-auth/和http://dreamix.eu/blog/java/configuring-google-as-oauth2-authorization-provider-in-spring-boot),这些例子有所帮助 . 最终,this was the resource帮助了我最多 - 涵盖整个流程和集成客户端应用程序 .如果你想在较低级别执行此操作,那么有很多关于整个过程以及它如何在Spring中工作的详细信息Pivotal blog post .
谢谢Cristian,你不知道你的代码有多少为我自己的代码奠定了基础 . 我修改了您的原始OAuth2 Github项目并将其更改为以下代码 .
GoogleOAuth2Filter.java
我还将主要的Security类更改为:
我还为/ user和/ logout创建了自定义映射 .
希望它可以在将来帮助某人