无状态Spring JWT应用程序+ EnableOAuth2Client [英] Stateless Spring JWT Application + EnableOAuth2Client

问题描述

对于这个解决方案，我有50多个小时的工作时间，将不胜感激.

I'm 50+ hours deep on this solution and would appreciate any input.

我有一个使用Angular + Spring + JWT无状态身份验证(myApp)的JHipster 4.x生成的应用程序.我正在为一个经过身份验证的myApp用户连接一个第三方OAuth 2接口(battle.net)，以使其与Battle.net进行OAuth交互，以便我们可以证明他们拥有Battle.net帐户并提取其Battle.net用户ID，以便将这些帐户链接到myApp.因此，JWT向南，OAuth2向北.

I have a JHipster 4.x generated application using Angular + Spring + JWT stateless authentication (myApp). I am wiring up a 3rd party OAuth 2 interface (battle.net) for authenticated myApp users to OAuth against battle.net so we can prove they own the battle.net account and pull their battle.net user id so the accounts are linked in myApp. So JWT southbound, OAuth2 northbound.

JWT可以正常工作，而OAuth似乎可以正常工作.我之所以努力，是因为myApp使用无状态的JWT令牌，而Spring @ EnableOAuth2Client使用JSESSIONID，而且我似乎无法将两者结合在一起，因此我可以将Battle.net调用返回的数据关联到myApp Principal. Battle.net在成功通过身份验证后会使用回调URL，我可以在myApp PrincipalExtractor和myApp AuthenticationSuccessHandler中看到有效数据，但是由于没有提供JWT令牌，因此无法将Battle.net数据链接到myApp用户.

JWT works fine and OAuth appears to work fine. I am struggling because myApp uses a stateless JWT token and Spring @EnableOAuth2Client uses JSESSIONID, and I can't seem to bring the two together so I can relate data returned from the battle.net calls to the myApp Principal. battle.net uses a callback URL upon successful authentication, and I can see valid data in both myApp PrincipalExtractor as well as myApp AuthenticationSuccessHandler, but as there is no JWT token supplied, I have no way to link the battle.net data to the myApp user.

**用户启动OAuth **

** User Initiates OAuth **

用户-JWT-> myApp/login/battlenet-> Battle.net/oauth/*

User -- JWT --> myApp /login/battlenet --> battle.net /oauth/*

** Battle.net回调成功**

** battle.net Callback Success **

battle.net-> myApp/callback/battlenet-这是很好的战网数据，但没有JWT令牌，因此Principal是匿名用户.

battle.net --> myApp /callback/battlenet - This is good battlenet data but no JWT token so Principal is anonymousUser.

我看到& redirectUri = xxx& response_type = yyy& code = xxx"是在"/oauth/authorize"请求中传递给Battle.net的.是否有一种方法可以将OAuth2规范中使用@ EnableOAuth2Client的回调数据返回的链接数据传递给Battle.net?我认为这可以解决我的问题.

I see '&redirectUri=xxx&response_type=yyy&code=xxx' being passed to battle.net on the '/oauth/authorize' request. Is there a way to pass linking data to battle.net that is returned on the callback per the OAuth2 spec with @EnableOAuth2Client? I think that would solve my problem.

spring-core-4.3.13 spring-boot-starter-security-1.5.9 春季安全核心-4.2.4 spring-security-oauth2-2.0.14

spring-core-4.3.13 spring-boot-starter-security-1.5.9 spring-security-core-4.2.4 spring-security-oauth2-2.0.14

谢谢！

推荐答案

我找到了一种传递链接数据的方法.我希望它可以帮助其他人. :)

I found a way to pass linking data. I hope it helps someone else. :)

@Bean
public OAuth2ClientContextFilter oauth2ClientContextFilter() {
    OAuth2ClientContextFilter oauth2ClientContextFilter = new OAuth2ClientContextFilter();
    oauth2ClientContextFilter.setRedirectStrategy(new BMAOAuthRedirectStrategy());
    return oauth2ClientContextFilter;
}

class BMAOAuthRedirectStrategy extends DefaultRedirectStrategy {
    @Override
    public void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url) throws IOException {
        url = url.concat("&bma_uuid=MY_LINKING_DATA");
        String redirectUrl = calculateRedirectUrl(request.getContextPath(), url);
        redirectUrl = response.encodeRedirectURL(redirectUrl);
        if (logger.isDebugEnabled()) {
            logger.debug("Custom BMA SecurityConfiguration Redirecting to '" + redirectUrl + "'");
        }
        response.sendRedirect(redirectUrl);
    }
}

这篇关于无状态Spring JWT应用程序+ EnableOAuth2Client的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！