我有一个Angular的前端应用程序,该应用程序使用oauth2登录用户。
一旦用户登录,到后端(Spring Boot应用程序)的每个API请求都将在其中包含带有承载令牌的标头。
在后端,我希望它接收此标头并用它来调用security.oauth2.resource.user-info-uri=以获取用户详细信息。
我的最终目标是提取在后端中用于登录DDBB的用户名。
我尝试用WebSecurityConfigurerAdapter设置PrincipalExtractor,但似乎不起作用。
@Configuration
@EnableOAuth2Sso
public class OAuthConfiguration extends WebSecurityConfigurerAdapter {
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
configuration.setAllowedHeaders(Arrays.asList("content-type", "Authorization"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
@Bean
public PrincipalExtractor fixedPrincipalExtractor() {
return new FixedPrincipalExtractor();
}
@Bean
public AuthoritiesExtractor fixedAuthoritiesExtractor() {
return new FixedAuthoritiesExtractor();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().authorizeRequests().anyRequest().authenticated()
.and().csrf().disable();
}
}
此类属性:
#OAUTH Properties
#security.oauth2.client.clientId=xxxxxxx
#security.oauth2.client.clientSecret=xxxxxx
#security.oauth2.client.accessTokenUri=xxxxxxx
#security.oauth2.client.userAuthorizationUri=xxxxxxx
#security.oauth2.client.authenticationScheme=query
#security.oauth2.client.tokenName=authorization
#security.oauth2.client.clientAuthenticationScheme= form
security.oauth2.resource.user-info-uri=https://xxxxxxx/userinfo
spring.main.allow-bean-definition-overriding=true
我期望Spring Boot能够获取令牌的标头并将其用于对security.oauth2.resource.user-info-uri的调用,然后它将给我用户详细信息,主体拦截器会将其解码到Principal对象上。