我们设法使用Spring Cloud OAuth2设置Web应用程序,该应用程序通过遵循this示例源代码实现来自Facebook和Google等不同身份提供商的单点登录。
计划拥有我们自己的身份验证/授权服务器,我们提供了自己的UserDetails和GrantedAuthority,我们将用户的Facebook和Google关联起来。我们还拥有除ROLE_USER以外的一组用户权限。
我们根据用户的角色(我们使用@RolesAllowed)保护我们的业务方法。当用户使用他们的Facebook和Google帐户登录时,只会添加ROLE_USER作为他们的作者。我想知道如何在签名到外部身份提供者时从关联用户的GrantedAuthority添加我们自己的用户权限,但我发现这可以使用AuthoritiesExtractor完成,但找不到具体的就此而言。
答案 0 :(得分:1)
我可以使用AuthoritiesExtractor修改/设置权限,UserInfoTokenServices设置为 NSString* msg = [NSString stringWithFormat:@"<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"
"<soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\">\n"
"<soap:Body>\n"
"<login xmlns=\"http://aksha/app/\">\n"
"<Lng>%@</Lng>\n"
"<IMEI>%@</IMEI>\n"
"<Version>%@</Version>\n"
"</login>\n"
"</soap:Body>\n"
"</soap:Envelope>\n",lon,@"0",devicetype,lat,@"uTgQLrznrZY6z7m17SFqnA==",@"EvSNUlJbFToEsjPmN09UYQ==",@"0",@"0",@"0",@"0",@"0",@"0",@"0",@"0",uniqueIdentifier,version];
NSString *messageLength = [NSString stringWithFormat:@"%lu", (unsigned long)[msg length]];
[MBProgressHUD showHUDAddedTo:self.view animated:YES];
NSURL *requestURL = [NSURL URLWithString:URL];
NSMutableURLRequest *theRequest = [NSMutableURLRequest requestWithURL:requestURL cachePolicy:NSURLRequestReloadIgnoringLocalCacheData timeoutInterval:30];
[theRequest addValue:Host forHTTPHeaderField:@"Host"];
[theRequest addValue:@"text/xml; charset=utf-8" forHTTPHeaderField:@"Content-Type"];
[theRequest addValue:@"http://aksmala_idoc/login" forHTTPHeaderField:@"SOAPAction"];
[theRequest addValue:messageLength forHTTPHeaderField:@"Content-Length"];
[theRequest setHTTPMethod:@"POST"];
[theRequest setHTTPBody:[msg dataUsingEncoding:NSUTF8StringEncoding]];
// sending the request
AFHTTPRequestOperation *operation = [[AFHTTPRequestOperation alloc] initWithRequest:theRequest];
operation.responseSerializer = [AFHTTPResponseSerializer serializer];
[operation setCompletionBlockWithSuccess:^(AFHTTPRequestOperation *operation, id responseObject) {
NSString *xml = [[NSString alloc] initWithData:responseObject encoding:NSUTF8StringEncoding];
[MBProgressHUD hideHUDForView:self.view animated:YES];
NSLog(@"Take the data master Yoda: %@", xml);
NSError *parseError;
NSDictionary *xmlDictionary = [XMLReader dictionaryForXMLString:xml error:parseError];
NSLog(@" %@", xmlDictionary);
NSDictionary*dict=[xmlDictionary valueForKey:@"soap:Envelope"];
NSDictionary*dict1=[dict valueForKey:@"soap:Body"];
NSDictionary*dict2=[dict1 valueForKey:@"LoginResponse"];
NSDictionary*dict3=[dict2 valueForKey:@"LoginResult"];
// NSArray*textstring=[dict3 valueForKey:@"text"];
/*
NSData *data1 = [[dict3 valueForKey:@"text"] dataUsingEncoding:NSUTF8StringEncoding];
NSArray* json = [NSJSONSerialization JSONObjectWithData:data1 options:0 error:nil];
NSDictionary*datadict=[json objectAtIndex:0];
NSString*roleid=[datadict valueForKey:@"role_id"];
//NSString* emp_id = [FBEncryptorAES decryptBase64String:empid keyString:@"5TGB&YHN7UJM(IK<"];
NSString* role_id = [FBEncryptorAES decryptBase64String:roleid keyString:@"5TGB&YHN7UJM(IK<"];
*/
} failure:^(AFHTTPRequestOperation *operation, NSError * error) {
NSLog(@"%@", error.description);
[MBProgressHUD hideHUDForView:self.view animated:YES];
UIAlertView*alert=[[UIAlertView alloc]initWithTitle:@"Error" message:@"Wrong Userid or Password" delegate:nil cancelButtonTitle:@"Ok" otherButtonTitles:nil, nil];
[alert show];
}];
[[NSOperationQueue mainQueue] addOperation:operation];
。