当我从Android客户端访问用户信息时,如何实现从服务器获取当前用户信息时使用spring安全性

时间:2016-11-16 07:06:30

标签: java spring spring-security spring-security-oauth2

这是我登录后返回的JSON:

{
"access_token":"41208e01a-f26c-4167-9fc9-d16730022056",
 "token_type": "bearer",
 "refresh_token": "3808e00a-896c-8067-18c9-736730022032",
 "expires_in": 25348,
 "scope": "read write",
 "jti": "6f08e00a-d26c-4067-8fc9-c16730022028"
}

我想通过Android客户端使用此url:https://localhost:8080/user/getuserinfo?access_token=41208e01a-f26c-4167-9fc9-d16730022056获取当前用户信息,我的意思是如何在服务器上实现需求,这是我的配置:how can i use spring security & oauth2 to realize the purpose about redirecting to different login pages when user use different terminal browser?

1 个答案:

答案 0 :(得分:0)

我更改了我的Spring SecurityConfig,这里用于处理一些authorizeUrls:

@Configuration
@Order(ManagementServerProperties.ACCESS_OVERRIDE_ORDER)
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends GlobalAuthenticationConfigurerAdapter {
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
//doing jdbc Authentication
}

@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
super.configure(auth);
}
@Configuration
@Order(1)
public static class ClientSecurityConfigurationAdapter extends
    WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/mobile/**")
  .formLogin().loginPage("/client/login")
  .loginProcessingUrl("/oauth/login")
  .successHandler(clientLoginSuccessHandler).permitAll()
  .and()
  .logout()
  .logoutSuccessHandler(clientLogoutSuccessHandler)
  .logoutUrl("/client/logout")
  .logoutSuccessUrl("/client/login")
  .invalidateHttpSession(true);
}
}
@Configuration
@Order(2)
public static class WebSecurityConfigurerAdapter extends
    WebSecurityConfigurerAdapter {          
@Override
protected void configure(HttpSecurity http) throws Exception {
  http.regexMatcher("/((?!api).)*")
            .formLogin()
            .loginPage("/web/login")
            .loginProcessingUrl("/oauth/login")
            .successHandler(loginSuccessHandler)
            .permitAll()
            .and()
            .logout()
            .logoutSuccessHandler(logoutSuccessHandler)
            .logoutUrl("/web/logout")
            .logoutSuccessUrl("/web/login")
            .invalidateHttpSession(true);
  }
 }
}

并为句柄令牌验证问题添加ResourceServerConfig:

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

@Autowired
TokenStore tokenStore;

@Override
public void configure(HttpSecurity http) throws Exception {
    http.requestMatchers().antMatchers("/api/**").//
            and().authorizeRequests().antMatchers("/api/**",).authenticated();
}

@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
    resources.resourceId("openid").tokenStore(tokenStore);
}


}

最后,使用请求标头构建请求

"Authorization:Bearer <access_token>"