用户注册和登录|使用Spring Security OAuth 2.0的SSO [英] User Registration & Login | SSO using Spring Security OAuth 2.0
问题描述
我正在尝试实施用户注册和登录流程|使用Spring Security Oauth 2.0和Google作为身份验证提供程序的SSO.
I am trying to implement user registration and log in flow | SSO using Spring Security Oauth 2.0 and Google as the authentication provider.
- 如何启动注册和登录流程?需要使用什么过滤器?
-
在注册流程中,我将需要用户信息(姓名,电子邮件)作为成功授权响应的一部分,并将其保存在本地数据库中.我该如何处理?
- How should I initiate registration and login flow? What filter needs to be applied?
In registration flow, I will needs user's details (name, email) that are part of successful authorization response, to be persisted in my local database. How do I handle that?
oauth2:client id ="oauth2ClientFilter"的目的是什么?
What's the purpose of oauth2:client id="oauth2ClientFilter" ?
这是我的应用程序上下文文件的外观:-
This is how my application context file looks like:-
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jdbc="http://www.springframework.org/schema/jdbc" xmlns:c="http://www.springframework.org/schema/c"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:oauth2="http://www.springframework.org/schema/security/oauth2"
xsi:schemaLocation="http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd
http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<!-- DispatcherServlet Context: defines this servlet's request-processing
infrastructure -->
<!-- Enables the Spring MVC @Controller programming model -->
<annotation-driven />
<!-- Handles HTTP GET requests for /resources/** by efficiently serving
up static resources in the ${webappRoot}/resources directory -->
<resources mapping="/resources/**" location="/resources/" />
<!-- Resolves views selected for rendering by @Controllers to .jsp resources
in the /WEB-INF/views directory -->
<beans:bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<beans:property name="prefix" value="/WEB-INF/views/" />
<beans:property name="suffix" value=".jsp" />
</beans:bean>
<context:component-scan base-package="com.samsoft.spring" />
<!-- ================================================== SECURITY START ================================================== -->
<security:http security="none" pattern="/" />
<security:http security="none" pattern="/resources/**" />
<security:global-method-security
secured-annotations="enabled" />
<security:http auto-config="true">
<security:intercept-url pattern="/**"
requires-channel="https" access="IS_AUTHENTICATED_FULLY" />
<security:custom-filter ref="oauth2ClientFilter"
after="EXCEPTION_TRANSLATION_FILTER" />
</security:http>
<oauth2:client id="oauth2ClientFilter" />
<oauth2:resource id="googleOauth2Resource" type="authorization_code"
client-id="530420474177-clientid.apps.googleusercontent.com"
client-secret="client-secret-here" access-token-uri="https://accounts.google.com/o/oauth2/token"
user-authorization-uri="https://accounts.google.com/o/oauth2/auth"
scope="https://www.googleapis.com/auth/calendar"
client-authentication-scheme="form"
pre-established-redirect-uri="https://ohad.sealdoc.com/oauth2-client/hello" />
<oauth2:rest-template id="googleOauthRestTemplate"
resource="googleOauth2Resource" />
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="test" authorities="ROLE_USER" password="test"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
<!-- ================================================== SECURITY END ================================================== -->
编辑
我确实通过以下方式使用Spring Security OpenID实现了相同的用例:-
I did implemented same use case using Spring Security OpenID by:-
- 声明已配置交换属性的openid:form标记
- 按照此处中所述扩展UserDetailsService. .
- Declaring openid:form tag with exchange attributed configured
- Extend the UserDetailsService as described here.
我正在寻找Oauth 2.0的等效配置.
I am looking for equivalent configuration for Oauth 2.0.
推荐答案
您是否已在Google中注册了客户端应用程序?这就是oAuth2的工作方式...客户端应在提供程序中注册,并获取客户端ID和客户端密码.在您的XML中,似乎您没有注册:
did you register your client-app in Google? this is how oAuth2 works... the client should be registered in the provider, and get a client ID and client secret. in your XML, it seems like you did not register:
client-secret="client-secret-here"
请阅读 Google oAuth2文档
更新
关于您的更新问题,我认为您看到的行为是由于您的应用程序应该允许您在security.xml文件中应允许访问"/oauth2/google" 这一事实.
As for your updated question, I think that the behavior that you see is due to the fact that your application should allow access to "/oauth2/google", in your security.xml file.
这篇关于用户注册和登录|使用Spring Security OAuth 2.0的SSO的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!