这是我登录后返回的JSON:
{
"access_token":"41208e01a-f26c-4167-9fc9-d16730022056",
"token_type": "bearer",
"refresh_token": "3808e00a-896c-8067-18c9-736730022032",
"expires_in": 25348,
"scope": "read write",
"jti": "6f08e00a-d26c-4067-8fc9-c16730022028"
}
我想通过Android客户端使用此url:https://localhost:8080/user/getuserinfo?access_token=41208e01a-f26c-4167-9fc9-d16730022056获取当前用户信息,我的意思是如何在服务器上实现需求,这是我的配置:how can i use spring security & oauth2 to realize the purpose about redirecting to different login pages when user use different terminal browser?
答案 0 :(得分:0)
我更改了我的Spring SecurityConfig,这里用于处理一些authorizeUrls:
@Configuration
@Order(ManagementServerProperties.ACCESS_OVERRIDE_ORDER)
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends GlobalAuthenticationConfigurerAdapter {
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
//doing jdbc Authentication
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
super.configure(auth);
}
@Configuration
@Order(1)
public static class ClientSecurityConfigurationAdapter extends
WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/mobile/**")
.formLogin().loginPage("/client/login")
.loginProcessingUrl("/oauth/login")
.successHandler(clientLoginSuccessHandler).permitAll()
.and()
.logout()
.logoutSuccessHandler(clientLogoutSuccessHandler)
.logoutUrl("/client/logout")
.logoutSuccessUrl("/client/login")
.invalidateHttpSession(true);
}
}
@Configuration
@Order(2)
public static class WebSecurityConfigurerAdapter extends
WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.regexMatcher("/((?!api).)*")
.formLogin()
.loginPage("/web/login")
.loginProcessingUrl("/oauth/login")
.successHandler(loginSuccessHandler)
.permitAll()
.and()
.logout()
.logoutSuccessHandler(logoutSuccessHandler)
.logoutUrl("/web/logout")
.logoutSuccessUrl("/web/login")
.invalidateHttpSession(true);
}
}
}
并为句柄令牌验证问题添加ResourceServerConfig:
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Autowired
TokenStore tokenStore;
@Override
public void configure(HttpSecurity http) throws Exception {
http.requestMatchers().antMatchers("/api/**").//
and().authorizeRequests().antMatchers("/api/**",).authenticated();
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId("openid").tokenStore(tokenStore);
}
}
最后,使用请求标头构建请求
"Authorization:Bearer <access_token>"