AuthenticationSuccessEvent从未触发过

时间:2016-05-08 22:35:18

标签: java spring spring-security oauth spring-boot

我在用户登录时使用Facebook编写应用程序。

我的安全配置/应用程序类:

@SpringBootApplication
@EnableOAuth2Sso
@ComponentScan(basePackages = { "app" })
public class Application extends WebSecurityConfigurerAdapter {

    @SuppressWarnings("SpringJavaAutowiringInspection")
    @Autowired
    private OAuth2ClientContext oauth2ClientContext;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .antMatcher("/**")
                .authorizeRequests()
                .antMatchers("/",
                        "/login**",
                        "/webjars/**",
                        "/bower_components/**",
                        "/assets/**",
                        "/app/**",
                        "/api/auth/isAuthenticated")
                .permitAll()
                .anyRequest()
                .authenticated()
                .and().formLogin().defaultSuccessUrl("/", true).loginPage("/login").permitAll()
                .and().logout().logoutSuccessUrl("/").permitAll()
                .and().addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
    }

    @Bean
    @ConfigurationProperties("facebook")
    ClientResources facebook() {
        return new ClientResources();
    }

    private Filter ssoFilter() {
        CompositeFilter filter = new CompositeFilter();
        List<Filter> filters = new ArrayList<>();
        filters.add(ssoFilter(facebook(), "/login/facebook"));
        filter.setFilters(filters);
        return filter;
    }

    private Filter ssoFilter(ClientResources client, String path) {
        OAuth2ClientAuthenticationProcessingFilter filter = new OAuth2ClientAuthenticationProcessingFilter(path);
        OAuth2RestTemplate facebookTemplate = new OAuth2RestTemplate(client.getClient(), oauth2ClientContext);
        filter.setRestTemplate(facebookTemplate);
        filter.setTokenServices(new UserInfoTokenServices(client.getResource().getUserInfoUri(), client.getClient().getClientId()));
        return filter;
    }

    class ClientResources {
        private OAuth2ProtectedResourceDetails client = new AuthorizationCodeResourceDetails();
        private ResourceServerProperties resource = new ResourceServerProperties();

        public OAuth2ProtectedResourceDetails getClient() {
            return client;
        }

        public ResourceServerProperties getResource() {
            return resource;
        }
    }

我的问题是即使我配置了监听器:

package app;
    @Component
    public class AuthenticationListener implements ApplicationListener<AuthenticationSuccessEvent> {

        @Override
        public void onApplicationEvent(AuthenticationSuccessEvent event) {
            System.out.println("Event fired");
        }
    }

永远不会被解雇。我尝试了这里提供的解决方案:Spring boot OAuth successful login listener not triggering但它也没有帮助。登录后SecurityContextHolder.getContext().getAuthentication().isAuthenticated()返回true。

1 个答案:

答案 0 :(得分:2)

OAuth SSO支持确实不会触发AuthenticationSuccessEvent。这也是我最近也面临的问题。这is implemented now但尚未发布。