我想在Spring Boot中获取授权代码之前对会话进行身份验证并保存。默认身份验证过程对我来说很好,但我想使用自定义的loginProcess URi和身份验证。有人可以帮我吗?
谢谢。
这是我的授权服务器配置
public class OAuth2AuthorizationServer extends AuthorizationServerConfigurerAdapter{
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private TokenStore tokenStore;
@Autowired
private UserDetailsServiceImpl userDetailsService;
@Autowired
private ClientDetailsServiceImpl clientDetailsService;
@Autowired
@Qualifier("dataSource")
private DataSource dataSource;
@Autowired
private AuthorizationEndpoint authorizationEndpoint;
@PostConstruct
public void init(){
authorizationEndpoint.setUserApprovalPage("forward:/oauth/custom_confirm_access");
authorizationEndpoint.setErrorPage("forward:/oauth/custom_error");
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security
.tokenKeyAccess("permitAll()")
.checkTokenAccess("permitAll()");
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.withClientDetails(clientDetailsService);
clients.jdbc(dataSource);
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
endpoints.tokenStore(this.tokenStore);
endpoints.reuseRefreshTokens(false);
endpoints.accessTokenConverter(accessTokenConverter());
endpoints.userDetailsService(userDetailsService);
}
}
还有我的安全配置
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.requestMatchers()
/**each urls and apis need to be authenticated goes here**/
.antMatchers("/login", "/oauth/authorize","/user/**")
.and()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.formLogin()
.permitAll()
.loginPage("/login")
.loginProcessingUrl("/doLogin")
.permitAll();
}
}
和doLogin方法
@Autowired
UserDao userDao;
@RequestMapping(value = "/doLogin",method = RequestMethod.POST)
public @ResponseBody
void doLogin(@ModelAttribute("user")User user,HttpServletRequest request){\
User dbUser = userDao.findByUsername(user.getUserName());
if(dbUser == null){
//user not exist
System.out.println("user not found");
}else{
if(dbUser.getPassword().equals(MD5Utils.hasPassword(user.getPassword()))){
System.out.println("user exist");
}else{
System.out.println("user not found");
}
}
}
我想保存会话并重定向到ouath / orthize url