我正在寻找一些样本或文章,以说明如何将spring social集成到我的微服务架构中,更具体地说是集成到我的授权服务器中。 Sommeone可以解释如何将Spring Social(Facebook和Google)添加到流程中吗?
正如我之前提到的,我正在使用angular作为前端应用程序,现在我正在处理密码流,用户输入他的用户名和密码并获得JWT令牌,此令牌在每个资源服务器中使用电话。这是我的安全配置和授权配置:
@EnableAuthorizationServer
@Configuration
public class ServersConfig extends AuthorizationServerConfigurerAdapter {
@Value("${security.oauth2.client-id}")
private String clientId;
@Value("${security.oauth2.signing-key}")
private String signingKey;
@Value("${security.oauth2.grant-type.password}")
private String grantTypePassword;
@Value("${security.oauth2.grant-type.authorization-code}")
private String grantTypeAuthorizationCode;
@Value("${security.oauth2.grant-type.refresh-token}")
private String grantTypeRefreshToken;
@Value("${security.oauth2.scope.web}")
private String scopeWeb;
@Value("${security.oauth2.scope.mobile}")
private String scopeMobile;
@Value("${security.oauth2.resources-ids.buy-sell}")
private String resourcesIdBuySell;
@Value("${security.oauth2.resources-ids.gateway}")
private String resourcesIdGateway;
@Value("${security.oauth2.resources-ids.upload}")
private String resourcesIdUpload;
@Value("${security.oauth2.access-token-validity-seconds}")
private String accessTokenValiditySeconds;
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey(signingKey);
return converter;
}
@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
@Bean
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
defaultTokenServices.setSupportRefreshToken(true);
return defaultTokenServices;
}
@Override
public void configure(ClientDetailsServiceConfigurer configurer) throws Exception {
configurer.inMemory().withClient(clientId).secret(signingKey).autoApprove(true)
.authorizedGrantTypes(grantTypeAuthorizationCode, grantTypePassword, grantTypeRefreshToken)
.scopes(scopeWeb, scopeMobile).resourceIds(resourcesIdBuySell, resourcesIdGateway, resourcesIdUpload);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(tokenStore()).accessTokenConverter(accessTokenConverter())
.authenticationManager(authenticationManager);
}
}
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public UserDetailsService userDetailsService() {
return new UserServiceImpl();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsServiceBean()).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/oauth/token", "/oauth/authorize", "/oauth/confirm_access").permitAll()
.anyRequest().authenticated().and().csrf().disable().cors().and()
.userDetailsService(userDetailsService());
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers(HttpMethod.OPTIONS);
}
}
答案 0 :(得分:0)
取决于您使用的OAuthServer。我个人使用的是IdentityServer的ASP.NET Core后端,它支持外部登录https://identityserver4.readthedocs.io/en/release/quickstarts/4_external_authentication.html
我也已经使用passwordJS http://www.passportjs.org/docs/
在nodeJS上进行了尝试这两个OAuthServer都支持facebook和google,您只需要根据从facebook或google接收到的数据对您的声明进行汇总即可。