如何在DB中存储facebook认证用户?

时间:2016-07-05 18:43:38

标签: spring facebook spring-boot spring-oauth2

我尝试实施本教程https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_logout 这是我的应用程序配置(spring boot)

@Configuration
@ComponentScan(basePackages = {"org.fiodorov.controller","org.fiodorov.service", "org.fiodorov.config"})
@EntityScan(basePackages = "org.fiodorov.model")
@EnableJpaRepositories(basePackages = "org.fiodorov.repository")
@EnableOAuth2Client
@EnableAutoConfiguration
public class Application extends WebSecurityConfigurerAdapter{

    @Autowired
    OAuth2ClientContext oauth2ClientContext;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.antMatcher("/**")
        .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
    }


    public static void main(String[] args) {
        SpringApplication.run(
                Application.class, args);
    }

    private Filter ssoFilter() {
        OAuth2ClientAuthenticationProcessingFilter facebookFilter = new OAuth2ClientAuthenticationProcessingFilter("/login/facebook");
        OAuth2RestTemplate facebookTemplate = new OAuth2RestTemplate(facebook(), oauth2ClientContext);
        facebookFilter.setRestTemplate(facebookTemplate);
        facebookFilter.setTokenServices(new UserInfoTokenServices(facebookResource().getUserInfoUri(), facebook().getClientId()));
        return facebookFilter;
    }

    @Bean
    @ConfigurationProperties("facebook.client")
    OAuth2ProtectedResourceDetails facebook() {
        return new AuthorizationCodeResourceDetails();
    }

    @Bean
    @ConfigurationProperties("facebook.resource")
    ResourceServerProperties facebookResource() {
        return new ResourceServerProperties();
    }

    @Bean
    public FilterRegistrationBean oauth2ClientFilterRegistration(
            OAuth2ClientContextFilter filter) {
        FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setFilter(filter);
        registration.setOrder(-100);
        return registration;
    }

}

它有效。我可以登录并获得用户信息,如教程中所述。但是我不知道如何在登录之后以及在重定向到主页面之前找到用于存储用户详细信息的数据(如果用户不存在),并且如果存在则验证他的角色。

我该怎么做?

1 个答案:

答案 0 :(得分:2)

Yo可以将此类用于在登录后在数据库中存储用户详细信息。登录后执行 successfulAuthentication 

class OAuth2ClientAuthenticationProcessingAndSavingFilter extends OAuth2ClientAuthenticationProcessingFilter {

    public OAuth2ClientAuthenticationProcessingAndSavingFilter(String defaultFilterProcessesUrl) {
        super(defaultFilterProcessesUrl);
    }

    @Override
    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
            FilterChain chain, Authentication authResult) throws IOException, ServletException {
        super.successfulAuthentication(request, response, chain, authResult);

        SecurityContext context =  SecurityContextHolder.getContext();
    }
}

必须通过OAuth2ClientAuthenticationProcessingAndSavingFilter修改OAuth2ClientAuthenticationProcessingFilter 

private Filter ssoFilter() {
        OAuth2ClientAuthenticationProcessingAndSavingFilter facebookFilter = new OAuth2ClientAuthenticationProcessingAndSavingFilter("/login/facebook");
        OAuth2RestTemplate facebookTemplate = new OAuth2RestTemplate(facebook(), oauth2ClientContext);
        facebookFilter.setRestTemplate(facebookTemplate);
        facebookFilter.setTokenServices(new UserInfoTokenServices(facebookResource().getUserInfoUri(), facebook().getClientId()));
        return facebookFilter;
    }
相关问题
最新问题