我在用户登录时使用Facebook编写应用程序。
我的安全配置/应用程序类:
@SpringBootApplication
@EnableOAuth2Sso
@ComponentScan(basePackages = { "app" })
public class Application extends WebSecurityConfigurerAdapter {
@SuppressWarnings("SpringJavaAutowiringInspection")
@Autowired
private OAuth2ClientContext oauth2ClientContext;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/**")
.authorizeRequests()
.antMatchers("/",
"/login**",
"/webjars/**",
"/bower_components/**",
"/assets/**",
"/app/**",
"/api/auth/isAuthenticated")
.permitAll()
.anyRequest()
.authenticated()
.and().formLogin().defaultSuccessUrl("/", true).loginPage("/login").permitAll()
.and().logout().logoutSuccessUrl("/").permitAll()
.and().addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
}
@Bean
@ConfigurationProperties("facebook")
ClientResources facebook() {
return new ClientResources();
}
private Filter ssoFilter() {
CompositeFilter filter = new CompositeFilter();
List<Filter> filters = new ArrayList<>();
filters.add(ssoFilter(facebook(), "/login/facebook"));
filter.setFilters(filters);
return filter;
}
private Filter ssoFilter(ClientResources client, String path) {
OAuth2ClientAuthenticationProcessingFilter filter = new OAuth2ClientAuthenticationProcessingFilter(path);
OAuth2RestTemplate facebookTemplate = new OAuth2RestTemplate(client.getClient(), oauth2ClientContext);
filter.setRestTemplate(facebookTemplate);
filter.setTokenServices(new UserInfoTokenServices(client.getResource().getUserInfoUri(), client.getClient().getClientId()));
return filter;
}
class ClientResources {
private OAuth2ProtectedResourceDetails client = new AuthorizationCodeResourceDetails();
private ResourceServerProperties resource = new ResourceServerProperties();
public OAuth2ProtectedResourceDetails getClient() {
return client;
}
public ResourceServerProperties getResource() {
return resource;
}
}
我的问题是即使我配置了监听器:
package app;
@Component
public class AuthenticationListener implements ApplicationListener<AuthenticationSuccessEvent> {
@Override
public void onApplicationEvent(AuthenticationSuccessEvent event) {
System.out.println("Event fired");
}
}
永远不会被解雇。我尝试了这里提供的解决方案:Spring boot OAuth successful login listener not triggering但它也没有帮助。登录后SecurityContextHolder.getContext().getAuthentication().isAuthenticated()
返回true。
答案 0 :(得分:2)
OAuth SSO支持确实不会触发AuthenticationSuccessEvent
。这也是我最近也面临的问题。这is implemented now但尚未发布。