自定义登录过程oauth2春季启动

时间:2020-06-25 08:44:34

标签: spring spring-boot spring-security oauth-2.0 spring-jdbc

我想在Spring Boot中获取授权代码之前对会话进行身份验证并保存。默认身份验证过程对我来说很好,但我想使用自定义的loginProcess URi和身份验证。有人可以帮我吗?

谢谢。

这是我的授权服务器配置 

 public class OAuth2AuthorizationServer extends AuthorizationServerConfigurerAdapter{
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private TokenStore tokenStore;
@Autowired
private UserDetailsServiceImpl userDetailsService;

@Autowired
private ClientDetailsServiceImpl clientDetailsService;

@Autowired
@Qualifier("dataSource")
private DataSource dataSource;

@Autowired
private AuthorizationEndpoint authorizationEndpoint;

@PostConstruct
public void init(){
    authorizationEndpoint.setUserApprovalPage("forward:/oauth/custom_confirm_access");
    authorizationEndpoint.setErrorPage("forward:/oauth/custom_error");
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
    security
            .tokenKeyAccess("permitAll()")
            .checkTokenAccess("permitAll()");
}

@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients.withClientDetails(clientDetailsService);
    clients.jdbc(dataSource);
}

@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

    endpoints.authenticationManager(authenticationManager);
    endpoints.tokenStore(this.tokenStore);
    endpoints.reuseRefreshTokens(false);
    endpoints.accessTokenConverter(accessTokenConverter());
    endpoints.userDetailsService(userDetailsService);
}
}

还有我的安全配置 

public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.requestMatchers()
            /**each urls and apis need to be authenticated goes here**/
            .antMatchers("/login", "/oauth/authorize","/user/**")
            .and()
            .authorizeRequests()
            .anyRequest()
            .authenticated()
            .and()
            .formLogin()
            .permitAll()
                .loginPage("/login")
                .loginProcessingUrl("/doLogin")

            .permitAll();
  }
}

和doLogin方法 

@Autowired
UserDao userDao;
@RequestMapping(value = "/doLogin",method = RequestMethod.POST)
public @ResponseBody
void doLogin(@ModelAttribute("user")User user,HttpServletRequest request){\
    User dbUser = userDao.findByUsername(user.getUserName());

    if(dbUser == null){
         //user not exist
        System.out.println("user not found");
    }else{
        if(dbUser.getPassword().equals(MD5Utils.hasPassword(user.getPassword()))){
            System.out.println("user exist");
        }else{
            System.out.println("user not found");
        }
    }
}

我想保存会话并重定向到ouath / orthize url

0 个答案:

没有答案
相关问题
最新问题