如何在Google Oauth2.0中使用Spring HeaderHttpSessionIdResolver?

时间:2018-10-28 17:10:00

标签: spring-boot session http-headers spring-security-oauth2 google-oauth2

我试图编写一个使用Oauth2和Google OpenID进行登录的Spring Boot应用程序,但我不想使用cookie来跟踪会话,而是希望使用auth标头(X-auth或Authentication-info)来跟踪它。 / p>

此刻我正在使用JDBC持久化会话,并且在使用cookie时登录可以完美运行,但是一旦我告诉spring使用auth-headers,Oauth进程就会开始失败。

这显然是失败的,因为没有将适当的会话信息传递到Google或从Google返回。我的登录过程产生3个“会话”

  1. 用户首次尝试访问该页面并获取登录页面时
  2. 从Google返回令牌响应时。该会话指示“ authorization_request_not_found”错误
  3. 将用户重定向到登录页面时。

关于会话的一些信息似乎正在传递给Google,或从Google返回,但会话ID的运行情况正确

对Google身份验证的请求是:

 https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=1111111111111-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com&scope=openid%20profile%20email&state=NGW6kTxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%3D&redirect_uri=http://localhost.com:9733/login/oauth2/code/google

从Google身份验证回调:

 http://localhost:9733/login/oauth2/code/google?state=NGW6kTxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%3D&code=4/xxxx_xxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&scope=openid+email+profile+https://www.googleapis.com/auth/userinfo.profile+https://www.googleapis.com/auth/plus.me+https://www.googleapis.com/auth/userinfo.email&authuser=0&session_state=6ee92xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx..2618&prompt=none

这是有关spring config的一些信息。

SecurityConfig.java 

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .anyRequest().authenticated()
            .and()
            .oauth2Login().and().logout().logoutSuccessUrl("/");
    }


}

HttpSessionConfig.java 

@Configuration
@EnableJdbcHttpSession
public class HttpSessionConfig extends 
AbstractHttpSessionApplicationInitializer {
    @Bean
    public HttpSessionStrategy httpSessionStrategy() {
        return new HeaderHttpSessionStrategy();
    }

    @Bean
    public HttpSessionIdResolver httpSessionIdResolver() {
        return HeaderHttpSessionIdResolver.authenticationInfo();
    }

}

application.propererties 

spring.security.oauth2.client.registration.google.client-id=xxxx.apps.googleusercontent.com
spring.security.oauth2.client.registration.google.client- 
secret=xxxxxxxxx-xxxxx


server.servlet.session.persistent=true
spring.session.store-type=jdbc
spring.session.jdbc.initialize-schema=always

0 个答案:

没有答案
相关问题
最新问题