Spring Security OAuth2 PrincipalExtractor不起作用

时间:2018-10-19 21:34:27

标签: java spring spring-security spring-security-oauth2

我只是尝试使用PrincipalExtractor将OAuth2用户登录数据保存到db(h2),但对我来说似乎不起作用。登录后,即使我注册了bean,PrincipalExtractor也没有任何反应。 数据库和身份验证工作正常。

application.yml(安全部分)

  security:
    oauth2:
      client:
        registration:
          discord:
            client-id: "secret"
            client-secret: "secret"
            clientAuthenticationMethod: post
            clientAuthenticationScheme: form
            authorizationGrantType: authorization_code
            scope:
              - identify
            redirectUriTemplate: "{baseUrl}/login/oauth2/code/discord"
            clientName: discordms
        provider:
          discord:
            authorizationUri: https://discordapp.com/api/oauth2/authorize
            tokenUri: https://discordapp.com/api/oauth2/token
            userInfoUri: https://discordapp.com/api/users/@me
            usernameAttribute: username

PrincipalExtractor类

public class DiscordPrincipalExtractor implements PrincipalExtractor {

  private final UserRepository userRepository;

  public DiscordPrincipalExtractor(UserRepository userRepository) {
    this.userRepository = userRepository;
  }

  @Override
  public Object extractPrincipal(Map<String, Object> map) {
    Optional<UserEntityImpl> user = this.userRepository.findById((long) map.get("id"));

    if (!user.isPresent()) {
      user = Optional.of(new UserBuilder()
          .withIdentifier((long) map.get("id"))
          .withUsername((String) map.get("username"))
          .withDiscriminator((int) map.get("discriminator"))
          .withAvatarHash((String) map.get("avatar"))
          .withLocale((String) map.get("locale"))
          .withAvatarUrl("https://cdn.discordapp.com/" + map.get("id") + "/" + map.get("avatar"))
          .withCreated(LocalDateTime.now())
          .withLastLogin(LocalDateTime.now())
          .build());
    } else {
      user.get().setLastLogin(LocalDateTime.now());
    }

    this.userRepository.save(user.get());

    return user.get();
  }

}

和安全配置类

@Configuration
public class SpringSecurityConfiguration extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http
        .oauth2Login()
        .loginPage("/login")
        .tokenEndpoint()
        .accessTokenResponseClient(new RestOAuth2AccessTokenResponseClient(this.restOperations()))
        .and()
        .userInfoEndpoint()
        .userService(new CustomOAuth2UserServiceImpl(this.restOperations()));
  }

  @Bean
  public PrincipalExtractor principalExtractor(UserRepository userRepository) {
    return new DiscordPrincipalExtractor(userRepository);
  }

  @Bean
  public RestOperations restOperations() {
    return new RestTemplate();
  }

}

0 个答案:

没有答案
相关问题
最新问题