我正在尝试从Facebook验证用户并存储其用户名,并为将为我的应用程序管理的用户子集提供自定义权限。我的问题是,如何提供自定义角色,例如" Admin"经过身份验证并在Oauth2Client中进行授权。
@Configuration
class WebSecurityConfiguration extends GlobalAuthenticationConfigurerAdapter {
@Autowired
UserRepository userRepository;
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService());
}
@Bean
UserDetailsService userDetailsService() {
return new UserDetailsService() {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User account = userRepository.findOne(username);
if (account != null) {
List<String> rolesList = userRepository.getRoles(username);
String[] roles = new String[rolesList.size()];
// userRepository.findRoles List<String> roles =
//account.getUserroles().;
User user = new User(account.getUserssoid(), account.getSecretKey(), true, true, true, true,
AuthorityUtils.createAuthorityList(rolesList.toArray(roles)));
return user;
} else {
throw new UsernameNotFoundException("could not find the user '" + username + "'");
}
}
};
}
}
我想使用OAuth2 Client做类似的事情。
由于
答案 0 :(得分:0)
你需要的是自定义UserInfoTokenServices以你的ersistence存储库作为参数实现,然后在你的facebook过滤器中使用像这样的自定义UserInfoTokenServices:
private Filter ssoFilter() {
CompositeFilter filter = new CompositeFilter();
List<Filter> filters = new ArrayList<>();
filters.add(ssoFilter(facebook(), "/login/facebook"));
filters.add(ssoFilter(google(), "/login/google"));
filter.setFilters(filters);
return filter;
}
private Filter ssoFilter(ClientResources client, String path) {
OAuth2ClientAuthenticationProcessingFilter filter = new OAuth2ClientAuthenticationProcessingFilter(path);
OAuth2RestTemplate template = new OAuth2RestTemplate(client.getClient(), oauth2ClientContext);
filter.setRestTemplate(template);
CustomSocialUserInfoTokenServices tokenServices = new CustomSocialUserInfoTokenServices(
client.getResource().getUserInfoUri(), client.getClient().getClientId(), userRepository);
tokenServices.setRestTemplate(template);
filter.setTokenServices(tokenServices);
return filter;
}
您的自定义UserInfoTokenServices可以像这样添加自定义AuthoritiesExtractor
private AuthoritiesExtractor authoritiesExtractor = new CustomSocialAuthoritiesExtractor();
在那里,您可以运行数据库查询或任何逻辑来获取自定义权限并传递给您的客户。
希望这有帮助
答案 1 :(得分:0)
您不需要CustomSocialUserInfoTokenServices。 相反,你可以使用现有的UserInfoTokenServices并设置你的CustomSocialAuthoritiesExtractor。
private Filter ssoFilter(ClientResources client, String path) {
...
UserInfoTokenServices tokenServices = new UserInfoTokenServices(client.getResource().getUserInfoUri(), client.getClient().getClientId());
tokenServices.setRestTemplate(template);
tokenServices.setAuthoritiesExtractor(new CustomSocialAuthoritiesExtractor());
filter.setTokenServices(tokenServices);
return filter;
}
public class CustomSocialAuthoritiesExtractor implements AuthoritiesExtractor {
@Override
public List<GrantedAuthority> extractAuthorities(Map<String, Object> map) {
String authorities = "ROLE_CUSTOMUSER";
return AuthorityUtils.commaSeparatedStringToAuthorityList(authorities);
}
}
答案 2 :(得分:0)
当您不想提供自己的UserInfoTokenServices时,您可以更简单地执行此操作。只需在安全配置中提供AuthoritiesExtractor bean。
@Bean
public AuthoritiesExtractor customAuthoritiesExtractor() {
return new CustomAuthoritiesExtractor();
}
public class CustomAuthoritiesExtractor implements AuthoritiesExtractor {
@Override
public List<GrantedAuthority> extractAuthorities(Map<String, Object> map) {
// map contains information from your OAuth profile provider
boolean userExist = true; // TODO
if (!userExist) {
throw new BadCredentialsException("User does not exists");
}
String authorities = "ROLE_ADMIN"; // TODO your own roles
return AuthorityUtils.commaSeparatedStringToAuthorityList(authorities);
}
}
有关详细信息,请参阅本教程:https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_logout