Spring Security Facebook Oauth2重定向次数太多了

时间:2018-05-05 15:32:46

标签: spring facebook spring-boot oauth-2.0

我正在尝试按照https://spring.io/guides/tutorials/spring-boot-oauth2/

中提到的示例在Spring安全性中实现facebook的Oauth2实现

由于facebook现在只允许安全的应用程序作为Oauth2客户端,我通过在本地实施SSL证书也做了同样的事情。

My Spring应用程序类:

package com.example.demo;

import java.security.Principal;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@EnableOAuth2Sso
@SpringBootApplication
@RestController
public class SimpleApplication extends WebSecurityConfigurerAdapter {


    @RequestMapping("/user")
    public Principal user(Principal principal) {
        return principal;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf().disable()
            .antMatcher("/**")
            .authorizeRequests().antMatchers("/", "/login**", "/webjars/**").permitAll()  
                .anyRequest().authenticated();
    }

    public static void main(String[] args) {
        SpringApplication.run(SimpleApplication.class, args);
    }
  }

Application.yml:

server:
    port: 8648
    ssl:
      key-store: classpath:mycert.p12
      key-store-password: password
      key-store-type: PKCS12
      key-alias: myCertX

security:
  oauth2:
    client:
      clientId: 169343663729045
      clientSecret: ea31bd0eb13e9856097ed9d186a1276a
      accessTokenUri: https://graph.facebook.com/oauth/access_token
      userAuthorizationUri: https://www.facebook.com/dialog/oauth
      tokenName: oauth_token
      authenticationScheme: query
      clientAuthenticationScheme: form 
    resource:
      userInfoUri: https://graph.facebook.com/me

的index.html

<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<title>Demo</title>
<meta name="description" content="" />
<meta name="viewport" content="width=device-width" />
<base href="/" />
<link rel="stylesheet" type="text/css"
    href="/webjars/bootstrap/css/bootstrap.min.css" />
<script type="text/javascript" src="/webjars/jquery/jquery.min.js"></script>
<script type="text/javascript"
    src="/webjars/bootstrap/js/bootstrap.min.js"></script>
</head>
<body>
    <h1>Demo</h1>
    <div class="container"></div>
    <div class="container unauthenticated">
        With Facebook: <a href="/secure">click here</a>
    </div>
    <div class="container authenticated" style="display: none">
        Logged in as: <span id="user"></span>
    </div>

    <script type="text/javascript">
        $.get("/user", function(data) {
            $("#user").html(data.userAuthentication.details.name);
            $(".unauthenticated").hide()
            $(".authenticated").show()
        });
    </script>
</body>
</html>

当我启动应用程序时,打开index.html页面,点击facebook登录链接后,打开facebook页面,输入凭据然后在facebook重定向后,我收到此错误:www.facebook.com也重定向了你很多次。

我尝试更改网址,但它的响应仍然相同。

在我的脸书应用中,有效的OAuth重定向URI 设置为https://localhost:8648/login

0 个答案:

没有答案