我正在尝试按照https://spring.io/guides/tutorials/spring-boot-oauth2/
中提到的示例在Spring安全性中实现facebook的Oauth2实现由于facebook现在只允许安全的应用程序作为Oauth2客户端,我通过在本地实施SSL证书也做了同样的事情。
My Spring应用程序类:
package com.example.demo;
import java.security.Principal;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@EnableOAuth2Sso
@SpringBootApplication
@RestController
public class SimpleApplication extends WebSecurityConfigurerAdapter {
@RequestMapping("/user")
public Principal user(Principal principal) {
return principal;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.antMatcher("/**")
.authorizeRequests().antMatchers("/", "/login**", "/webjars/**").permitAll()
.anyRequest().authenticated();
}
public static void main(String[] args) {
SpringApplication.run(SimpleApplication.class, args);
}
}
Application.yml:
server:
port: 8648
ssl:
key-store: classpath:mycert.p12
key-store-password: password
key-store-type: PKCS12
key-alias: myCertX
security:
oauth2:
client:
clientId: 169343663729045
clientSecret: ea31bd0eb13e9856097ed9d186a1276a
accessTokenUri: https://graph.facebook.com/oauth/access_token
userAuthorizationUri: https://www.facebook.com/dialog/oauth
tokenName: oauth_token
authenticationScheme: query
clientAuthenticationScheme: form
resource:
userInfoUri: https://graph.facebook.com/me
的index.html
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<title>Demo</title>
<meta name="description" content="" />
<meta name="viewport" content="width=device-width" />
<base href="/" />
<link rel="stylesheet" type="text/css"
href="/webjars/bootstrap/css/bootstrap.min.css" />
<script type="text/javascript" src="/webjars/jquery/jquery.min.js"></script>
<script type="text/javascript"
src="/webjars/bootstrap/js/bootstrap.min.js"></script>
</head>
<body>
<h1>Demo</h1>
<div class="container"></div>
<div class="container unauthenticated">
With Facebook: <a href="/secure">click here</a>
</div>
<div class="container authenticated" style="display: none">
Logged in as: <span id="user"></span>
</div>
<script type="text/javascript">
$.get("/user", function(data) {
$("#user").html(data.userAuthentication.details.name);
$(".unauthenticated").hide()
$(".authenticated").show()
});
</script>
</body>
</html>
当我启动应用程序时,打开index.html页面,点击facebook登录链接后,打开facebook页面,输入凭据然后在facebook重定向后,我收到此错误:www.facebook.com也重定向了你很多次。
我尝试更改网址,但它的响应仍然相同。
在我的脸书应用中,有效的OAuth重定向URI 设置为https://localhost:8648/login