我想询问如何在通过OAuth2成功登录后执行操作,以及如何根据某些先决条件否决登录。我试图在谷歌搜索并找到一些链接,但我不知道如何在这个框架上做到这一点。我可以添加一些过滤器等,但想知道正确的地方。
注意:由于每次调用API都会调用成功的审核,因此AuditEvent不适合我。
参考:http://blog.jdriven.com/2015/01/stateless-spring-security-part-3-jwt-social-authentication/
我需要做的是:
成功登录后,在表格中记录一些详细信息并向队列发送通知。除了成功登录之外,我还想在成功注销时执行一些操作,我知道我可以在这里执行:AjaxLogoutSuccessHandler。但是,我无法找到类似的地方成功登录。
在通过OAuth2登录之前,如果不满足某个条件,那么我可以抛出异常而不允许该用户。例如,如果用户来自特定IP范围。我在哪里可以添加这个?
请指导我正确的方向。
由于
答案 0 :(得分:2)
创建TokenEndpointAuthenticationFilter实现
<强> CustomTokenEndpointAuthenticationFilter.java
public class CustomTokenEndpointAuthenticationFilter extends TokenEndpointAuthenticationFilter {
public CustomTokenEndpointAuthenticationFilter(AuthenticationManager authenticationManager, OAuth2RequestFactory oAuth2RequestFactory) {
super(authenticationManager, oAuth2RequestFactory);
}
@Override
protected void onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException {
/* on successful authentication do stuff here */
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
/* before authentication check for condition if true then process to authenticate */
if (!condition) {
throw new AuthenticationServiceException("condition not satisfied");
}
super.doFilter(req, res, chain);
}
}
在 AuthorizationServerConfiguration 内进行这些更改
@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Inject
private DataSource dataSource;
@Inject
private JHipsterProperties jHipsterProperties;
@Bean
public TokenStore tokenStore() {
return new JdbcTokenStore(dataSource);
}
/* create OAuth2RequestFactory instance */
private OAuth2RequestFactory oAuth2RequestFactory;
@Inject
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
/* assign value in OAuth2RequestFactory instance */
oAuth2RequestFactory = endpoints.getOAuth2RequestFactory();
endpoints
.tokenStore(tokenStore())
.authenticationManager(authenticationManager);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
/* register TokenEndpointAuthenticationFilter with oauthServer */
oauthServer
.allowFormAuthenticationForClients()
.addTokenEndpointAuthenticationFilter(new CustomTokenEndpointAuthenticationFilter(authenticationManager, oAuth2RequestFactory));
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients
.inMemory()
.withClient(jHipsterProperties.getSecurity().getAuthentication().getOauth().getClientid())
.scopes("read", "write")
.authorities(AuthoritiesConstants.ADMIN, AuthoritiesConstants.USER)
.authorizedGrantTypes("password", "refresh_token", "authorization_code", "implicit")
.secret(jHipsterProperties.getSecurity().getAuthentication().getOauth().getSecret())
.accessTokenValiditySeconds(jHipsterProperties.getSecurity().getAuthentication().getOauth().getTokenValidityInSeconds());
}
}